Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
XINJE XD/E Series PLC Program Tool DLL Hijacking
Vulnerability Description
A vulnerability exists in XINJE XD/E Series PLC Program Tool in versions up to v3.5.1 that can allow an authenticated, local attacker to load a malicious DLL. Local access is required to successfully exploit this vulnerability. This means the potential attacker must have access to the system and sufficient file-write privileges. If exploited, the attacker could place a malicious DLL file on the system, that when running XINJE XD/E Series PLC Program Tool will allow the attacker to execute arbitrary code with the privileges of another user's account.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
对搜索路径元素未加控制
Vulnerability Title
XINJE XD/E Series PLC Program Tool 代码问题漏洞
Vulnerability Description
XINJE XD/E Series PLC Program Tool是中国信捷(XINJE)公司的一种编程软件。 XINJE XD/E Series PLC Program Tool 3.5.1版本及之前版本存在安全漏洞。本地攻击者利用该漏洞可加载恶意 DLL。
CVSS Information
N/A
Vulnerability Type
N/A