Main Vulnerability Database SB2019053009

SB2019053009 - Untrusted search path in Omron Network Configurator for DeviceNet

Published: May 30, 2019

Security Bulletin ID SB2019053009

CSH Severity

Medium

Patch available

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Untrusted search path (CVE-ID: CVE-2019-10971)

CWE-ID: CWE-426 - Untrusted Search Path

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to gain access to data files or modify configuration.

The vulnerability exists due to executed malicious .dll file passed via untrusted search path. A remote attacker can modify search path to point to a malicious program in order to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://ics-cert.us-cert.gov/advisories/ICSA-19-134-01