// For flags

CVE-2024-6618

Path Traversal in Ocean Data Systems Dream Report

Severity Score

8.5
*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track*
*SSVC
Descriptions

In Ocean Data Systems Dream Report, a path traversal vulnerability could allow an attacker to perform remote code execution through the injection of a malicious dynamic-link library (DLL).

*Credits: Claroty Team82 reported these vulnerabilities to CISA.
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Attack Requirements
None
Privileges Required
Low
User Interaction
None
System
Vulnerable | Subsequent
Confidentiality
High
None
Integrity
High
None
Availability
High
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Track*
Exploitation
None
Automatable
No
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2024-07-09 CVE Reserved
  • 2024-08-13 CVE Published
  • 2024-08-14 EPSS Updated
  • 2024-08-20 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (1)
URL Tag Source
https://www.cisa.gov/news-events/ics-advisories/icsa-24-226-08 Government Resource
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ocean Data Systems
Search vendor "Ocean Data Systems"
 Dream Report 2023
Search vendor "Ocean Data Systems" for product "Dream Report 2023"
 <= 23.0.17795.1010
Search vendor "Ocean Data Systems" for product "Dream Report 2023" and version " <= 23.0.17795.1010"
en
Affected
AVEVA
Search vendor "AVEVA"
 Reports For Operations
Search vendor "AVEVA" for product "Reports For Operations"
 23.0.17795.1010
Search vendor "AVEVA" for product "Reports For Operations" and version "23.0.17795.1010"
en
Affected