Vulnerability Details : CVE-2018-7239
A DLL hijacking vulnerability exists in Schneider Electric's SoMove Software and associated DTM software components in all versions prior to 2.6.2 which could allow an attacker to execute arbitrary code.
Vulnerability category: File inclusionExecute code
Products affected by CVE-2018-7239
- cpe:2.3:a:schneider-electric:somove:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider-electric:atv32_dtm:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider-electric:atv71_dtm:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider-electric:atv61_dtm:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider-electric:atv_lift_dtm:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider-electric:atv340_dtm:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider-electric:atv900_dtm:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider-electric:atv31_dtm:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider-electric:atv212_dtm:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider-electric:atv320_dtm:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider-electric:atv600_dtm:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider-electric:atv312_dtm:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider-electric:atv12_dtm:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-7239
0.26%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 65 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-7239
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2018-7239
-
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-7239
-
http://www.securityfocus.com/bid/103338
Multiple Schneider Electric Products CVE-2018-7239 DLL Loading Local Code Execution VulnerabilityThird Party Advisory;VDB Entry
-
https://ics-cert.us-cert.gov/advisories/ICSA-18-065-02
Schneider Electric SoMove Software and DTM Software Components | CISAThird Party Advisory;US Government Resource
-
https://www.schneider-electric.com/en/download/document/SEVD-2018-060-01/
Security Notification- SoMove | Schneider ElectricVendor Advisory
Jump to