CVE-2019-6822 - A Use After Free: CWE-416 vulnerability exists in Zelio Soft 2, V5.2 and earlier, which could cause

CVE-2019-6822

Summary

A Use After Free: CWE-416 vulnerability exists in Zelio Soft 2, V5.2 and earlier, which could cause remote code execution when opening a specially crafted Zelio Soft 2 project file.

References

Vulnerable Configurations

cpe:2.3:a:schneider-electric:zelio_soft_2:4.6:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:zelio_soft_2:4.6:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:zelio_soft_2:5.0:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:zelio_soft_2:5.0:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:zelio_soft_2:5.1:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:zelio_soft_2:5.1:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:zelio_soft_2:5.2:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:zelio_soft_2:5.2:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 14-10-2022 - 03:02)
Impact:
Exploitability:

CWE

CWE-416

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	109100
misc	https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-190-01 https://www.us-cert.gov/ics/advisories/icsa-19-190-03 https://www.zerodayinitiative.com/advisories/ZDI-19-658/

Last major update

14-10-2022 - 03:02

Published

15-07-2019 - 21:15

Last modified

14-10-2022 - 03:02