Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
AVEVA Edge products Uncontrolled Search Path Element
Vulnerability Description
The vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
对搜索路径元素未加控制
Vulnerability Title
AVEVA Edge 安全漏洞
Vulnerability Description
AVEVA Edge是英国剑维软件(AVEVA)公司的一款高度可扩展、灵活的 HMI/SCADA 软件。 AVEVA Edge 2020 R2 SP2及之前版本存在安全漏洞,该漏洞源于存在不受控制的搜索路径元素,攻击者利用该漏洞可以加载不安全的DLL来实现任意代码执行和权限升级。
CVSS Information
N/A
Vulnerability Type
N/A