The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload files to arbitrary locations.
An attacker sends a crafted SOAP request to the importFile method, containing path traversal sequences (e.g., '../') in the parameter specifying the target file path. The path verification mechanism is insufficient, allowing escape from the permitted directory and file writing to any location in the file system. The operation does not require any authentication — the vulnerability is remotely accessible over the network.
An attacker can write arbitrary files to critical locations in the operating system, which may lead to system compromise, malicious code execution, or violation of data integrity and confidentiality.
Apply patches available from the vendor according to the references (VDE-2025-060 guide available at: https://sauter.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-060.json). Until updates are applied, it is recommended to restrict network access to the SOAP interface exclusively to trusted hosts.
Versions indicated in the vendor's references (VDE-2025-060 security advisory concerning Sauter products).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H