A DLL hijacking vulnerability exists in Schneider Electric's SoMove Software and associated DTM software components in all versions prior to 2.6.2 which could allow an attacker to execute arbitrary code.
oryginał ENCVSS Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HSchneider Electric Atv12 Dtm
APPSchneider-Electric< 12.7.0Schneider Electric Atv212 Dtm
APPSchneider-Electric< 12.7.0Schneider Electric Atv312 Dtm
APPSchneider-Electric< 12.7.0Schneider Electric Atv31 Dtm
APPSchneider-Electric< 12.7.0Schneider Electric Atv320 Dtm
APPSchneider-Electric< 1.1.6Schneider Electric Atv32 Dtm
APPSchneider-Electric< 12.7.0Schneider Electric Atv340 Dtm
APPSchneider-Electric< 1.2.3Schneider Electric Atv600 Dtm
APPSchneider-Electric< 1.8.0Schneider Electric Atv61 Dtm
APPSchneider-Electric< 12.7.0Schneider Electric Atv71 Dtm
APPSchneider-Electric< 12.7.0Schneider Electric Atv900 Dtm
APPSchneider-Electric< 1.3.5Schneider Electric Atv Lift Dtm
APPSchneider-Electric< 12.7.0Schneider Electric Somove
APPSchneider-Electric< 2.6.2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Powiązane podatności
CVE-2020-7527HIGH7.8ten sam produkt
Incorrect Default Permission vulnerability exists in SoMove (V2.8.1) and prior which could cause elevation of ...
CVE-2014-9200HIGH7.5ten sam produkt
Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pr...
CVE-2013-0662HIGH9.3ten sam produkt
Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through...
CVE-2018-7841CRITICAL9.8⚠ KEVten sam vendor
A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unw...
CVE-2024-10575CRITICAL10.0PL ✓ten sam vendor
Brak autoryzacji w Schneider Electric EcoStruxure IT Gateway (CVSS 10.0)