Path traversal

2020-05-1416:15:00

PRIOn knowledge base

www.prio-n.com

0.002 Low

EPSS

Percentile

52.1%

JSON

In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled search path element vulnerability could allow a malicious DLL file with the same name of any resident DLLs inside the software installation to execute arbitrary code.

CPENameOperatorVersion
jserialcommle2.2.2
ecostruxure_it_gatewayeq1.7.0.64
ecostruxure_it_gatewayge1.6.0.39
ecostruxure_it_gatewayle1.6.2.14
ecostruxure_it_gatewayge1.5.0.66
ecostruxure_it_gatewayle1.5.2.28

Name	Operator	Version
jserialcomm	le	2.2.2
ecostruxure_it_gateway	eq	1.7.0.64
ecostruxure_it_gateway	ge	1.6.0.39
ecostruxure_it_gateway	le	1.6.2.14
ecostruxure_it_gateway	ge	1.5.0.66
ecostruxure_it_gateway	le	1.5.2.28

References

www.us-cert.gov/ics/advisories/ICSA2012601

0.002 Low

EPSS

Percentile

52.1%

JSON

Related for PRION:CVE-2020-10626