Description
In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled search path element vulnerability could allow a malicious DLL file with the same name of any resident DLLs inside the software installation to execute arbitrary code.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://www.us-cert.gov/ics/advisories/ICSA2012601
Scores
CVSS v3
7.8
EPSS
0.0006
EPSS Percentile
20.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-427
Status
published
Products (3)
fazecast/jserialcomm
< 2.2.2
schneider-electric/ecostruxure_it_gateway
1.7.0.64
schneider-electric/ecostruxure_it_gateway
1.5.0.66 - 1.5.2.28
Published
May 14, 2020
Tracked Since
Feb 18, 2026