Overview
- Description
- An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Alternatively, they could host a trojanized version of the software and trick victims into downloading and installing their malicious version to gain initial access and code execution.
- Source
- ot-cert@dragos.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.3
- Impact score
- 5.9
- Exploitability score
- 1.3
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ptc:kepware_kepserverex:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BE266C92-959F-41CE-A8DA-DC3D336BC169",
"versionEndIncluding": "6.14.263.0",
"versionStartIncluding": "6.0.2107.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ptc:thingworx_kepware_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "99455409-195C-418C-A227-E9C67E70C2F3",
"versionEndIncluding": "6.14.263.0",
"versionStartIncluding": "6.8"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ptc:thingworx_industrial_connectivity:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "10F80877-E2FA-4800-B4EB-BC87E35A9441",
"versionEndIncluding": "8.5",
"versionStartIncluding": "8.0"
}
],
"operator": "OR"
}
]
}
]