Vulnerabilites related to schneider-electric - ecostruxure_it_gateway
cve-2020-10626
Vulnerability from cvelistv5
Published
2020-05-14 15:52
Modified
2024-08-04 11:06
Severity ?
EPSS score ?
Summary
In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled search path element vulnerability could allow a malicious DLL file with the same name of any resident DLLs inside the software installation to execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.us-cert.gov/ics/advisories/ICSA2012601 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Fazecast jSerialComm, Version 2.2.2 and prior |
Version: Fazecast jSerialComm, Version 2.2.2 and prior |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:06:10.152Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.us-cert.gov/ics/advisories/ICSA2012601", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Fazecast jSerialComm, Version 2.2.2 and prior", vendor: "n/a", versions: [ { status: "affected", version: "Fazecast jSerialComm, Version 2.2.2 and prior", }, ], }, ], descriptions: [ { lang: "en", value: "In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled search path element vulnerability could allow a malicious DLL file with the same name of any resident DLLs inside the software installation to execute arbitrary code.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-427", description: "UNCONTROLLED SEARCH PATH ELEMENT CWE-427", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-05-14T15:52:13", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.us-cert.gov/ics/advisories/ICSA2012601", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "ics-cert@hq.dhs.gov", ID: "CVE-2020-10626", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Fazecast jSerialComm, Version 2.2.2 and prior", version: { version_data: [ { version_value: "Fazecast jSerialComm, Version 2.2.2 and prior", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled search path element vulnerability could allow a malicious DLL file with the same name of any resident DLLs inside the software installation to execute arbitrary code.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "UNCONTROLLED SEARCH PATH ELEMENT CWE-427", }, ], }, ], }, references: { reference_data: [ { name: "https://www.us-cert.gov/ics/advisories/ICSA2012601", refsource: "MISC", url: "https://www.us-cert.gov/ics/advisories/ICSA2012601", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2020-10626", datePublished: "2020-05-14T15:52:13", dateReserved: "2020-03-16T00:00:00", dateUpdated: "2024-08-04T11:06:10.152Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-0865
Vulnerability from cvelistv5
Published
2024-06-12 17:23
Modified
2024-08-01 18:18
Severity ?
EPSS score ?
Summary
CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege
escalation when logged in as a non-administrative user.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Schneider Electric | EcoStruxure IT Gateway |
Version: 1.20.x and prior |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:schneider-electric:ecostruxure_it_gateway:0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ecostruxure_it_gateway", vendor: "schneider-electric", versions: [ { lessThan: "1.20.x", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-0865", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-12T19:59:08.710375Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-12T20:04:39.540Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T18:18:18.824Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-044-03.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "EcoStruxure IT Gateway", vendor: "Schneider Electric", versions: [ { status: "affected", version: "1.20.x and prior", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege\nescalation when logged in as a non-administrative user.", }, ], value: "CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege\nescalation when logged in as a non-administrative user.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-798", description: "CWE-798 Use of Hard-coded Credentials", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-12T17:23:00.908Z", orgId: "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", shortName: "schneider", }, references: [ { url: "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-044-03.pdf", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", assignerShortName: "schneider", cveId: "CVE-2024-0865", datePublished: "2024-06-12T17:23:00.908Z", dateReserved: "2024-01-24T17:18:07.117Z", dateUpdated: "2024-08-01T18:18:18.824Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-10575
Vulnerability from cvelistv5
Published
2024-11-13 04:35
Modified
2024-11-13 15:14
Severity ?
10.0 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:L/SA:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS score ?
Summary
CWE-862: Missing Authorization vulnerability exists that could cause unauthorized access when enabled on
the network and potentially impacting connected devices.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Schneider Electric | EcoStruxure IT Gateway |
Version: Version 1.21.0.6 Version: Version 1.22.0.3 Version: Version 1.22.1.5 Version: Version 1.23.0.4 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:schneider-electric:ecostruxure_it_gateway:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ecostruxure_it_gateway", vendor: "schneider-electric", versions: [ { status: "affected", version: "1.21.0.6", }, { status: "affected", version: "1.22.0.3", }, { status: "affected", version: "1.22.1.5", }, { status: "affected", version: "1.23.0.4", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-10575", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T15:14:10.869591Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T15:14:17.114Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "EcoStruxure IT Gateway", vendor: "Schneider Electric", versions: [ { status: "affected", version: "Version 1.21.0.6", }, { status: "affected", version: "Version 1.22.0.3", }, { status: "affected", version: "Version 1.22.1.5", }, { status: "affected", version: "Version 1.23.0.4", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "CWE-862: Missing Authorization vulnerability exists that could cause unauthorized access when enabled on\nthe network and potentially impacting connected devices.", }, ], value: "CWE-862: Missing Authorization vulnerability exists that could cause unauthorized access when enabled on\nthe network and potentially impacting connected devices.", }, ], metrics: [ { cvssV4_0: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", baseScore: 10, baseSeverity: "CRITICAL", privilegesRequired: "NONE", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "HIGH", subConfidentialityImpact: "HIGH", subIntegrityImpact: "LOW", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:L/SA:H", version: "4.0", vulnAvailabilityImpact: "HIGH", vulnConfidentialityImpact: "HIGH", vulnIntegrityImpact: "HIGH", vulnerabilityResponseEffort: "NOT_DEFINED", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-862", description: "CWE-862 Missing Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-13T04:35:44.556Z", orgId: "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", shortName: "schneider", }, references: [ { url: "https://download.schneider-electric.com/doc/SEVD-2024-317-04/SEVD-2024-317-04.pdf", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", assignerShortName: "schneider", cveId: "CVE-2024-10575", datePublished: "2024-11-13T04:35:44.556Z", dateReserved: "2024-10-31T08:33:14.823Z", dateUpdated: "2024-11-13T15:14:17.114Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2024-11-13 05:15
Modified
2024-11-19 17:28
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
CWE-862: Missing Authorization vulnerability exists that could cause unauthorized access when enabled on
the network and potentially impacting connected devices.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cybersecurity@se.com | https://download.schneider-electric.com/doc/SEVD-2024-317-04/SEVD-2024-317-04.pdf | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| schneider-electric | ecostruxure_it_gateway | 1.21.0.6 | |
| schneider-electric | ecostruxure_it_gateway | 1.22.0.3 | |
| schneider-electric | ecostruxure_it_gateway | 1.22.1.5 | |
| schneider-electric | ecostruxure_it_gateway | 1.23.0.4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:schneider-electric:ecostruxure_it_gateway:1.21.0.6:*:*:*:*:*:*:*", matchCriteriaId: "B416D9C9-F5FE-4837-AD8D-99A02B61F61E", vulnerable: true, }, { criteria: "cpe:2.3:a:schneider-electric:ecostruxure_it_gateway:1.22.0.3:*:*:*:*:*:*:*", matchCriteriaId: "95F485CD-6B41-47EA-9F89-8BF8822893A3", vulnerable: true, }, { criteria: "cpe:2.3:a:schneider-electric:ecostruxure_it_gateway:1.22.1.5:*:*:*:*:*:*:*", matchCriteriaId: "6BA248E9-160E-46B5-BE1B-DB2B79D50746", vulnerable: true, }, { criteria: "cpe:2.3:a:schneider-electric:ecostruxure_it_gateway:1.23.0.4:*:*:*:*:*:*:*", matchCriteriaId: "A6FB2D5E-ACF8-4582-A3C6-E0F099A9442C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "CWE-862: Missing Authorization vulnerability exists that could cause unauthorized access when enabled on\nthe network and potentially impacting connected devices.", }, { lang: "es", value: "CWE-862: Existe una vulnerabilidad de autorización faltante que podría causar acceso no autorizado cuando se habilita en la red y potencialmente afectar los dispositivos conectados.", }, ], id: "CVE-2024-10575", lastModified: "2024-11-19T17:28:06.750", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "cybersecurity@se.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 10, baseSeverity: "CRITICAL", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "NONE", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "HIGH", subConfidentialityImpact: "HIGH", subIntegrityImpact: "LOW", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "HIGH", vulnConfidentialityImpact: "HIGH", vulnIntegrityImpact: "HIGH", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cybersecurity@se.com", type: "Secondary", }, ], }, published: "2024-11-13T05:15:11.233", references: [ { source: "cybersecurity@se.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://download.schneider-electric.com/doc/SEVD-2024-317-04/SEVD-2024-317-04.pdf", }, ], sourceIdentifier: "cybersecurity@se.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-862", }, ], source: "cybersecurity@se.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-12 18:15
Modified
2024-11-21 08:47
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege
escalation when logged in as a non-administrative user.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| schneider-electric | ecostruxure_it_gateway | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:schneider-electric:ecostruxure_it_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "2DEDCABF-3AD9-4627-BA56-019AAF0D0062", versionEndExcluding: "1.21.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege\nescalation when logged in as a non-administrative user.", }, { lang: "es", value: "CWE-798: Existe una vulnerabilidad en el uso de credenciales codificadas que podría provocar una escalada de privilegios locales al iniciar sesión como usuario no administrativo.", }, ], id: "CVE-2024-0865", lastModified: "2024-11-21T08:47:32.170", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "cybersecurity@se.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-06-12T18:15:10.620", references: [ { source: "cybersecurity@se.com", tags: [ "Vendor Advisory", ], url: "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-044-03.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-044-03.pdf", }, ], sourceIdentifier: "cybersecurity@se.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-798", }, ], source: "cybersecurity@se.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-05-14 16:15
Modified
2024-11-21 04:55
Severity ?
Summary
In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled search path element vulnerability could allow a malicious DLL file with the same name of any resident DLLs inside the software installation to execute arbitrary code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.us-cert.gov/ics/advisories/ICSA2012601 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/ICSA2012601 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fazecast | jserialcomm | * | |
| schneider-electric | ecostruxure_it_gateway | * | |
| schneider-electric | ecostruxure_it_gateway | * | |
| schneider-electric | ecostruxure_it_gateway | 1.7.0.64 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fazecast:jserialcomm:*:*:*:*:*:*:*:*", matchCriteriaId: "80603734-EA55-4B86-B24E-2DE775E6067A", versionEndIncluding: "2.2.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:schneider-electric:ecostruxure_it_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "E4A11B09-BD0A-424E-91F7-47B9A1BC8A39", versionEndIncluding: "1.5.2.28", versionStartIncluding: "1.5.0.66", vulnerable: true, }, { criteria: "cpe:2.3:a:schneider-electric:ecostruxure_it_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "C26B65FF-5513-4F91-ABE0-456830E874A8", versionEndIncluding: "1.6.2.14", versionStartIncluding: "1.6.0.39", vulnerable: true, }, { criteria: "cpe:2.3:a:schneider-electric:ecostruxure_it_gateway:1.7.0.64:*:*:*:*:*:*:*", matchCriteriaId: "6446688E-74B1-4B24-8D4B-F774F22CD9A6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled search path element vulnerability could allow a malicious DLL file with the same name of any resident DLLs inside the software installation to execute arbitrary code.", }, { lang: "es", value: "En Fazecast jSerialComm, Versión 2.2.2 y anteriores, una vulnerabilidad de elemento de ruta de búsqueda no controlada podría permitir que un archivo DLL malicioso, con el mismo nombre de cualquiera de las DLL residentes dentro de la instalación del software, ejecute código arbitrario.", }, ], id: "CVE-2020-10626", lastModified: "2024-11-21T04:55:43.520", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 6.9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-05-14T16:15:12.530", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.us-cert.gov/ics/advisories/ICSA2012601", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.us-cert.gov/ics/advisories/ICSA2012601", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-427", }, ], source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-427", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }