CVE-2018-13012

Published: Jun 29, 2018Modified: Nov 21, 2024

8.1

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

Download of code with improper integrity check in snsupd.exe and upd.exe in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.12 allows the remote attacker to execute unauthorized code by substituting a forged update server.

Affected (3)

Products: Safensoft: Softcontrol Enterprise Suite, Softcontrol Syswatch, Softcontrol Tpsecure

3 products

Softcontrol Enterprise Suite

Softcontrol Syswatch

Softcontrol Tpsecure

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Safensoft Softcontrol Enterprise Suite	Before 4.4.12
Safensoft Softcontrol Syswatch	Before 4.4.12
Safensoft Softcontrol Tpsecure	Before 4.4.12

Related CWEs

Download of Code Without Integrity Check

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

References (2)

http://www.safensoft.com/security.phtml?c=865#SNSVE-2018-5

Source: cve@mitre.org

Vendor Advisory

http://www.safensoft.com/security.phtml?c=865#SNSVE-2018-5

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.