DLL Hijacking Vulnerability in Schneider Electric Software Update
CVE-2018-7799

7.8HIGH

Key Information:

Vendor

Schneider Electric
Status
Schneider Electric Software Update (sesu), All Versions Prior To V2.2.0
Vendor
CVE Published:
2 November 2018

What is CVE-2018-7799?

A DLL hijacking vulnerability exists in Schneider Electric Software Update, which affects all versions prior to V2.2.0. This vulnerability allows an attacker to execute arbitrary code on a targeted system if they successfully place a malicious DLL file in a specific location. Exploiting this vulnerability could lead to serious security issues, making it essential for users to update to the latest version to mitigate risks.

Affected Version(s)

Schneider Electric Software Update (SESU), all prior to V2.2.0 Schneider Electric Software Update (SESU), all versions prior to V2.2.0

References

http://www.securityfocus.com/bid/105951
vdb-entryx_refsource_BID
https://www.schneider-electric.com/en/download/document/S...
x_refsource_CONFIRM
https://ics-cert.us-cert.gov/advisories/ICSA-18-305-02
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.