CVE-2025-13791 is a path traversal vulnerability identified in Scada-LTS, an open-source SCADA (Supervisory Control and Data Acquisition) platform widely used for industrial control systems. The vulnerability exists in the Common.getHomeDir function of the ZIPProjectManager.java file, which is part of the project import component. This flaw allows an attacker to manipulate file path inputs to traverse directories outside the intended scope, potentially accessing or overwriting arbitrary files on the host system. The vulnerability can be exploited remotely without requiring user interaction or elevated privileges beyond low-level access, making it easier for attackers to leverage. The CVSS 4.0 score of 5.3 reflects a medium severity, considering the attack vector is network-based with low complexity and no authentication required, but with limited impact on confidentiality, integrity, and availability. The vendor has not responded to disclosure requests, and no official patches are currently available, though a public exploit exists. This increases the urgency for organizations to implement compensating controls. The vulnerability could be leveraged to read sensitive configuration files, disrupt system operations, or facilitate further attacks within industrial environments. Given the critical role of SCADA systems in infrastructure, this vulnerability poses a tangible risk to operational technology environments.

The vulnerability can lead to unauthorized disclosure of sensitive files, potentially exposing configuration data, credentials, or operational details critical to industrial control systems. Attackers could also modify or replace files, impacting system integrity and potentially causing denial of service or operational disruptions. Since SCADA systems often control critical infrastructure such as energy grids, water treatment, and manufacturing, exploitation could have cascading effects on public safety and economic stability. The lack of authentication and remote exploitability broadens the attack surface, increasing risk especially in environments where network segmentation or access controls are weak. Although no active exploitation in the wild is currently reported, the availability of a public exploit increases the likelihood of future attacks. Organizations worldwide relying on Scada-LTS for industrial control are at risk of operational disruption, data leakage, and potential safety hazards.

1. Immediately restrict network access to Scada-LTS project import interfaces by implementing strict firewall rules and network segmentation to limit exposure to trusted hosts only. 2. Monitor logs and network traffic for unusual file access patterns or attempts to exploit path traversal, using intrusion detection systems tailored for SCADA environments. 3. Implement application-layer input validation and sanitization to enforce strict file path constraints, preventing traversal sequences such as '../'. 4. Deploy host-based file integrity monitoring to detect unauthorized changes to critical files. 5. If possible, run Scada-LTS with least privilege, ensuring the service account has minimal file system permissions to limit damage from exploitation. 6. Engage with the vendor or community to obtain patches or updates; if unavailable, consider contributing or applying custom patches to fix the vulnerable function. 7. Develop and test incident response plans specific to SCADA environments to quickly address potential exploitation. 8. Educate operational technology personnel about this vulnerability and the importance of maintaining strict access controls and monitoring.