CVE-2018-14812
First published: Wed Oct 24 2018(Updated: )
An uncontrolled search path element (DLL Hijacking) vulnerability has been identified in Fuji Electric Energy Savings Estimator versions V.1.0.2.0 and prior. Exploitation of this vulnerability could give an attacker access to the system with the same level of privilege as the application that utilizes the malicious DLL.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fujielectric Energy Savings Estimator | =1.0.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-14812?
CVE-2018-14812 is classified as a medium severity vulnerability due to its potential for DLL hijacking.
How do I fix CVE-2018-14812?
To mitigate CVE-2018-14812, upgrade to the latest version of Fuji Electric Energy Savings Estimator that addresses this vulnerability.
Which versions are affected by CVE-2018-14812?
CVE-2018-14812 affects Fuji Electric Energy Savings Estimator version 1.0.2.0 and earlier.
What type of attack is possible through CVE-2018-14812?
CVE-2018-14812 allows for DLL hijacking, which can lead to unauthorized system access with the application’s privileges.
Is CVE-2018-14812 exploitable remotely?
CVE-2018-14812 requires local access for exploitation, as it relies on an uncontrolled search path element.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- agent/author
- agent/weakness
- agent/severity
- agent/tags
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- vendor/fujielectric
- canonical/fujielectric energy savings estimator
- version/fujielectric energy savings estimator/1.0.2.0