CVE-2018-7239

HIGH

Schneider Electric SoMove and DTM Software < 2.6.2 - DLL Hijacking

Title source: llm
STIX 2.1

Description

A DLL hijacking vulnerability exists in Schneider Electric's SoMove Software and associated DTM software components in all versions prior to 2.6.2 which could allow an attacker to execute arbitrary code.

References (3)

Core 3
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-18-065-02
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/103338

Scores

CVSS v3 7.8
EPSS 0.0046
EPSS Percentile 64.1%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-426
Status published
Products (13)
schneider-electric/atv12_dtm < 12.7.0
schneider-electric/atv212_dtm < 12.7.0
schneider-electric/atv312_dtm < 12.7.0
schneider-electric/atv31_dtm < 12.7.0
schneider-electric/atv320_dtm < 1.1.6
schneider-electric/atv32_dtm < 12.7.0
schneider-electric/atv340_dtm < 1.2.3
schneider-electric/atv600_dtm < 1.8.0
schneider-electric/atv61_dtm < 12.7.0
schneider-electric/atv71_dtm < 12.7.0
... and 3 more
Published Mar 09, 2018
Tracked Since Feb 18, 2026