DLL Hijacking Vulnerability in Schneider Electric's SoMove Software
CVE-2018-7239

7.8HIGH

Key Information:

Vendor
Schneider Electric
Status
Somove
Vendor
CVE Published:
9 March 2018

Summary

A vulnerability exists in Schneider Electric's SoMove Software and its associated DTM software components, allowing attackers to exploit DLL hijacking techniques. This flaw affects all versions prior to 2.6.2, enabling unauthorized execution of arbitrary code, which poses significant risks to system integrity and security. Organizations using affected software should prioritize updating to the latest version to mitigate potential threats.

Affected Version(s)

SoMove

References

https://ics-cert.us-cert.gov/advisories/ICSA-18-065-02
x_refsource_MISC
https://www.schneider-electric.com/en/download/document/S...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/103338
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.