CWE-428
AllowedUnquoted Search Path or Element
Abstraction: Base · Status: Draft
The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
761 vulnerabilities reference this CWE, most recent first.
CVE-2024-8996 (GCVE-0-2024-8996)
Vulnerability from cvelistv5 – Published: 2024-09-25 16:45 – Updated: 2024-09-26 16:23- CWE-428 - Unquoted Search Path or Element
| Vendor | Product | Version | |
|---|---|---|---|
| Grafana | Agent Flow |
Affected:
0 , < 0.43.2
(semver)
|
|
| grafana | agent_flow_windows |
Affected:
0 , < 0.43.2
(semver)
cpe:2.3:a:grafana:agent_flow_windows:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:grafana:agent_flow_windows:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "agent_flow_windows",
"vendor": "grafana",
"versions": [
{
"lessThan": "0.43.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8996",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T17:38:51.304585Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T17:39:36.592Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Agent Flow",
"vendor": "Grafana",
"versions": [
{
"lessThan": "0.43.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-09-25T13:40:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unquoted Search Path or Element vulnerability in Grafana Agent (Flow mode) on Windows allows Privilege Escalation from Local User to SYSTEM\u003cbr\u003e\u003cp\u003eThis issue affects Agent Flow: before 0.43.2\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Unquoted Search Path or Element vulnerability in Grafana Agent (Flow mode) on Windows allows Privilege Escalation from Local User to SYSTEM\nThis issue affects Agent Flow: before 0.43.2"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T16:23:09.485Z",
"orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
"shortName": "GRAFANA"
},
"references": [
{
"url": "https://grafana.com/security/security-advisories/cve-2024-8996/"
},
{
"url": "https://grafana.com/blog/2024/09/25/grafana-alloy-and-grafana-agent-flow-security-release-high-severity-fix-for-cve-2024-8975-and-cve-2024-8996/"
},
{
"url": "https://github.com/grafana/agent/releases/tag/v0.43.3"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Uninstall Agent Flow, and then perform a clean install with version either 0.43.3 or a higher version\u003cbr\u003e"
}
],
"value": "Uninstall Agent Flow, and then perform a clean install with version either 0.43.3 or a higher version"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Grafana Agent Flow on Windows Unquoted service path",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Edit the registry to manually\u003cspan style=\"background-color: transparent;\"\u003e\u003cspan style=\"background-color: transparent;\"\u003e add the double quotes manually to `Computer\\HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Grafana Agent Flow`\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Edit the registry to manually add the double quotes manually to `Computer\\HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Grafana Agent Flow`"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
"assignerShortName": "GRAFANA",
"cveId": "CVE-2024-8996",
"datePublished": "2024-09-25T16:45:15.417Z",
"dateReserved": "2024-09-19T09:56:52.437Z",
"dateUpdated": "2024-09-26T16:23:09.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8975 (GCVE-0-2024-8975)
Vulnerability from cvelistv5 – Published: 2024-09-25 16:42 – Updated: 2024-09-26 16:22- CWE-428 - Unquoted Search Path or Element
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:grafana:alloy:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "alloy",
"vendor": "grafana",
"versions": [
{
"lessThan": "1.3.3",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.4.0-rc.1",
"status": "affected",
"version": "1.4.0-rc.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8975",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T17:41:05.326706Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T17:43:08.082Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Alloy",
"vendor": "Grafana",
"versions": [
{
"lessThan": "1.3.3",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.4.0-rc.1",
"status": "affected",
"version": "1.4.0-rc.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-09-25T13:40:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unquoted Search Path or Element vulnerability in Grafana Alloy on Windows allows Privilege Escalation from Local User to SYSTEM\u003cbr\u003e\u003cp\u003eThis issue affects Alloy: before 1.3.3, from 1.4.0-rc.0 through 1.4.0-rc.1.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Unquoted Search Path or Element vulnerability in Grafana Alloy on Windows allows Privilege Escalation from Local User to SYSTEM\nThis issue affects Alloy: before 1.3.3, from 1.4.0-rc.0 through 1.4.0-rc.1."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T16:22:26.037Z",
"orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
"shortName": "GRAFANA"
},
"references": [
{
"url": "https://grafana.com/security/security-advisories/cve-2024-8975/"
},
{
"url": "https://grafana.com/blog/2024/09/25/grafana-alloy-and-grafana-agent-flow-security-release-high-severity-fix-for-cve-2024-8975-and-cve-2024-8996/"
},
{
"url": "https://github.com/grafana/alloy/releases/tag/v1.4.1"
},
{
"url": "https://github.com/grafana/alloy/releases/tag/v1.3.4"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Uninstall Alloy, and then perform a clean install with version either 1.3.4 or 1.4.1 or a higher version\u003cbr\u003e"
}
],
"value": "Uninstall Alloy, and then perform a clean install with version either 1.3.4 or 1.4.1 or a higher version"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Grafana Alloy on Windows Unquoted service path",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Edit the registry to manually \u003cspan style=\"background-color: transparent;\"\u003eadd the double quotes manually to `Computer\\HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Alloy\\ImagePath`\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Edit the registry to manually add the double quotes manually to `Computer\\HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Alloy\\ImagePath`"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
"assignerShortName": "GRAFANA",
"cveId": "CVE-2024-8975",
"datePublished": "2024-09-25T16:42:09.998Z",
"dateReserved": "2024-09-18T14:51:37.565Z",
"dateUpdated": "2024-09-26T16:22:26.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6080 (GCVE-0-2024-6080)
Vulnerability from cvelistv5 – Published: 2024-06-17 23:00 – Updated: 2024-11-04 19:13| URL | Tags |
|---|---|
| https://vuldb.com/?id.268822 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.268822 | signaturepermissions-required |
| https://vuldb.com/?submit.353502 | third-party-advisory |
| https://backend.intelbras.com/sites/default/files… | related |
| https://download.cronos.intelbras.com.br/download… | patch |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intelbras:incontrol:2.21.56:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "incontrol",
"vendor": "intelbras",
"versions": [
{
"status": "affected",
"version": "2.21.56"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6080",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T17:14:02.847171Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T15:53:52.800Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-268822 | Intelbras InControl unquoted search path",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.268822"
},
{
"name": "VDB-268822 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.268822"
},
{
"name": "Submit #353502 | Intelbras InControl 2.21.56 Unquoted Service Path via \"incontrolWebcam\" Service",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.353502"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"incontrolWebcam Service"
],
"product": "InControl",
"vendor": "Intelbras",
"versions": [
{
"status": "affected",
"version": "2.21.56"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Stux (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Intelbras InControl 2.21.56. This vulnerability affects unknown code of the component incontrolWebcam Service. The manipulation leads to unquoted search path. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 2.21.58 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early about this disclosure and plans to provide a solution within the next few weeks."
},
{
"lang": "de",
"value": "In Intelbras InControl 2.21.56 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Komponente incontrolWebcam Service. Durch Manipulation mit unbekannten Daten kann eine unquoted search path-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 2.21.58 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.8,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "Unquoted Search Path",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T19:13:12.474Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-268822 | Intelbras InControl incontrolWebcam Service unquoted search path",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.268822"
},
{
"name": "VDB-268822 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.268822"
},
{
"name": "Submit #353502 | Intelbras InControl 2.21.56 Unquoted Service Path via \"incontrolWebcam\" Service",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.353502"
},
{
"tags": [
"related"
],
"url": "https://backend.intelbras.com/sites/default/files/2024-10/Aviso%20de%20Seguran%C3%A7a%20-%20Incontrol%202.21.56%20e%202.21.57.pdf"
},
{
"tags": [
"patch"
],
"url": "https://download.cronos.intelbras.com.br/download/INCONTROL/INCONTROL-WEB/prod/INCONTROL-WEB-2.21.58-233dfd1ac1e2ca3eabb71c854005c78b.exe"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-06-17T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-11-04T20:17:38.000Z",
"value": "VulDB entry last update"
}
],
"title": "Intelbras InControl incontrolWebcam Service unquoted search path"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-6080",
"datePublished": "2024-06-17T23:00:05.125Z",
"dateReserved": "2024-06-17T16:52:16.498Z",
"dateUpdated": "2024-11-04T19:13:12.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5963 (GCVE-0-2024-5963)
Vulnerability from cvelistv5 – Published: 2024-08-06 02:19 – Updated: 2024-08-08 15:31- CWE-428 - Unquoted Search Path or Element
| URL | Tags |
|---|---|
| https://www.hitachi.com/products/it/software/secu… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | Hitachi Device Manager |
Affected:
0 , < 8.8.7-00
(custom)
|
|
| hitachi | device_manager |
Affected:
0 , < 8.8.7-00
(custom)
cpe:2.3:a:hitachi:device_manager:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hitachi:device_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "device_manager",
"vendor": "hitachi",
"versions": [
{
"lessThan": "8.8.7-00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5963",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T15:13:22.689547Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T15:31:12.012Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Device Manager Server"
],
"platforms": [
"Windows"
],
"product": "Hitachi Device Manager",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "8.8.7-00",
"status": "unaffected"
}
],
"lessThan": "8.8.7-00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unquoted Executable Path vulnerability in Hitachi Device Manager on Windows (Device Manager Server component).\u003cp\u003eThis issue affects Hitachi Device Manager: before 8.8.7-00.\u003c/p\u003e"
}
],
"value": "Unquoted Executable Path vulnerability in Hitachi Device Manager on Windows (Device Manager Server component).This issue affects Hitachi Device Manager: before 8.8.7-00."
}
],
"impacts": [
{
"capecId": "CAPEC-551",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-551 Modify Existing Service"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T02:19:41.244Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-135/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2024-135",
"discovery": "UNKNOWN"
},
"title": "An unquoted executable path exists in Hitachi Device Manager",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2024-5963",
"datePublished": "2024-08-06T02:19:41.244Z",
"dateReserved": "2024-06-13T11:23:28.925Z",
"dateUpdated": "2024-08-08T15:31:12.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5402 (GCVE-0-2024-5402)
Vulnerability from cvelistv5 – Published: 2024-07-15 11:57 – Updated: 2024-08-01 21:11- CWE-428 - Unquoted Search Path or Element
| Vendor | Product | Version | |
|---|---|---|---|
| ABB | Mint Workbench I |
Affected:
5866 , < 5868
(custom)
|
|
| abb | mint_workbench |
Affected:
5866 , < 5868
(custom)
cpe:2.3:a:abb:mint_workbench:5866:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:abb:mint_workbench:5866:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mint_workbench",
"vendor": "abb",
"versions": [
{
"lessThan": "5868",
"status": "affected",
"version": "5866",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5402",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-15T13:08:32.219434Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T13:10:14.877Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:11:12.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7912\u0026LanguageCode=en\u0026DocumentPartId=1\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Mint Workbench I",
"vendor": "ABB",
"versions": [
{
"lessThan": "5868",
"status": "affected",
"version": "5866",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ABB thanks Yoav Yehudai of Novartis for working with ABB in effort to protect our customers."
}
],
"datePublic": "2024-07-15T04:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unquoted Search Path or Element vulnerability in ABB Mint Workbench.\u003cbr\u003e\u003cbr\u003e\n\nA local attacker who successfully exploited this vulnerability could gain elevated privileges by inserting an executable file in the path of the affected service.\n\n\n\u003cp\u003eThis issue affects Mint Workbench I versions: from 5866 before 5868.\u003c/p\u003e"
}
],
"value": "Unquoted Search Path or Element vulnerability in ABB Mint Workbench.\n\n\n\nA local attacker who successfully exploited this vulnerability could gain elevated privileges by inserting an executable file in the path of the affected service.\n\n\nThis issue affects Mint Workbench I versions: from 5866 before 5868."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:L/SI:H/SA:H/S:N/AU:Y/R:U/V:C/RE:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T11:57:44.261Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7912\u0026LanguageCode=en\u0026DocumentPartId=1\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Mint Workbench I Unquoted Service Path Enumeration",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2024-5402",
"datePublished": "2024-07-15T11:57:44.261Z",
"dateReserved": "2024-05-27T06:28:25.877Z",
"dateUpdated": "2024-08-01T21:11:12.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4461 (GCVE-0-2024-4461)
Vulnerability from cvelistv5 – Published: 2024-05-03 10:52 – Updated: 2024-08-01 20:40- CWE-428 - Unquoted Search Path or Element
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sugarsync:sugarsync:4.1.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sugarsync",
"vendor": "sugarsync",
"versions": [
{
"lessThan": "4.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4461",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-16T19:14:42.688465Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T19:49:54.155Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:40:47.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/unquoted-path-or-search-item-vulnerability-sugarsync"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SugarSync",
"vendor": "SugarSync",
"versions": [
{
"lessThan": "4.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jorge Manuel Lozano G\u00f3mez"
}
],
"datePublic": "2024-05-03T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unquoted path or search item vulnerability in SugarSync versions prior to 4.1.3 for Windows. This misconfiguration could allow an unauthorized local user to inject arbitrary code into the unquoted service path, resulting in privilege escalation."
}
],
"value": "Unquoted path or search item vulnerability in SugarSync versions prior to 4.1.3 for Windows. This misconfiguration could allow an unauthorized local user to inject arbitrary code into the unquoted service path, resulting in privilege escalation."
}
],
"impacts": [
{
"capecId": "CAPEC-38",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-38 Leveraging/Manipulating Configuration File Search Paths"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T10:52:25.899Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/unquoted-path-or-search-item-vulnerability-sugarsync"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no reported solution at this time."
}
],
"value": "There is no reported solution at this time."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Unquoted path or search item vulnerability in SugarSync",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2024-4461",
"datePublished": "2024-05-03T10:52:25.899Z",
"dateReserved": "2024-05-03T07:06:22.294Z",
"dateUpdated": "2024-08-01T20:40:47.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4031 (GCVE-0-2024-4031)
Vulnerability from cvelistv5 – Published: 2024-04-23 06:29 – Updated: 2024-08-01 20:26- CWE-428 - Unquoted Search Path or Element
| Vendor | Product | Version | |
|---|---|---|---|
| Logitech | MEVO WEBCAM APP |
Affected:
0 , < 0.8.0
(custom)
|
|
| logitech | mevo_webcam_app |
Affected:
-
cpe:2.3:a:logitech:mevo_webcam_app:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:logitech:mevo_webcam_app:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mevo_webcam_app",
"vendor": "logitech",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4031",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-23T13:56:22.229567Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:55:35.778Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:26:57.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cwe.mitre.org/data/definitions/428.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "MEVO WEBCAM APP",
"vendor": "Logitech",
"versions": [
{
"lessThan": "0.8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Arun George Jose, Alaa Kachouh"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unquoted Search Path or Element vulnerability in Logitech MEVO WEBCAM APP on Windows allows Local Execution of Code."
}
],
"value": "Unquoted Search Path or Element vulnerability in Logitech MEVO WEBCAM APP on Windows allows Local Execution of Code."
}
],
"impacts": [
{
"capecId": "CAPEC-549",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-549 Local Execution of Code"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-23T08:37:56.500Z",
"orgId": "b573e801-1dd3-4adf-bd73-c9b814fbe067",
"shortName": "Logitech"
},
"references": [
{
"url": "https://cwe.mitre.org/data/definitions/428.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "MEVO WEBCAM APP Windows Unquoted Service Path Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b573e801-1dd3-4adf-bd73-c9b814fbe067",
"assignerShortName": "Logitech",
"cveId": "CVE-2024-4031",
"datePublished": "2024-04-23T06:29:58.858Z",
"dateReserved": "2024-04-22T15:40:56.836Z",
"dateUpdated": "2024-08-01T20:26:57.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3640 (GCVE-0-2024-3640)
Vulnerability from cvelistv5 – Published: 2024-05-16 15:25 – Updated: 2024-08-01 20:20- CWE-428 - Unquoted Search Path or Element
| Vendor | Product | Version | |
|---|---|---|---|
| Rockwell Automation | FactoryTalk® Remote Access™ |
Affected:
v13.5.0.174
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3640",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-16T17:57:33.825467Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:31:28.680Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:20:00.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD1671.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FactoryTalk\u00ae Remote Access\u2122",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "v13.5.0.174"
}
]
}
],
"datePublic": "2024-05-16T15:14:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn unquoted executable path exists in the Rockwell Automation\u0026nbsp;FactoryTalk\u00ae Remote Access\u2122 possibly resulting in remote code execution if exploited. While running the FTRA installer package, the executable path is not properly quoted, which could allow a threat actor to enter a malicious executable and run it as a System user. A threat actor needs admin privileges to exploit this vulnerability. \u003c/span\u003e\n\n"
}
],
"value": "An unquoted executable path exists in the Rockwell Automation\u00a0FactoryTalk\u00ae Remote Access\u2122 possibly resulting in remote code execution if exploited. While running the FTRA installer package, the executable path is not properly quoted, which could allow a threat actor to enter a malicious executable and run it as a System user. A threat actor needs admin privileges to exploit this vulnerability."
}
],
"impacts": [
{
"capecId": "CAPEC-38",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-38 Leveraging/Manipulating Configuration File Search Paths"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T15:25:28.558Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD1671.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cul\u003e\u003cli\u003eCorrected in v13.6.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "* Corrected in v13.6."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eUsers using the affected software and who are not able to upgrade to one of the corrected versions are encouraged to apply security best practices below, where possible. \u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003eSecurity Best Practices\u003c/a\u003e\u0026nbsp;\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Users using the affected software and who are not able to upgrade to one of the corrected versions are encouraged to apply security best practices below, where possible. \n\n * Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Rockwell Automation FactoryTalk\u00ae Remote Access\u2122 has Unquoted Executables",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2024-3640",
"datePublished": "2024-05-16T15:25:28.558Z",
"dateReserved": "2024-04-10T20:45:50.623Z",
"dateUpdated": "2024-08-01T20:20:00.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2747 (GCVE-0-2024-2747)
Vulnerability from cvelistv5 – Published: 2024-06-12 17:12 – Updated: 2024-08-19 17:40- CWE-428 - Unquoted Search Path or Element
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | Easergy Studio |
Affected:
v9.3.3 and prior
|
|
| schneider-electric | easergy_studio |
Affected:
0 , ≤ 9.3.3
(custom)
cpe:2.3:a:schneider-electric:easergy_studio:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:25:41.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-100-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-100-01.pdf"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:schneider-electric:easergy_studio:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "easergy_studio",
"vendor": "schneider-electric",
"versions": [
{
"lessThanOrEqual": "9.3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2747",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T17:39:11.706286Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T17:40:23.892Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Easergy Studio",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "v9.3.3 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nCWE-428: Unquoted search path or element vulnerability exists in Easergy Studio, which could\ncause privilege escalation when a valid user replaces a trusted file name on the system and\nreboots the machine.\n\n"
}
],
"value": "CWE-428: Unquoted search path or element vulnerability exists in Easergy Studio, which could\ncause privilege escalation when a valid user replaces a trusted file name on the system and\nreboots the machine."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T17:12:20.482Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-100-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-100-01.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2024-2747",
"datePublished": "2024-06-12T17:12:20.482Z",
"dateReserved": "2024-03-20T16:57:16.005Z",
"dateUpdated": "2024-08-19T17:40:23.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1618 (GCVE-0-2024-1618)
Vulnerability from cvelistv5 – Published: 2024-03-12 15:04 – Updated: 2024-08-01 19:33- CWE-428 - Unquoted Search Path or Element
| Vendor | Product | Version | |
|---|---|---|---|
| Faronics | Deep Freeze Server Standard |
Affected:
0 , ≤ 8.30.020.4627
(custom)
|
|
| faronics | deep_freeze |
Affected:
0 , ≤ 8.30.020.4627
(custom)
cpe:2.3:a:faronics:deep_freeze:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:48:21.756Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/unquoted-item-or-search-path-vulnerability-faronics-deep-freeze-server"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:faronics:deep_freeze:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "deep_freeze",
"vendor": "faronics",
"versions": [
{
"lessThanOrEqual": "8.30.020.4627",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1618",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T19:31:53.480256Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T19:33:49.763Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Deep Freeze Server Standard",
"vendor": "Faronics",
"versions": [
{
"lessThanOrEqual": "8.30.020.4627",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rafael Pedrero"
}
],
"datePublic": "2024-02-19T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A search path or unquoted item vulnerability in Faronics Deep Freeze Server Standard, which affects versions 8.30.020.4627 and earlier. This vulnerability affects the DFServ.exe file.\u0026nbsp;An attacker with local user privileges could exploit this vulnerability to replace the legitimate DFServ.exe service executable with a malicious file of the same name and located in a directory that has a higher priority than the legitimate directory.\u0026nbsp;Thus, when the service starts, it will run the malicious file instead of the legitimate executable, allowing the attacker to execute arbitrary code, gain unauthorized access to the compromised system or stop the service from running."
}
],
"value": "A search path or unquoted item vulnerability in Faronics Deep Freeze Server Standard, which affects versions 8.30.020.4627 and earlier. This vulnerability affects the DFServ.exe file.\u00a0An attacker with local user privileges could exploit this vulnerability to replace the legitimate DFServ.exe service executable with a malicious file of the same name and located in a directory that has a higher priority than the legitimate directory.\u00a0Thus, when the service starts, it will run the malicious file instead of the legitimate executable, allowing the attacker to execute arbitrary code, gain unauthorized access to the compromised system or stop the service from running."
}
],
"impacts": [
{
"capecId": "CAPEC-38",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-38 Leveraging/Manipulating Configuration File Search Paths"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-12T15:04:05.067Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/unquoted-item-or-search-path-vulnerability-faronics-deep-freeze-server"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been resolved by the Faronics team in version 8.31."
}
],
"value": "The vulnerability has been resolved by the Faronics team in version 8.31."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unquoted item or search path vulnerability in Faronics Deep Freeze Server Standard",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2024-1618",
"datePublished": "2024-03-12T15:04:05.067Z",
"dateReserved": "2024-02-19T08:12:53.181Z",
"dateUpdated": "2024-08-01T19:33:49.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Properly quote the full search path before executing a program on the system.
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
Mitigation MIT-20
Strategy: Input Validation
Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
No CAPEC attack patterns related to this CWE.