The vulnerability of the SIMATIC Energy Manager Basic and SIMATIC Energy Manager PRO software lies in an uncontrolled element of the loading process for DLL libraries. This allows a hacker to execute arbitrary code.

The vulnerability of the SIMATIC Energy Manager Basic and SIMATIC Energy Manager PRO software lies in an uncontrolled element of the loading process when libraries of DLL files are loaded. Exploiting this vulnerability can allow a perpetrator to execute arbitrary code...

Input validation

Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent versions 3.0.1 to 3.1.2.34 start, the Python interpreter attempts to load python3.dll at "C:\DLLs\python3.dll," which normally is...

CVE-2020-6785

This CVE (CVE-2020-6785) describes a code execution vulnerability in Bosch BVMS and BVMS Viewer via Loading a DLL through an Uncontrolled Search Path Element. Affected are BVMS versions 10.1.0, 10.0.1, 10.0.0, 9.0.0 and older, including BVMS installers and installed BVMS, plus related DIVAR IP pr...

CVE-2020-6771

Bosch IP Helper (industrial control tool) is affected by CVE-2020-6771 due to an Uncontrolled Search Path Element when loading DLLs. Versions up to 1.00.0008 are affected. The vulnerability requires the victim to place a malicious DLL in the same directory as the portable IP Helper application, e...

Design/Logic Flaw

Rapid7 Insight Agent, version 2.6.3 and prior, suffers from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent 2.6.3 and prior starts, the Python interpreter attempts to load python3.dll at "C:\DLLs\python3.dll," which normally is writable by...