CVE-2019-6825
HIGHProClima < 8.0.0 - Uncontrolled Search Path Element via Malicious DLL Execution
Title source: llmDescription
A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow a malicious DLL file, with the same name of any resident DLLs inside the software installation, to execute arbitrary code in all versions of ProClima prior to version 8.0.0.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.schneider-electric.com/en/download/document/SEVD-2019-162-01/
Scores
CVSS v3
7.8
EPSS
0.0049
EPSS Percentile
65.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-427
Status
published
Products (1)
schneider-electric/proclima
< 8.0.0
Published
Jul 15, 2019
Tracked Since
Feb 18, 2026