First published: Fri Nov 02 2018(Updated: )
A DLL hijacking vulnerability exists in Schneider Electric Software Update (SESU), all versions prior to V2.2.0, which could allow an attacker to execute arbitrary code on the targeted system when placing a specific DLL file.
Credit: cybersecurity@se.com
Affected Software | Affected Version | How to fix |
---|---|---|
Schneider-electric Software Update Utility | <2.2.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this DLL hijacking vulnerability in Schneider Electric Software Update (SESU) is CVE-2018-7799.
The severity rating of CVE-2018-7799 is critical with a value of 7.8.
All versions prior to V2.2.0 of Schneider Electric Software Update (SESU) are affected by CVE-2018-7799.
An attacker can execute arbitrary code on the targeted system by placing a specific DLL file.
More information about CVE-2018-7799 can be found at the following references: [1](http://www.securityfocus.com/bid/105951), [2](https://ics-cert.us-cert.gov/advisories/ICSA-18-305-02), [3](https://www.schneider-electric.com/en/download/document/SEVD-2018-298-01/).