CVE-2018-7239 — Untrusted Search Path in Atv12 DTM

CWE-426 — Untrusted Search Path3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.5%

top 36.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Atv12 DTM Schneider-electric Atv212 DTM Schneider-electric Atv312 DTM +11 more

Timeline

PublishedMar 9

Latest updateMay 14

Description

A DLL hijacking vulnerability exists in Schneider Electric's SoMove Software and associated DTM software components in all versions prior to 2.6.2 which could allow an attacker to execute arbitrary code.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages14 packages

▶NVDschneider-electric/somove< 2.6.2

▶CVEListV5schneider_electric_se/somoven/a

▶NVDschneider-electric/atv12_dtm< 12.7.0

▶NVDschneider-electric/atv31_dtm< 12.7.0

▶NVDschneider-electric/atv32_dtm< 12.7.0

🔴Vulnerability Details

GHSA

GHSA-98p4-3pv5-4m4w: A DLL hijacking vulnerability exists in Schneider Electric's SoMove Software and associated DTM software components in all versions prior to 2↗2022-05-14

▶

CVEList

CVE-2018-7239: A DLL hijacking vulnerability exists in Schneider Electric's SoMove Software and associated DTM software components in all versions prior to 2↗2018-03-09

▶