漏洞标题
新杰XD/E系列PLC程序工具DLL劫持
漏洞描述信息
新杰XD/E系列PLC编程工具DLL劫持
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
XINJE XD/E Series PLC Program Tool DLL Hijacking
漏洞描述信息
A vulnerability exists in XINJE XD/E Series PLC Program Tool in versions up to v3.5.1 that can allow an authenticated, local attacker to load a malicious DLL. Local access is required to successfully exploit this vulnerability. This means the potential attacker must have access to the system and sufficient file-write privileges. If exploited, the attacker could place a malicious DLL file on the system, that when running XINJE XD/E Series PLC Program Tool will allow the attacker to execute arbitrary code with the privileges of another user's account.
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
漏洞类别
对搜索路径元素未加控制
漏洞标题
XINJE XD/E Series PLC Program Tool 代码问题漏洞
漏洞描述信息
XINJE XD/E Series PLC Program Tool是中国信捷(XINJE)公司的一种编程软件。 XINJE XD/E Series PLC Program Tool 3.5.1版本及之前版本存在安全漏洞。本地攻击者利用该漏洞可加载恶意 DLL。
CVSS信息
N/A
漏洞类别
代码问题