Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A deserialization vulnerability in a .NET framework class used and not properly checked by Flexi Soft Designer in all versions up to and including 1.9.4 SP1 allows an attacker to craft malicious project files. Opening/importing such a malicious project file would execute arbitrary code with the privileges of the current user when opened or imported by the Flexi Soft Designer. This compromises confidentiality integrity and availability. For the attack to succeed a user must manually open a malicious project file.
CVSS Information
N/A
Vulnerability Type
可信数据的反序列化
Vulnerability Title
SICK Flexi Soft Designer 代码问题漏洞
Vulnerability Description
SICK Flexi Soft Designer是德国西克(SICK)公司的一款配置工具。 SICK Flexi Soft Designer 1.9.4 SP1及以下版本存在安全漏洞,该漏洞源于使用的.NET框架类存在反序列化漏洞且未进行正确检查,这使得攻击者可以制作恶意项目文件打开/导入这样一个恶意的项目文件,当Flexi Soft Designer打开或导入时,将以当前用户的权限执行任意代码。这损害了保密性、完整性和可用性。为了攻击成功,用户必须手动打开一个恶意的项目文件。
CVSS Information
N/A
Vulnerability Type
N/A