Software Update
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-7799 | Hig | 0.51 | 7.8 | 0.03 | Nov 2, 2018 | A DLL hijacking vulnerability exists in Schneider Electric Software Update (SESU), all versions prior to V2.2.0, which could allow an attacker to execute arbitrary code on the targeted system when placing a specific DLL file. | ||
| CVE-2019-6834 | Hig | 0.48 | 7.3 | 0.01 | Apr 13, 2022 | A CWE-502: Deserialization of Untrusted Data vulnerability exists which could allow an attacker to execute arbitrary code on the targeted system with SYSTEM privileges when placing a malicious user to be authenticated for this vulnerability to be successfully exploited. Affected… | ||
| CVE-2020-7520 | Med | 0.31 | 4.7 | 0.01 | Jul 23, 2020 | A CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability exists in Schneider Electric Software Update (SESU), V2.4.0 and prior, which could cause execution of malicious code on the victim's machine. In order to exploit this vulnerability, an attacker requires… | ||
| CVE-2021-22799 | Low | 0.25 | 3.8 | 0.00 | Jan 28, 2022 | A CWE-331: Insufficient Entropy vulnerability exists that could cause unintended connection from an internal network to an external network when an attacker manages to decrypt the SESU proxy password from the registry. Affected Product: Schneider Electric Software Update, V2.3.0… |
- risk 0.51cvss 7.8epss 0.03
A DLL hijacking vulnerability exists in Schneider Electric Software Update (SESU), all versions prior to V2.2.0, which could allow an attacker to execute arbitrary code on the targeted system when placing a specific DLL file.
- risk 0.48cvss 7.3epss 0.01
A CWE-502: Deserialization of Untrusted Data vulnerability exists which could allow an attacker to execute arbitrary code on the targeted system with SYSTEM privileges when placing a malicious user to be authenticated for this vulnerability to be successfully exploited. Affected…
- risk 0.31cvss 4.7epss 0.01
A CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability exists in Schneider Electric Software Update (SESU), V2.4.0 and prior, which could cause execution of malicious code on the victim's machine. In order to exploit this vulnerability, an attacker requires…
- risk 0.25cvss 3.8epss 0.00
A CWE-331: Insufficient Entropy vulnerability exists that could cause unintended connection from an internal network to an external network when an attacker manages to decrypt the SESU proxy password from the registry. Affected Product: Schneider Electric Software Update, V2.3.0…