7.8
CVE-2018-7239
- EPSS 0.25%
- Published 09.03.2018 23:29:00
- Last modified 21.11.2024 04:11:51
- Source cybersecurity@se.com
- Teams watchlist Login
- Open Login
A DLL hijacking vulnerability exists in Schneider Electric's SoMove Software and associated DTM software components in all versions prior to 2.6.2 which could allow an attacker to execute arbitrary code.
Data is provided by the National Vulnerability Database (NVD)
Schneider-electric ≫ Atv Lift Dtm Version < 12.7.0
Schneider-electric ≫ Atv12 Dtm Version < 12.7.0
Schneider-electric ≫ Atv212 Dtm Version < 12.7.0
Schneider-electric ≫ Atv31 Dtm Version < 12.7.0
Schneider-electric ≫ Atv312 Dtm Version < 12.7.0
Schneider-electric ≫ Atv32 Dtm Version < 12.7.0
Schneider-electric ≫ Atv320 Dtm Version < 1.1.6
Schneider-electric ≫ Atv340 Dtm Version < 1.2.3
Schneider-electric ≫ Atv600 Dtm Version < 1.8.0
Schneider-electric ≫ Atv61 Dtm Version < 12.7.0
Schneider-electric ≫ Atv71 Dtm Version < 12.7.0
Schneider-electric ≫ Atv900 Dtm Version < 1.3.5
Schneider-electric ≫ Somove Version < 2.6.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.25% | 0.481 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-426 Untrusted Search Path
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.