Relative path traversal in Setelsa Security ConacWin CB

Posted date 13/07/2023
4 - High
Affected Resources

ConacWin CB, versions and earlier.


INCIBE has coordinated the publication of a vulnerability affecting Setelsa Security ConacWin CB, an access control platform, which has been discovered by Agustín Picazo (Black Giraffe).

The following code has been assigned to this vulnerability:


  • CVSS v3.1 base score: 7.5.
  • CVSS vector string: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
  • Vulnerability type: CWE-23: Relative Path Traversal.

Setelsa Security has released version, which resolves the reported vulnerability.


CVE-2023-3512: relative path traversal vulnerability in Setelsa Security's ConacWin CB, the exploitation of which could allow an attacker to perform an arbitrary download of files from the system via the "Download file" parameter.

References list