CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3940
https://notcve.org/view.php?id=CVE-2015-3940
Untrusted search path vulnerability in Schneider Electric Wonderware System Platform before 2014 R2 Patch 01 allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. Vulnerabilidad de ruta de búsqueda no confiable en Schneider Electric Wonderware System Platform en versiones anteriores a 2014 R2 Patch 01, permite a usuarios locales obtener privilegios a través de un Troyano DLL en un directorio no especificado. • http://iom.invensys.com/EN/pdfLibrary/Security_Bulletin_LFSEC00000106.pdf http://www.securityfocus.com/bid/75297 http://www.securitytracker.com/id/1033179 http://www.securitytracker.com/id/1033180 https://ics-cert.us-cert.gov/advisories/ICSA-15-169-02 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •