← Back

CVE-2018-7239

nvd nist
Published: Mar 9, 2018Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

A DLL hijacking vulnerability exists in Schneider Electric's SoMove Software and associated DTM software components in all versions prior to 2.6.2 which could allow an attacker to execute arbitrary code.

Affected (13)

Schneider Electric
13 products
Atv12 Dtm
Atv212 Dtm
Atv312 Dtm
Atv31 Dtm
Atv320 Dtm
Atv32 Dtm
Atv340 Dtm
Atv600 Dtm
Atv61 Dtm
Atv71 Dtm
Atv900 Dtm
Atv Lift Dtm
Somove
Configuration A
13 vulnerable
Vulnerable SoftwareAffected Versions
Atv12 Dtm
Before 12.7.0
Atv212 Dtm
Before 12.7.0
Atv312 Dtm
Before 12.7.0
Atv31 Dtm
Before 12.7.0
Atv320 Dtm
Before 1.1.6
Atv32 Dtm
Before 12.7.0
Atv340 Dtm
Before 1.2.3
Atv600 Dtm
Before 1.8.0
Atv61 Dtm
Before 12.7.0
Atv71 Dtm
Before 12.7.0
Atv900 Dtm
Before 1.3.5
Atv Lift Dtm
Before 12.7.0
Somove
Before 2.6.2

Related CWEs

CWE-426
Untrusted Search Path
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

References (6)

Source: cybersecurity@se.com
Third Party AdvisoryVDB Entry
Source: cybersecurity@se.com
Third Party AdvisoryUS Government Resource
Source: cybersecurity@se.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.