CVE-2018-7239

Published Mar 9, 2018

Last updated 3 days ago

CVSS high 7.8

Overview

Description: A DLL hijacking vulnerability exists in Schneider Electric's SoMove Software and associated DTM software components in all versions prior to 2.6.2 which could allow an attacker to execute arbitrary code.
Source: cybersecurity@se.com
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-426

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:schneider-electric:atv_lift_dtm:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8F0F8212-5CC6-4EB7-9F37-4587FC849A54",
            "versionEndExcluding": "12.7.0"
          },
          {
            "criteria": "cpe:2.3:a:schneider-electric:atv12_dtm:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "70DDF782-E80B-41A6-88F0-52D3BCCD0BE6",
            "versionEndExcluding": "12.7.0"
          },
          {
            "criteria": "cpe:2.3:a:schneider-electric:atv212_dtm:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8A9E382F-DBB4-4B24-81C7-EE33B5248935",
            "versionEndExcluding": "12.7.0"
          },
          {
            "criteria": "cpe:2.3:a:schneider-electric:atv31_dtm:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2429408E-48C9-4F97-A918-4DDECF6A7AB2",
            "versionEndExcluding": "12.7.0"
          },
          {
            "criteria": "cpe:2.3:a:schneider-electric:atv312_dtm:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "44D79762-E0D3-4DB9-8DD8-AE6A93953411",
            "versionEndExcluding": "12.7.0"
          },
          {
            "criteria": "cpe:2.3:a:schneider-electric:atv32_dtm:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC70CB2D-2AA8-40EC-97BC-0527D5F100ED",
            "versionEndExcluding": "12.7.0"
          },
          {
            "criteria": "cpe:2.3:a:schneider-electric:atv320_dtm:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D1862C8-5571-4DAC-B9F0-96DC3F2F846F",
            "versionEndExcluding": "1.1.6"
          },
          {
            "criteria": "cpe:2.3:a:schneider-electric:atv340_dtm:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CB77B51C-CA0B-4C6E-91D2-41C450C6214E",
            "versionEndExcluding": "1.2.3"
          },
          {
            "criteria": "cpe:2.3:a:schneider-electric:atv600_dtm:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE8C39E7-A682-4453-945F-D1DFC9418A7C",
            "versionEndExcluding": "1.8.0"
          },
          {
            "criteria": "cpe:2.3:a:schneider-electric:atv61_dtm:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "988EB546-BB63-4DEF-800E-5C5A3C796163",
            "versionEndExcluding": "12.7.0"
          },
          {
            "criteria": "cpe:2.3:a:schneider-electric:atv71_dtm:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "848353C2-B49E-4B88-A57A-C783BF47C84C",
            "versionEndExcluding": "12.7.0"
          },
          {
            "criteria": "cpe:2.3:a:schneider-electric:atv900_dtm:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3BA8B718-4947-41FE-9DDC-DA3AB85992B3",
            "versionEndExcluding": "1.3.5"
          },
          {
            "criteria": "cpe:2.3:a:schneider-electric:somove:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD8AD349-3536-4244-8D10-D860A5A7F1FF",
            "versionEndExcluding": "2.6.2"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References