CVE-2020-7474
HIGHProSoft Configurator < 1.002 - Untrusted Code Execution via DLL Search Path
Title source: llmDescription
A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProSoft Configurator (v1.002 and prior), for the PMEPXM0100 (H) module, which could cause the execution of untrusted code when using double click to open a project file which may trigger execution of a malicious DLL.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.se.com/ww/en/download/document/SEVD-2020-042-01/
Scores
CVSS v3
7.8
EPSS
0.0015
EPSS Percentile
35.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-427
Status
published
Products (1)
schneider-electric/pmepxm0100_prosoft_configurator
< 1.002
Published
Mar 23, 2020
Tracked Since
Feb 18, 2026