CVE-2020-10626

Published: May 14, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled search path element vulnerability could allow a malicious DLL file with the same name of any resident DLLs inside the software installation to execute arbitrary code.

Affected (4)

Products: Fazecast: Jserialcomm · Schneider Electric: Ecostruxure It Gateway

Fazecast

1 product

Jserialcomm

Schneider Electric

1 product

Ecostruxure It Gateway

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Fazecast Jserialcomm	Up to 2.2.2

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Schneider Electric Ecostruxure It Gateway	From 1.5.0.66 to 1.5.2.28
Schneider Electric Ecostruxure It Gateway	From 1.6.0.39 to 1.6.2.14
Schneider Electric Ecostruxure It Gateway	Version 1.7.0.64

Related CWEs

CWE-427

Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (2)

https://www.us-cert.gov/ics/advisories/ICSA2012601

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://www.us-cert.gov/ics/advisories/ICSA2012601

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.