Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Uncontrolled Search Path Element in PTC's Kepware KEPServerEX
Vulnerability Description
An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Alternatively, they could host a trojanized version of the software and trick victims into downloading and installing their malicious version to gain initial access and code execution.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
对搜索路径元素未加控制
Vulnerability Title
Kepware Kepserverex 安全漏洞
Vulnerability Description
Kepware Kepserverex是美国Kepware公司的一个可与多种工业设备进行通讯的应用软件。该软件支持150多个通讯协议,支持通过单个平台为企业提供可靠实时的数据。 Kepware KepServerEX 6.14.263.0 及之前版本存在安全漏洞,该漏洞源于KEPServerEX 的安装程序容易受到 DLL 搜索顺序劫持,这可能允许攻击者使用恶意 DLL 重新打包安装程序,并诱骗用户安装木马软件,导致以管理员权限执行代码。
CVSS Information
N/A
Vulnerability Type
N/A