A DLL hijacking vulnerability exists in Schneider Electric Software Update (SESU), all versions prior to V2.2.0, which could allow an attacker to execute arbitrary code on the targeted system when placing a specific DLL file. Schneider Electric Software Update (SESU) is installed by the following Schneider Electric software: Acti 9 Smart Test, AltivarATV320DtmLibrary, AltivarDTMLibrary, AltivarMachine340DTMLibrary, AltivarProcessATV6xxDTMLibrary, AltivarProcessATV9xxDTMLibrary, Blue, CompactNSX Firmware Update, Ecodial Advance Calculation, eConfigure, Ecoreach Software, EcoStruxure Modicon Builder, eXLhoist Configuration Software, Lexium 26 DTM Library, Lexium 28 DTM Library, Lexium 32 DTM Library, LV Motor Starter, PowerSCADA Expert, Schneider Electric Floating License Manager, Schneider Electric License Manager, Schneider Electric Motion Sizer, Schneider Electric SQL Gateway, SoMachine Basic, SoMachine Motion Software, SoMachine Motion Tools V4.3, SoMachine Software, SoMove, SoSafe Configurable, SoSafe Programmable V2.1, TeSysDTM, Unity Loader, Unity Pro, Vijeo Citect, Vijeo Designer, Vijeo Designer Opti 6.1, Vijeo XD, Web Gate Client Files

Source: CVE-2018-7799

댓글 남기기

이메일은 공개되지 않습니다. 필수 입력창은 * 로 표시되어 있습니다

Time limit is exhausted. Please reload the CAPTCHA.