Description
An Unquoted Search Path or Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An unquoted search path or element vulnerability has been identified, which may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate his or her privileges.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101483
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-17-290-01
Scores
CVSS v3
6.7
EPSS
0.0041
EPSS Percentile
32.2%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-428
Status
published
Products (2)
n/a/Progea Movicon SCADA/HMI
Progea Movicon SCADA/HMI
progea/movicon
11.5.1181
Published
Oct 19, 2017
Tracked Since
Feb 18, 2026