CVE-2018-14797
 
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary code execution.
En Emerson DeltaV DCS en versiones 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 permite que se coloque un archivo DLL especialmente manipulado en la ruta de búsqueda y que se cargue como un DLL interno válido, lo que podría provocar la ejecución arbitraria de código.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-08-01 CVE Reserved
- 2018-08-23 CVE Published
- 2024-01-14 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-427: Uncontrolled Search Path Element
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/105105 | Third Party Advisory | |
https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Emerson Search vendor "Emerson" | Deltav Search vendor "Emerson" for product "Deltav" | 11.3.1 Search vendor "Emerson" for product "Deltav" and version "11.3.1" | - |
Affected
| ||||||
Emerson Search vendor "Emerson" | Deltav Search vendor "Emerson" for product "Deltav" | 12.3.1 Search vendor "Emerson" for product "Deltav" and version "12.3.1" | - |
Affected
| ||||||
Emerson Search vendor "Emerson" | Deltav Search vendor "Emerson" for product "Deltav" | 13.3.0 Search vendor "Emerson" for product "Deltav" and version "13.3.0" | - |
Affected
| ||||||
Emerson Search vendor "Emerson" | Deltav Search vendor "Emerson" for product "Deltav" | 13.3.1 Search vendor "Emerson" for product "Deltav" and version "13.3.1" | - |
Affected
| ||||||
Emerson Search vendor "Emerson" | Deltav Search vendor "Emerson" for product "Deltav" | r5 Search vendor "Emerson" for product "Deltav" and version "r5" | - |
Affected
|