HIGH🇬🇧 English

CVE-2018-7239

CVSS 7.8v3.0pub. 2018-03-09upd. 2024-11-21

A DLL hijacking vulnerability exists in Schneider Electric's SoMove Software and associated DTM software components in all versions prior to 2.6.2 which could allow an attacker to execute arbitrary code.

oryginał EN
CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Schneider Electric Atv12 Dtm

    APP
    Schneider-Electric
    < 12.7.0
  • Schneider Electric Atv212 Dtm

    APP
    Schneider-Electric
    < 12.7.0
  • Schneider Electric Atv312 Dtm

    APP
    Schneider-Electric
    < 12.7.0
  • Schneider Electric Atv31 Dtm

    APP
    Schneider-Electric
    < 12.7.0
  • Schneider Electric Atv320 Dtm

    APP
    Schneider-Electric
    < 1.1.6
  • Schneider Electric Atv32 Dtm

    APP
    Schneider-Electric
    < 12.7.0
  • Schneider Electric Atv340 Dtm

    APP
    Schneider-Electric
    < 1.2.3
  • Schneider Electric Atv600 Dtm

    APP
    Schneider-Electric
    < 1.8.0
  • Schneider Electric Atv61 Dtm

    APP
    Schneider-Electric
    < 12.7.0
  • Schneider Electric Atv71 Dtm

    APP
    Schneider-Electric
    < 12.7.0
  • Schneider Electric Atv900 Dtm

    APP
    Schneider-Electric
    < 1.3.5
  • Schneider Electric Atv Lift Dtm

    APP
    Schneider-Electric
    < 12.7.0
  • Schneider Electric Somove

    APP
    Schneider-Electric
    < 2.6.2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2020-7527HIGH7.8ten sam produkt

Incorrect Default Permission vulnerability exists in SoMove (V2.8.1) and prior which could cause elevation of ...

CVE-2014-9200HIGH7.5ten sam produkt

Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pr...

CVE-2013-0662HIGH9.3ten sam produkt

Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through...

CVE-2018-7841CRITICAL9.8⚠ KEVten sam vendor

A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unw...

CVE-2024-10575CRITICAL10.0PL ✓ten sam vendor

Brak autoryzacji w Schneider Electric EcoStruxure IT Gateway (CVSS 10.0)