CVE-2019-6822
HIGHZelio Soft 2 <= 5.2 - Remote Code Execution via Crafted Project File
Title source: llmDescription
A Use After Free: CWE-416 vulnerability exists in Zelio Soft 2, V5.2 and earlier, which could cause remote code execution when opening a specially crafted Zelio Soft 2 project file.
References (4)
Core 4
Core References
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/109100
Third Party Advisory, VDB Entry x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-19-658/
Vendor Advisory x_refsource_misc
https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-190-01
Third Party Advisory, US Government Resource x_refsource_misc
https://www.us-cert.gov/ics/advisories/icsa-19-190-03
Scores
CVSS v3
7.8
EPSS
0.0085
EPSS Percentile
75.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (1)
schneider-electric/zelio_soft_2
< 5.2
Published
Jul 15, 2019
Tracked Since
Feb 18, 2026