Main Vulnerability Database Vulnerabilities #VU18643

#VU18643 Untrusted search path in Network Configurator for DeviceNet - CVE-2019-10971

Published: May 30, 2019

Vulnerability identifier: #VU18643

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-10971

CWE-ID: CWE-426

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Network Configurator for DeviceNet

Software vendor:
Omron

Description

The vulnerability allows a remote attacker to gain access to data files or modify configuration.

The vulnerability exists due to executed malicious .dll file passed via untrusted search path. A remote attacker can modify search path to point to a malicious program in order to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://ics-cert.us-cert.gov/advisories/ICSA-19-134-01