Detections
Analytics

Generex UPS Adapter CS141 Improper Limitation of a Pathname to a Restricted Directory (CVE-2020-11420)

medium Tenable OT Security Plugin ID 503966

Synopsis

The remote OT asset is affected by a vulnerability.

Description

UPS Adapter CS141 before 1.90 allows Directory Traversal. An attacker with Admin or Engineer login credentials could exploit the vulnerability by manipulating variables that reference files and by doing this achieve access to files and directories outside the web root folder. An attacker may access arbitrary files and directories stored in the file system, but integrity of the files are not jeopardized as attacker have read access rights only.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

See Also

http://www.nessus.org/u?290a3fef

http://www.nessus.org/u?dc778b65

https://www.generex.de/support/changelogs/cs141/page:2

Plugin Details

Severity: Medium

ID: 503966

Version: 1.2

Type: remote

Family: Tenable.ot

Published: 11/13/2025

Updated: 11/13/2025

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS Score Source: CVE-2020-11420

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Vulnerability Information

CPE: cpe:/o:generex:cs141_firmware

Required KB Items: Tenable.ot/Generex

Exploit Ease: No known exploits are available

Patch Publication Date: 4/27/2020

Vulnerability Publication Date: 4/27/2020

Reference Information

CVE: CVE-2020-11420

CWE: 22