fkie_nvd - fkie_cve-2018-7239

fkie_cve-2018-7239

Vulnerability from fkie_nvd

Published

2018-03-09 23:29

Modified

2024-11-21 04:11

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

A DLL hijacking vulnerability exists in Schneider Electric's SoMove Software and associated DTM software components in all versions prior to 2.6.2 which could allow an attacker to execute arbitrary code.

References

URL	Tags
cybersecurity@se.com	http://www.securityfocus.com/bid/103338	Third Party Advisory, VDB Entry
cybersecurity@se.com	https://ics-cert.us-cert.gov/advisories/ICSA-18-065-02	Third Party Advisory, US Government Resource
cybersecurity@se.com	https://www.schneider-electric.com/en/download/document/SEVD-2018-060-01/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/103338	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-18-065-02	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://www.schneider-electric.com/en/download/document/SEVD-2018-060-01/	Vendor Advisory

Impacted products

Vendor	Product	Version
schneider-electric	atv_lift_dtm	*
schneider-electric	atv12_dtm	*
schneider-electric	atv212_dtm	*
schneider-electric	atv31_dtm	*
schneider-electric	atv312_dtm	*
schneider-electric	atv32_dtm	*
schneider-electric	atv320_dtm	*
schneider-electric	atv340_dtm	*
schneider-electric	atv600_dtm	*
schneider-electric	atv61_dtm	*
schneider-electric	atv71_dtm	*
schneider-electric	atv900_dtm	*
schneider-electric	somove	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:atv_lift_dtm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F0F8212-5CC6-4EB7-9F37-4587FC849A54",
              "versionEndExcluding": "12.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:schneider-electric:atv12_dtm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "70DDF782-E80B-41A6-88F0-52D3BCCD0BE6",
              "versionEndExcluding": "12.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:schneider-electric:atv212_dtm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A9E382F-DBB4-4B24-81C7-EE33B5248935",
              "versionEndExcluding": "12.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:schneider-electric:atv31_dtm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2429408E-48C9-4F97-A918-4DDECF6A7AB2",
              "versionEndExcluding": "12.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:schneider-electric:atv312_dtm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "44D79762-E0D3-4DB9-8DD8-AE6A93953411",
              "versionEndExcluding": "12.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:schneider-electric:atv32_dtm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC70CB2D-2AA8-40EC-97BC-0527D5F100ED",
              "versionEndExcluding": "12.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:schneider-electric:atv320_dtm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D1862C8-5571-4DAC-B9F0-96DC3F2F846F",
              "versionEndExcluding": "1.1.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:schneider-electric:atv340_dtm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB77B51C-CA0B-4C6E-91D2-41C450C6214E",
              "versionEndExcluding": "1.2.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:schneider-electric:atv600_dtm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE8C39E7-A682-4453-945F-D1DFC9418A7C",
              "versionEndExcluding": "1.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:schneider-electric:atv61_dtm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "988EB546-BB63-4DEF-800E-5C5A3C796163",
              "versionEndExcluding": "12.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:schneider-electric:atv71_dtm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "848353C2-B49E-4B88-A57A-C783BF47C84C",
              "versionEndExcluding": "12.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:schneider-electric:atv900_dtm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BA8B718-4947-41FE-9DDC-DA3AB85992B3",
              "versionEndExcluding": "1.3.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:schneider-electric:somove:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD8AD349-3536-4244-8D10-D860A5A7F1FF",
              "versionEndExcluding": "2.6.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A DLL hijacking vulnerability exists in Schneider Electric\u0027s SoMove Software and associated DTM software components in all versions prior to 2.6.2 which could allow an attacker to execute arbitrary code."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de secuestro de DLL en SoMove Software de Schneider Electric y en los componentes de software DTM asociados, en todas las versiones anteriores a la 2.6.2. Esto podr\u00eda permitir que un atacante ejecute c\u00f3digo arbitrario."
    }
  ],
  "id": "CVE-2018-7239",
  "lastModified": "2024-11-21T04:11:51.273",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-03-09T23:29:00.967",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103338"
    },
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-065-02"
    },
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-060-01/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103338"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-065-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-060-01/"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-426"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2018-7239

Vulnerability from cvelistv5

Published

2018-03-09 23:00

Modified

2024-09-16 23:21