Siemens RUGGEDCOM ROX, SIMATIC S7-1500 Uncontrolled Search Path Element (CVE-2019-5443)
A non-privileged user or program can put code and a config file in a known non-privileged path under C:/usr/local/ that will make curl = 7.65.1 automatically run the code as an openssl engine on invocation. If that curl is invoked by a privileged user it can do anything it wants. This plugin only...