// For flags

CVE-2019-10924

 

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability has been identified in LOGO! Soft Comfort (All versions < V8.3). The vulnerability could allow an attacker to execute arbitrary code if the attacker tricks a legitimate user to open a manipulated project. In order to exploit the vulnerability, a valid user must open a manipulated project file. No further privileges are required on the target system. The vulnerability could compromise the confidentiality, integrity and availability of the engineering station. At the time of advisory publication no public exploitation of this security vulnerability was known.

Una vulnerabilidad ha sido encontrada en LOGO! Soft Comfort (Todas las versiones anteriores a la versión V8.3 ). La vulnerabilidad podría permitir a un atacante ejecutar código arbitrario si este engaña a un usuario legítimo para abrir un proyecto manipulado. Para explotar la vulnerabilidad, un usuario válido necesita abrir un archivo de proyecto manipulado. No se requieren más privilegios en el sistema de destino. La vulnerabilidad podría comprometer la confidencialidad, integridad y disponibilidad de la estación de ingeniería. Hasta el momento de la publicación de asesoramiento, no se conocía la explotación pública de esta vulnerabilidad de seguridad

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-04-08 CVE Reserved
  • 2019-05-14 CVE Published
  • 2024-08-04 CVE Updated
  • 2024-10-04 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-502: Deserialization of Untrusted Data
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Siemens
Search vendor "Siemens"
Logo\! Soft Comfort
Search vendor "Siemens" for product "Logo\! Soft Comfort"
< 8.3
Search vendor "Siemens" for product "Logo\! Soft Comfort" and version " < 8.3"
-
Affected