Lucene search

SiemensCVELIST:CVE-2020-25244

HistoryApr 22, 2021 - 8:42 p.m.

CVE-2020-25244

2021-04-2220:42:19

CWE-427

siemens

www.cve.org

vulnerability

logo! soft comfort

dll hijacking

local attacker

system takeover

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C

AI Score

7.9

Confidence

High

EPSS

0.001

Percentile

24.8%

JSON

A vulnerability has been identified in LOGO! Soft Comfort (All versions < V8.4). The software insecurely loads libraries which makes it vulnerable to DLL hijacking.
Successful exploitation by a local attacker could lead to a takeover of the system
where the software is installed.

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "LOGO! Soft Comfort",
    "versions": [
      {
        "version": "All versions < V8.4",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-983300.pdf

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C

AI Score

7.9

Confidence

High

EPSS

0.001

Percentile

24.8%

JSON

Related for CVELIST:CVE-2020-25244