{"api_version":"1","generated_at":"2026-07-09T18:44:37+00:00","cve":"CVE-2018-14812","urls":{"html":"https://cve.report/CVE-2018-14812","api":"https://cve.report/api/cve/CVE-2018-14812.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-14812","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-14812"},"summary":{"title":"CVE-2018-14812","description":"An uncontrolled search path element (DLL Hijacking) vulnerability has been identified in Fuji Electric Energy Savings Estimator versions V.1.0.2.0 and prior. Exploitation of this vulnerability could give an attacker access to the system with the same level of privilege as the application that utilizes the malicious DLL.","state":"PUBLIC","assigner":"ics-cert@hq.dhs.gov","published_at":"2018-10-24 21:29:00","updated_at":"2019-10-09 23:35:00"},"problem_types":["CWE-427"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/105543","name":"105543","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Fuji Electric Energy Savings Estimator CVE-2018-14812 DLL Loading Local Code Execution Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-18-282-07","name":"https://ics-cert.us-cert.gov/advisories/ICSA-18-282-07","refsource":"MISC","tags":["Third Party Advisory","US Government Resource"],"title":"Fuji Electric Energy Savings Estimator | CISA","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-14812","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14812","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"14812","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"fujielectric","cpe5":"energy_savings_estimator","cpe6":"1.0.2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"14812","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"fujielectric","cpe5":"energy_savings_estimator","cpe6":"1.0.2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2018-14812","qid":"590859","title":"Fuji Electric Energy Savings Estimator Vulnerability (ICSA-18-282-07)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"ics-cert@hq.dhs.gov","DATE_PUBLIC":"2018-10-09T00:00:00","ID":"CVE-2018-14812","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Energy Savings Estimator","version":{"version_data":[{"version_value":"Versions V.1.0.2.0 and prior"}]}}]},"vendor_name":"Fuji Electric"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An uncontrolled search path element (DLL Hijacking) vulnerability has been identified in Fuji Electric Energy Savings Estimator versions V.1.0.2.0 and prior. Exploitation of this vulnerability could give an attacker access to the system with the same level of privilege as the application that utilizes the malicious DLL."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"UNCONTROLLED SEARCH PATH ELEMENT CWE-427"}]}]},"references":{"reference_data":[{"name":"https://ics-cert.us-cert.gov/advisories/ICSA-18-282-07","refsource":"MISC","url":"https://ics-cert.us-cert.gov/advisories/ICSA-18-282-07"},{"name":"105543","refsource":"BID","url":"http://www.securityfocus.com/bid/105543"}]}},"nvd":{"publishedDate":"2018-10-24 21:29:00","lastModifiedDate":"2019-10-09 23:35:00","problem_types":["CWE-427"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:fujielectric:energy_savings_estimator:1.0.2.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"14812","Ordinal":"131545","Title":"CVE-2018-14812","CVE":"CVE-2018-14812","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"14812","Ordinal":"1","NoteData":"An uncontrolled search path element (DLL Hijacking) vulnerability has been identified in Fuji Electric Energy Savings Estimator versions V.1.0.2.0 and prior. Exploitation of this vulnerability could give an attacker access to the system with the same level of privilege as the application that utilizes the malicious DLL.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"14812","Ordinal":"2","NoteData":"2018-10-24","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"14812","Ordinal":"3","NoteData":"2018-10-25","Type":"Other","Title":"Modified"}]}}}