1 results (0.003 seconds)
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-25245
https://notcve.org/view.php?id=CVE-2020-25245
A vulnerability has been identified in DIGSI 4 (All versions < V4.94 SP1 HF 1). Several folders in the %PATH% are writeable by normal users. As these folders are included in the search for dlls, an attacker could place dlls there with code executed by SYSTEM. Se ha identificado una vulnerabilidad en DIGSI 4 (Todas las versiones anteriores a V4.94 SP1 HF 1). Los usuarios normales pueden escribir varias carpetas en el %PATH%. • https://cert-portal.siemens.com/productcert/pdf/ssa-536315.pdf https://us-cert.cisa.gov/ics/advisories/icsa-21-040-10 • CWE-276: Incorrect Default Permissions •