Sign-up

ID

VAR-201708-1588


TITLE

Schneider Electric Trio TView Software has dll hijacking vulnerability

Trust: 0.6

sources: CNVD: CNVD-2017-22083

DESCRIPTION

Schneider Electric Trio TView Software is a virtual diagnostic software. Schneider Electric Trio TView Software has a dll hijacking vulnerability. The vulnerability is caused by the failure to specify an absolute path for the DLL included in the Trio TView Software application, allowing an attacker to use the vulnerability to build a malicious application, place it in a specific path, and cause the application to maliciously load the DLL and execute it

Trust: 0.72

sources: CNVD: CNVD-2017-22083 // IVD: da372439-ebd6-4bd6-88ba-bea3d920244a

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: da372439-ebd6-4bd6-88ba-bea3d920244a // CNVD: CNVD-2017-22083

AFFECTED PRODUCTS

vendor:schneidermodel:electric trio tview softwarescope:eqversion:3.29.0

Trust: 0.8

sources: IVD: da372439-ebd6-4bd6-88ba-bea3d920244a // CNVD: CNVD-2017-22083

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2017-22083
value: MEDIUM

Trust: 0.6

IVD: da372439-ebd6-4bd6-88ba-bea3d920244a
value: MEDIUM

Trust: 0.2

CNVD: CNVD-2017-22083
severity: MEDIUM
baseScore: 6.2
vectorString: AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 1.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: da372439-ebd6-4bd6-88ba-bea3d920244a
severity: MEDIUM
baseScore: 6.2
vectorString: AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 1.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: da372439-ebd6-4bd6-88ba-bea3d920244a // CNVD: CNVD-2017-22083

TYPE

Code injection

Trust: 0.2

sources: IVD: da372439-ebd6-4bd6-88ba-bea3d920244a

EXTERNAL IDS

db:CNVDid:CNVD-2017-22083

Trust: 0.8

db:IVDid:DA372439-EBD6-4BD6-88BA-BEA3D920244A

Trust: 0.2

sources: IVD: da372439-ebd6-4bd6-88ba-bea3d920244a // CNVD: CNVD-2017-22083

SOURCES

db:IVDid:da372439-ebd6-4bd6-88ba-bea3d920244a
db:CNVDid:CNVD-2017-22083

LAST UPDATE DATE

2022-05-17T02:08:03.891000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-22083date:2017-09-05T00:00:00

SOURCES RELEASE DATE

db:IVDid:da372439-ebd6-4bd6-88ba-bea3d920244adate:2017-08-21T00:00:00
db:CNVDid:CNVD-2017-22083date:2017-09-23T00:00:00