Search

Find a vulnerability

Search criteria

    3 vulnerabilities found for SESU by Schneider Electric

    CVE-2025-5296 (GCVE-0-2025-5296)

    Vulnerability from nvd – Published: 2025-08-18 07:22 – Updated: 2025-08-18 12:22
    VLAI
    Summary
    CWE-59: Improper Link Resolution Before File Access ('Link Following') vulnerability exists that could cause arbitrary data to be written to protected locations, potentially leading to escalation of privilege, arbitrary file corruption, exposure of application and system information or persistent denial of service when a low-privileged attacker tampers with the installation folder.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    Impacted products
    Vendor Product Version
    Schneider Electric SESU Affected: Versions prior to v3.0.12
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-5296",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-18T12:22:15.242244Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-18T12:22:22.123Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SESU",
              "vendor": "Schneider Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions prior to v3.0.12"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027) vulnerability exists that could cause \narbitrary data to be written to protected locations, potentially leading to escalation of privilege, arbitrary file \ncorruption, exposure of application and system information or persistent denial of service when a low-privileged \nattacker tampers with the installation folder.\n\n\u003cbr\u003e"
                }
              ],
              "value": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027) vulnerability exists that could cause \narbitrary data to be written to protected locations, potentially leading to escalation of privilege, arbitrary file \ncorruption, exposure of application and system information or persistent denial of service when a low-privileged \nattacker tampers with the installation folder."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-18T07:22:05.013Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-224-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2025-224-03.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2025-5296",
        "datePublished": "2025-08-18T07:22:05.013Z",
        "dateReserved": "2025-05-28T06:06:42.804Z",
        "dateUpdated": "2025-08-18T12:22:22.123Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-5296 (GCVE-0-2025-5296)

    Vulnerability from cvelistv5 – Published: 2025-08-18 07:22 – Updated: 2025-08-18 12:22
    VLAI
    Summary
    CWE-59: Improper Link Resolution Before File Access ('Link Following') vulnerability exists that could cause arbitrary data to be written to protected locations, potentially leading to escalation of privilege, arbitrary file corruption, exposure of application and system information or persistent denial of service when a low-privileged attacker tampers with the installation folder.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    Impacted products
    Vendor Product Version
    Schneider Electric SESU Affected: Versions prior to v3.0.12
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-5296",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-18T12:22:15.242244Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-18T12:22:22.123Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SESU",
              "vendor": "Schneider Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions prior to v3.0.12"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027) vulnerability exists that could cause \narbitrary data to be written to protected locations, potentially leading to escalation of privilege, arbitrary file \ncorruption, exposure of application and system information or persistent denial of service when a low-privileged \nattacker tampers with the installation folder.\n\n\u003cbr\u003e"
                }
              ],
              "value": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027) vulnerability exists that could cause \narbitrary data to be written to protected locations, potentially leading to escalation of privilege, arbitrary file \ncorruption, exposure of application and system information or persistent denial of service when a low-privileged \nattacker tampers with the installation folder."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-18T07:22:05.013Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-224-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2025-224-03.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2025-5296",
        "datePublished": "2025-08-18T07:22:05.013Z",
        "dateReserved": "2025-05-28T06:06:42.804Z",
        "dateUpdated": "2025-08-18T12:22:22.123Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    VAR-201811-0562

    Vulnerability from variot - Updated: 2024-11-23 22:58

    A DLL hijacking vulnerability exists in Schneider Electric Software Update (SESU), all versions prior to V2.2.0, which could allow an attacker to execute arbitrary code on the targeted system when placing a specific DLL file. Schneider Electric Software Update (SESU) Contains a vulnerability related to uncontrolled search path elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Software Update (SESU) is a Schneider software update tool from Schneider Electric of France. A remote attacker can leverage this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial of service condition

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0562",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "software update utility",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": "2.2.0"
          },
          {
            "model": "software update",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "2.2.0"
          },
          {
            "model": "electric sesu",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "schneider",
            "version": "2.2.0"
          },
          {
            "model": "software update utility",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider electric",
            "version": "1.0.13"
          },
          {
            "model": "software update utility",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider electric",
            "version": "1.1"
          },
          {
            "model": "software update utility",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider electric",
            "version": "1.0"
          },
          {
            "model": "sesu",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "1.1"
          },
          {
            "model": "sesu",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "1.0"
          },
          {
            "model": "sesu",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "2.2"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "update utility",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "ccd6ac8f-d56b-4304-80f4-3c0885cd4a1c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-45186"
          },
          {
            "db": "BID",
            "id": "105951"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012686"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-021"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7799"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:schneider_electric:software_update_utility",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012686"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor reported this issue.",
        "sources": [
          {
            "db": "BID",
            "id": "105951"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2018-7799",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-7799",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2019-45186",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "ccd6ac8f-d56b-4304-80f4-3c0885cd4a1c",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "VHN-137831",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2018-7799",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-7799",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-7799",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-45186",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201811-021",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "ccd6ac8f-d56b-4304-80f4-3c0885cd4a1c",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-137831",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "ccd6ac8f-d56b-4304-80f4-3c0885cd4a1c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-45186"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137831"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012686"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-021"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7799"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A DLL hijacking vulnerability exists in Schneider Electric Software Update (SESU), all versions prior to V2.2.0, which could allow an attacker to execute arbitrary code on the targeted system when placing a specific DLL file. Schneider Electric Software Update (SESU) Contains a vulnerability related to uncontrolled search path elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Software Update (SESU) is a Schneider software update tool from Schneider Electric of France. \nA remote attacker can leverage this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial of service condition",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-7799"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012686"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-45186"
          },
          {
            "db": "BID",
            "id": "105951"
          },
          {
            "db": "IVD",
            "id": "ccd6ac8f-d56b-4304-80f4-3c0885cd4a1c"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137831"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-7799",
            "trust": 3.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-305-02",
            "trust": 3.4
          },
          {
            "db": "SCHNEIDER",
            "id": "SEVD-2018-298-01",
            "trust": 1.7
          },
          {
            "db": "BID",
            "id": "105951",
            "trust": 1.4
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-021",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-45186",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-331-01",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012686",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "CCD6AC8F-D56B-4304-80F4-3C0885CD4A1C",
            "trust": 0.2
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-98848",
            "trust": 0.1
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-98862",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-137831",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "ccd6ac8f-d56b-4304-80f4-3c0885cd4a1c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-45186"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137831"
          },
          {
            "db": "BID",
            "id": "105951"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012686"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-021"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7799"
          }
        ]
      },
      "id": "VAR-201811-0562",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "ccd6ac8f-d56b-4304-80f4-3c0885cd4a1c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-45186"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137831"
          }
        ],
        "trust": 1.8166666500000002
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "ccd6ac8f-d56b-4304-80f4-3c0885cd4a1c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-45186"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:58:49.414000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "SEVD-2018-298-01",
            "trust": 0.8,
            "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-298-01/"
          },
          {
            "title": "Patch for Schneider Electric Software Update DLL Hijacking Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/193953"
          },
          {
            "title": "Schneider Electric Software Update Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86567"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-45186"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012686"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-021"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-427",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-137831"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012686"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7799"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-305-02"
          },
          {
            "trust": 1.7,
            "url": "https://www.schneider-electric.com/en/download/document/sevd-2018-298-01/"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/bid/105951"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7799"
          },
          {
            "trust": 0.8,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-331-01"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7799"
          },
          {
            "trust": 0.3,
            "url": "http://www.schneider-electric.com/products/ww/en/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-45186"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137831"
          },
          {
            "db": "BID",
            "id": "105951"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012686"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-021"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7799"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "ccd6ac8f-d56b-4304-80f4-3c0885cd4a1c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-45186"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137831"
          },
          {
            "db": "BID",
            "id": "105951"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012686"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-021"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7799"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-12-13T00:00:00",
            "db": "IVD",
            "id": "ccd6ac8f-d56b-4304-80f4-3c0885cd4a1c"
          },
          {
            "date": "2019-12-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-45186"
          },
          {
            "date": "2018-11-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-137831"
          },
          {
            "date": "2018-11-01T00:00:00",
            "db": "BID",
            "id": "105951"
          },
          {
            "date": "2019-02-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-012686"
          },
          {
            "date": "2018-11-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-021"
          },
          {
            "date": "2018-11-02T17:29:00.773000",
            "db": "NVD",
            "id": "CVE-2018-7799"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-12-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-45186"
          },
          {
            "date": "2018-12-27T00:00:00",
            "db": "VULHUB",
            "id": "VHN-137831"
          },
          {
            "date": "2018-11-01T00:00:00",
            "db": "BID",
            "id": "105951"
          },
          {
            "date": "2019-02-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-012686"
          },
          {
            "date": "2018-11-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-021"
          },
          {
            "date": "2024-11-21T04:12:45.457000",
            "db": "NVD",
            "id": "CVE-2018-7799"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-021"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Schneider Electric Software Update DLL Hijacking vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "ccd6ac8f-d56b-4304-80f4-3c0885cd4a1c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-45186"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-021"
          }
        ],
        "trust": 0.6
      }
    }