CVE-2020-10626
published 2020-05-14CVE-2020-10626: In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled search path element vulnerability could allow a malicious DLL file with the same name of any…
high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled search path element vulnerability could allow a malicious DLL file with the same name of any resident DLLs inside the software installation to execute arbitrary code.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fazecast | jserialcomm | <= 2.2.2 | — |
| schneider-electric | ecostruxure_it_gateway | — | — |
| schneider-electric | ecostruxure_it_gateway | 1.5.0.66 – 1.5.2.28 | — |
| schneider-electric | ecostruxure_it_gateway | 1.6.0.39 – 1.6.2.14 | — |