CVE-2019-6825

CWE-4273 documents3 sources
Severity
7.8HIGH
EPSS
0.5%
top 34.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Schneider-electric ProclimaProclima Proclima ALL Versions Prior TO Version 8.0.0
Timeline
PublishedJul 15
Latest updateMay 24

Description

A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow a malicious DLL file, with the same name of any resident DLLs inside the software installation, to execute arbitrary code in all versions of ProClima prior to version 8.0.0.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5proclima/proclima_all_versions_prior_to_version_8.0.0ProClima all versions prior to version 8.0.0

🔴Vulnerability Details

2
GHSA
GHSA-fvg2-944m-v7hq: A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProClima (all versions prior to version 82022-05-24
CVEList
CVE-2019-6825: A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProClima (all versions prior to version 82019-07-15
CVE-2019-6825 (HIGH CVSS 7.8) | A CWE-427: Uncontrolled Search Path | cvebase.io