Schneider Electric Software Update CVE-2018-7799 DLL Loading Local Code Execution Vulnerability

Bugtraq ID:	105951
Class:	Input Validation Error
CVE:	CVE-2018-7799
Remote:	No
Local:	Yes
Published:	Nov 01 2018 12:00AM
Updated:	Nov 01 2018 12:00AM
Credit:	The vendor reported this issue.
Vulnerable:	Schneider-Electric SESU 1.1 Schneider-Electric SESU 1.0
Not Vulnerable:	Schneider-Electric SESU 2.2

Schneider Electric Software Update CVE-2018-7799 DLL Loading Local Code Execution Vulnerability

Schneider Electric Software Update is prone to local arbitrary code-execution vulnerability because it fails to sanitize user-supplied input.

A remote attacker can leverage this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial of service condition.

Versions prior to Schneider Electric Software Update (SESU) 2.2.0 are vulnerable.

Schneider Electric Software Update CVE-2018-7799 DLL Loading Local Code Execution Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Schneider Electric Software Update CVE-2018-7799 DLL Loading Local Code Execution Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Schneider Electric Software Update CVE-2018-7799 DLL Loading Local Code Execution Vulnerability

References:

• Schneider Electric HomePage (Schneider Electric)
  
• ICSA-18-305-02: Schneider Electric Software Update (SESU) (Update A) (CERT)