Malicious File Could Lead to Code Execution, DoS, and Loss of Confidentiality & Integrity
CVE-2024-8422

7.8HIGH

Key Information:

Vendor: Schneider Electric
Status: Zelio Soft 2
Vendor: CVE Published:; 8 October 2024

Summary

A Use After Free vulnerability exists in Schneider Electric's Zelio Soft 2 software. When a user opens a malicious Zelio Soft 2 project file, it may result in arbitrary code execution, denial of service, and potential loss of confidentiality and integrity. This vulnerability poses significant risks to users who may unknowingly open compromised files, highlighting the critical need for security measures and timely updates.

Affected Version(s)

Zelio Soft 2 Versions prior to 5.4.2.2

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 8, 2024
Vulnerability Reserved
Sep 4, 2024

Collectors

NVD DatabaseMitre Database