Use After Free Vulnerability in Zelio Soft 2 by Schneider Electric
CVE-2018-7817

7.8HIGH

Key Information:

Vendor
Schneider Electric
Status
Zelio Soft 2 V5.1 And Prior Versions
Vendor
CVE Published:
6 February 2019

Summary

A Use After Free vulnerability exists in Zelio Soft 2 versions up to v5.1, which allows attackers to exploit the software by opening a specially crafted project file. This vulnerability can lead to remote code execution, posing significant security risks to affected systems. Users are advised to upgrade to the latest version to mitigate potential threats.

Affected Version(s)

Zelio Soft 2 v5.1 and prior Zelio Soft 2 v5.1 and prior versions

References

http://www.securityfocus.com/bid/106481
vdb-entryx_refsource_BID
https://www.schneider-electric.com/en/download/document/S...
x_refsource_CONFIRM
https://ics-cert.us-cert.gov/advisories/ICSA-19-008-01
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.