Vulnerabilities > Schneider Electric > Software Update Utility > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-11-02 | CVE-2018-7799 | Uncontrolled Search Path Element vulnerability in Schneider-Electric Software Update Utility 1.0/1.0.13/1.1 A DLL hijacking vulnerability exists in Schneider Electric Software Update (SESU), all versions prior to V2.2.0, which could allow an attacker to execute arbitrary code on the targeted system when placing a specific DLL file. | 9.3 |
2013-01-21 | CVE-2013-0655 | Improper Input Validation vulnerability in Schneider-Electric Software Update Utility 1.0/1.0.13/1.1 The client in Schneider Electric Software Update (SESU) Utility 1.0.x and 1.1.x does not ensure that updates have a valid origin, which allows man-in-the-middle attackers to spoof updates, and consequently execute arbitrary code, by modifying the data stream on TCP port 80. | 9.3 |