CVE-2024-1595 - OpenCVE

Delta Electronics CNCSoft-B DOPSoft prior to v4.0.0.82 insecurely loads libraries, which may allow an attacker to use DLL hijacking and take over the system where the software is installed.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-053-01

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2024-02-29T19:16:08.644Z

Updated: 2024-02-29T19:16:08.644Z

Reserved: 2024-02-16T21:56:56.319Z

Link: CVE-2024-1595

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-02-29T20:15:41.227

Modified: 2024-03-01T14:04:26.010

Link: CVE-2024-1595

JSON object: View

Redhat Information

No data.

CWE

CWE-427

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2024-1595", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2024-02-16T21:56:56.319Z", "datePublished": "2024-02-29T19:16:08.644Z", "dateUpdated": "2024-02-29T19:16:08.644Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "CNCSoft-B v1.0.0.4 DOPSoft", "vendor": "Delta Electronics", "versions": [{"lessThan": "v4.0.0.82", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Delta Electronics reported this vulnerability to CISA."}], "datePublic": "2024-02-22T18:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Delta Electronics CNCSoft-B DOPSoft prior to v4.0.0.82</span><span style=\"background-color: rgb(255, 255, 255);\">\n\n insecurely loads libraries, which may allow an attacker to use DLL hijacking and take over the system where the software is installed.</span>\n\n"}], "value": "Delta Electronics CNCSoft-B DOPSoft prior to v4.0.0.82\n\n insecurely loads libraries, which may allow an attacker to use DLL hijacking and take over the system where the software is installed.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-427", "description": "CWE-427 Uncontrolled Search Path Element", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2024-02-29T19:16:08.644Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-053-01"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Delta recommends users upgrade to </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://downloadcenter.deltaww.com/en-US/DownloadCenter?v=1&q=cncsoft&sort_expr=cdate&sort_dir=DESC\">CNCSoft-B v1.0.0.4</a><span style=\"background-color: rgb(255, 255, 255);\">, which includes DOPSoft v4.0.0.94.</span>\n\n<br>"}], "value": "\nDelta recommends users upgrade to CNCSoft-B v1.0.0.4 https://downloadcenter.deltaww.com/en-US/DownloadCenter , which includes DOPSoft v4.0.0.94.\n\n\n"}], "source": {"discovery": "INTERNAL"}, "title": "Delta Electronics CNCSoft-B DOPSoft Uncontrolled Search Path Element", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}