CVE-2019-6825

{"id": "CVE-2019-6825", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2019-07-15T21:15:10.790", "references": [{"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-162-01/", "tags": ["Vendor Advisory"], "source": "cybersecurity@se.com"}, {"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-162-01/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cybersecurity@se.com", "description": [{"lang": "en", "value": "CWE-427"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow a malicious DLL file, with the same name of any resident DLLs inside the software installation, to execute arbitrary code in all versions of ProClima prior to version 8.0.0."}, {"lang": "es", "value": "Una CWE-427: Existe una vulnerabilidad de Elemento de Ruta (Path) de B\u00fasqueda No Controlada en ProClima (todas las versiones anteriores a la versi\u00f3n 8.0.0), que podr\u00eda permitir un archivo DLL malicioso, con el mismo nombre de cualquier DLL residente dentro de la instalaci\u00f3n del software, para ejecutar c\u00f3digo arbitrario en todas las versiones de ProClima anteriores a la versi\u00f3n 8.0.0."}], "lastModified": "2024-11-21T04:47:13.673", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:schneider-electric:proclima:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C7BB1CA-CCED-4EC9-81F4-16633561E4CF", "versionEndExcluding": "8.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "cybersecurity@se.com"}