CWE-428
Unquoted Search Path or Element
The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
CVE-2019-8459 (GCVE-0-2019-8459)
Vulnerability from cvelistv5 – Published: 2019-06-20 16:50 – Updated: 2024-08-04 21:17
VLAI
Summary
Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without using quotes in the path. This can cause loading of a previously placed executable with a name similar to the parts of the path, instead of the intended one.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://supportcenter.checkpoint.com/supportcente… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Check Point | Check Point Endpoint Security Client for Windows, VPN blade |
Affected:
before E80.83
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:31.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk124972#Resolved%20Issues"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Check Point Endpoint Security Client for Windows, VPN blade",
"vendor": "Check Point",
"versions": [
{
"status": "affected",
"version": "before E80.83"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without using quotes in the path. This can cause loading of a previously placed executable with a name similar to the parts of the path, instead of the intended one."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-20T16:50:58.000Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk124972#Resolved%20Issues"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"ID": "CVE-2019-8459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Check Point Endpoint Security Client for Windows, VPN blade",
"version": {
"version_data": [
{
"version_value": "before E80.83"
}
]
}
}
]
},
"vendor_name": "Check Point"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without using quotes in the path. This can cause loading of a previously placed executable with a name similar to the parts of the path, instead of the intended one."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-428"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk124972#Resolved%20Issues",
"refsource": "CONFIRM",
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk124972#Resolved%20Issues"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2019-8459",
"datePublished": "2019-06-20T16:50:58.000Z",
"dateReserved": "2019-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:17:31.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10051 (GCVE-0-2020-10051)
Vulnerability from cvelistv5 – Published: 2020-09-09 18:09 – Updated: 2024-08-04 10:50
VLAI
Summary
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). Multiple services of the affected application are executed with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to inject arbitrary commands that are execeuted instead of the legitimate service.
Severity
No CVSS data available.
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens AG | SIMATIC RTLS Locating Manager |
Affected:
All versions < V2.10.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-251935.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SIMATIC RTLS Locating Manager",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.10.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions \u003c V2.10.2). Multiple services of the affected application are executed with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to inject arbitrary commands that are execeuted instead of the legitimate service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428: Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-09T18:09:58.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-251935.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2020-10051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIMATIC RTLS Locating Manager",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V2.10.2"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions \u003c V2.10.2). Multiple services of the affected application are executed with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to inject arbitrary commands that are execeuted instead of the legitimate service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-428: Unquoted Search Path or Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-251935.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-251935.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2020-10051",
"datePublished": "2020-09-09T18:09:58.000Z",
"dateReserved": "2020-03-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:50:57.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14521 (GCVE-0-2020-14521)
Vulnerability from cvelistv5 – Published: 2022-02-11 17:40 – Updated: 2025-04-16 18:01
VLAI
Title
Mitsubishi Electric Factory Automation Engineering Products Unquoted Search Path or Element
Summary
Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition.
Severity
8.3 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | government-resource |
| https://www.mitsubishielectric.com/en/psirt/vulne… | vendor-advisory |
Impacted products
46 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mitsubishi Electric | C Controller Interface Module Utility |
Affected:
unspecified , ≤ Version 2.00
(custom)
|
|
| Mitsubishi Electric | CC-Link IE Control Network Data Collector |
Affected:
Version 1.00A
|
|
| Mitsubishi Electric | CC-Link IE Field Network Data Collector |
Affected:
Version 1.00A
|
|
| Mitsubishi Electric | CC-Link IE TSN Data Collector |
Affected:
Version 1.00A
|
|
| Mitsubishi Electric | CPU Module Logging Configuration Tool |
Affected:
unspecified , ≤ Version 1.100E
(custom)
|
|
| Mitsubishi Electric | CW Configurator |
Affected:
unspecified , ≤ Version 1.010L
(custom)
|
|
| Mitsubishi Electric | Data Transfer |
Affected:
unspecified , ≤ Version 3.42U
(custom)
|
|
| Mitsubishi Electric | EZSocket |
Affected:
unspecified , ≤ Version 5.1
(custom)
|
|
| Mitsubishi Electric | FR Configurator SW3 |
Affected:
All Versions
|
|
| Mitsubishi Electric | FR Configurator2 |
Affected:
unspecified , ≤ Version 1.26C
(custom)
|
|
| Mitsubishi Electric | GT Designer2 Classic |
Affected:
All Versions
|
|
| Mitsubishi Electric | GT Designer3 Version1 (GOT1000) |
Affected:
unspecified , ≤ Version 1.241B
(custom)
|
|
| Mitsubishi Electric | GT Designer3 Version1 (GOT2000) |
Affected:
unspecified , ≤ Version 1.241B
(custom)
|
|
| Mitsubishi Electric | GT SoftGOT1000 Version3 |
Affected:
unspecified , ≤ Version 3.200J
(custom)
|
|
| Mitsubishi Electric | GT SoftGOT2000 Version1 |
Affected:
unspecified , ≤ Version 1.241B
(custom)
|
|
| Mitsubishi Electric | GX Developer |
Affected:
unspecified , ≤ Version 8.504A
(custom)
|
|
| Mitsubishi Electric | GX LogViewer |
Affected:
unspecified , ≤ Version 1.100E
(custom)
|
|
| Mitsubishi Electric | GX Works2 |
Affected:
unspecified , ≤ Version 1.601B
(custom)
|
|
| Mitsubishi Electric | GX Works3 |
Affected:
unspecified , ≤ Version 1.063R
(custom)
|
|
| Mitsubishi Electric | M_CommDTM-IO-Link |
Affected:
unspecified , ≤ Version 1.03D
(custom)
|
|
| Mitsubishi Electric | MELFA-Works |
Affected:
unspecified , ≤ Version 4.4
(custom)
|
|
| Mitsubishi Electric | MELSEC WinCPU Setting Utility |
Affected:
All Versions
|
|
| Mitsubishi Electric | MELSOFT Complete Clean Up Tool |
Affected:
unspecified , ≤ Version 1.06G
(custom)
|
|
| Mitsubishi Electric | MELSOFT EM Software Development Kit |
Affected:
unspecified , ≤ Version 1.015R
(custom)
|
|
| Mitsubishi Electric | MELSOFT iQ AppPortal |
Affected:
unspecified , ≤ Version 1.17T
(custom)
|
|
| Mitsubishi Electric | MELSOFT Navigator |
Affected:
unspecified , ≤ Version 2.74C
(custom)
|
|
| Mitsubishi Electric | MI Configurator |
Affected:
unspecified , ≤ Version 1.004E
(custom)
|
|
| Mitsubishi Electric | Motion Control Setting |
Affected:
unspecified , ≤ Version 1.005F
(custom)
|
|
| Mitsubishi Electric | Motorizer |
Affected:
unspecified , ≤ Version 1.005F
(custom)
|
|
| Mitsubishi Electric | MR Configurator2 |
Affected:
unspecified , ≤ Version 1.125F
(custom)
|
|
| Mitsubishi Electric | MT Works2 |
Affected:
unspecified , ≤ Version 1.167Z
(custom)
|
|
| Mitsubishi Electric | MTConnect Data Collector |
Affected:
unspecified , ≤ Version 1.1.4.0
(custom)
|
|
| Mitsubishi Electric | MX Component |
Affected:
unspecified , ≤ Version 4.20W
(custom)
|
|
| Mitsubishi Electric | MX MESInterface |
Affected:
unspecified , ≤ Version 1.21X
(custom)
|
|
| Mitsubishi Electric | MX MESInterface-R |
Affected:
unspecified , ≤ Version 1.12N
(custom)
|
|
| Mitsubishi Electric | MX Sheet |
Affected:
unspecified , ≤ Version 2.15R
(custom)
|
|
| Mitsubishi Electric | Network Interface Board CC IE Control Utility |
Affected:
unspecified , ≤ Version 1.29F
(custom)
|
|
| Mitsubishi Electric | Network Interface Board CC IE Field Utility |
Affected:
unspecified , ≤ Versions 1.16S
(custom)
|
|
| Mitsubishi Electric | Network Interface Board CC-Link Ver.2 Utility |
Affected:
unspecified , ≤ Version 1.23Z
(custom)
|
|
| Mitsubishi Electric | Network Interface Board MNETH Utility |
Affected:
unspecified , ≤ Version 34L
(custom)
|
|
| Mitsubishi Electric | Position Board utility 2 |
Affected:
unspecified , ≤ Version 3.20
(custom)
|
|
| Mitsubishi Electric | PX Developer |
Affected:
unspecified , ≤ Version 1.53F
(custom)
|
|
| Mitsubishi Electric | RT ToolBox2 |
Affected:
unspecified , ≤ Version 3.73B
(custom)
|
|
| Mitsubishi Electric | RT ToolBox3 |
Affected:
unspecified , ≤ Version 1.82L
(custom)
|
|
| Mitsubishi Electric | Setting/Monitoring tools for the C Controller module |
Affected:
unspecified , ≤ SW3PVC-CCPU Version 3.13P
(custom)
Affected: unspecified , ≤ SW4PVC-CCPU Version 4.12N (custom) |
|
| Mitsubishi Electric | SLMP Data Collector |
Affected:
unspecified , ≤ Version 1.04E
(custom)
|
Date Public
2020-07-30 06:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-04"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-007_en.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-14521",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:31:29.570752Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T18:01:31.445Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "C Controller Interface Module Utility",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "Version 2.00",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC-Link IE Control Network Data Collector",
"vendor": "Mitsubishi Electric",
"versions": [
{
"status": "affected",
"version": "Version 1.00A"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC-Link IE Field Network Data Collector",
"vendor": "Mitsubishi Electric",
"versions": [
{
"status": "affected",
"version": "Version 1.00A"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC-Link IE TSN Data Collector",
"vendor": "Mitsubishi Electric",
"versions": [
{
"status": "affected",
"version": "Version 1.00A"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CPU Module Logging Configuration Tool",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "Version 1.100E",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CW Configurator",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "Version 1.010L",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Data Transfer",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "Version 3.42U",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EZSocket",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "Version 5.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FR Configurator SW3",
"vendor": "Mitsubishi Electric",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FR Configurator2",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "Version 1.26C",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GT Designer2 Classic",
"vendor": "Mitsubishi Electric",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GT Designer3 Version1 (GOT1000)",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "Version 1.241B",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GT Designer3 Version1 (GOT2000)",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "Version 1.241B",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GT SoftGOT1000 Version3",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "Version 3.200J",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GT SoftGOT2000 Version1",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "Version 1.241B",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GX Developer",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "Version 8.504A",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GX LogViewer",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "Version 1.100E",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GX Works2",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "Version 1.601B",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GX Works3",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "Version 1.063R",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "M_CommDTM-IO-Link",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "Version 1.03D",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELFA-Works",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "Version 4.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC WinCPU Setting Utility",
"vendor": "Mitsubishi Electric",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSOFT Complete Clean Up Tool",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "Version 1.06G",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSOFT EM Software Development Kit",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "Version 1.015R",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSOFT iQ AppPortal",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "Version 1.17T",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSOFT Navigator",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "Version 2.74C",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MI Configurator",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "Version 1.004E",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Motion Control Setting",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "Version 1.005F",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Motorizer",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "Version 1.005F",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MR Configurator2",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "Version 1.125F",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MT Works2",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "Version 1.167Z",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MTConnect Data Collector",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "Version 1.1.4.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MX Component",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "Version 4.20W",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MX MESInterface",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "Version 1.21X",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MX MESInterface-R",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "Version 1.12N",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MX Sheet",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "Version 2.15R",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Network Interface Board CC IE Control Utility",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "Version 1.29F",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Network Interface Board CC IE Field Utility",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "Versions 1.16S",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Network Interface Board CC-Link Ver.2 Utility",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "Version 1.23Z",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Network Interface Board MNETH Utility",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "Version 34L",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Position Board utility 2",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "Version 3.20",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PX Developer",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "Version 1.53F",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT ToolBox2",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "Version 3.73B",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT ToolBox3",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "Version 1.82L",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Setting/Monitoring tools for the C Controller module",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "SW3PVC-CCPU Version 3.13P",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "SW4PVC-CCPU Version 4.12N",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SLMP Data Collector",
"vendor": "Mitsubishi Electric",
"versions": [
{
"lessThanOrEqual": "Version 1.04E",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mashav Sapir of Claroty reported this vulnerability to CISA"
}
],
"datePublic": "2020-07-30T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition.\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-07T21:29:25.280Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-04"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-007_en.pdf"
}
],
"source": {
"advisory": "ICSA-20-212-04",
"discovery": "UNKNOWN"
},
"title": "Mitsubishi Electric Factory Automation Engineering Products Unquoted Search Path or Element",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2020-07-30T16:50:00.000Z",
"ID": "CVE-2020-14521",
"STATE": "PUBLIC",
"TITLE": "Mitsubishi Electric Factory Automation Engineering Products Unquoted Search Path or Element"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "C Controller Interface Module Utility",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Versions"
}
]
}
},
{
"product_name": "C Controller Module Setting and Monitoring Tool",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Versions"
}
]
}
},
{
"product_name": "CC-Link IE Control Network Data Collector",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Version 1.00A"
}
]
}
},
{
"product_name": "CC-Link IE Field Network Data Collector",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Version 1.00A"
}
]
}
},
{
"product_name": "CC-Link IE TSN Data Collector",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Version 1.00A"
}
]
}
},
{
"product_name": "CPU Module Logging Configuration Tool",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "Version 1.100E"
}
]
}
},
{
"product_name": "CW Configurator",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "Version 1.010L"
}
]
}
},
{
"product_name": "Data Transfer",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "Version 3.42U and prior"
}
]
}
},
{
"product_name": "EZSocket",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "Version 5.1"
}
]
}
},
{
"product_name": "FR Configurator SW3",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Versions"
}
]
}
},
{
"product_name": "FR Configurator2",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Versions"
}
]
}
},
{
"product_name": "GT Designer2 Classic",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Versions"
}
]
}
},
{
"product_name": "GT Designer3 Version1 (GOT1000)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "Version 1.241B"
}
]
}
},
{
"product_name": "GT Designer3 Version1 (GOT2000)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "Version 1.241B"
}
]
}
},
{
"product_name": "GT SoftGOT1000 Version3",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "Version 3.200J"
}
]
}
},
{
"product_name": "GT SoftGOT2000 Version1",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "Version 1.241B"
}
]
}
},
{
"product_name": "GX Developer",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "Version 8.504A"
}
]
}
},
{
"product_name": "GX LogViewer",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "Version 1.100E"
}
]
}
},
{
"product_name": "GX Works2",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "Version 1.601B"
}
]
}
},
{
"product_name": "GX Works3",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "Version 1.063R"
}
]
}
},
{
"product_name": "M_CommDTM-IO-Link",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Versions"
}
]
}
},
{
"product_name": "MELFA-Works",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "Version 4.4"
}
]
}
},
{
"product_name": "MELSEC WinCPU Setting Utility",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Versions"
}
]
}
},
{
"product_name": "MELSOFT Complete Clean Up Tool",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "Version 1.06G"
}
]
}
},
{
"product_name": "MELSOFT EM Software Development Kit",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Versions"
}
]
}
},
{
"product_name": "MELSOFT iQ AppPortal",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "Version 1.17T"
}
]
}
},
{
"product_name": "MELSOFT Navigator",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "Version 2.74C"
}
]
}
},
{
"product_name": "MI Configurator",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Versions"
}
]
}
},
{
"product_name": "Motion Control Setting",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "Version 1.005F"
}
]
}
},
{
"product_name": "Motorizer",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "Version 1.005F"
}
]
}
},
{
"product_name": "MR Configurator2",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "Version 1.125F"
}
]
}
},
{
"product_name": "MT Works2",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "Version 1.167Z"
}
]
}
},
{
"product_name": "MTConnect Data Collector",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "Version 1.1.4.0"
}
]
}
},
{
"product_name": "MX Component",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "Version 4.20W"
}
]
}
},
{
"product_name": "MX MESInterface",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "Version 1.21X"
}
]
}
},
{
"product_name": "MX MESInterface-R",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "Version 1.12N"
}
]
}
},
{
"product_name": "MX Sheet",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "Version 2.15R"
}
]
}
},
{
"product_name": "Network Interface Board CC IE Control Utility",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Versions"
}
]
}
},
{
"product_name": "Network Interface Board CC IE Field Utility",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Versions"
}
]
}
},
{
"product_name": "Network Interface Board CC-Link Ver.2 Utility",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Versions"
}
]
}
},
{
"product_name": "Network Interface Board MNETH Utility",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Versions"
}
]
}
},
{
"product_name": "Position Board utility 2",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Versions"
}
]
}
},
{
"product_name": "PX Developer",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "version 1.53F"
}
]
}
},
{
"product_name": "RT ToolBox2",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "Version 3.73B"
}
]
}
},
{
"product_name": "RT ToolBox3",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "Version 1.82L"
}
]
}
},
{
"product_name": "Setting/monitoring tools for the C Controller module",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Versions"
}
]
}
},
{
"product_name": "SLMP Data Collector",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "Version 1.04E"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Mashav Sapir of Claroty reported this vulnerability to CISA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-428 Unquoted Search Path or Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-04",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-04"
},
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-007_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-007_en.pdf"
}
]
},
"solution": [
{
"lang": "en"
}
],
"source": {
"advisory": "ICSA-20-212-04",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-14521",
"datePublished": "2022-02-11T17:40:28.403Z",
"dateReserved": "2020-06-19T00:00:00.000Z",
"dateUpdated": "2025-04-16T18:01:31.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15261 (GCVE-0-2020-15261)
Vulnerability from cvelistv5 – Published: 2020-10-19 21:30 – Updated: 2024-08-04 13:15
VLAI
Title
Unquoted service path vulnerability on Veyon
Summary
On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. Since Veyon users (both students and teachers) usually don't have administrative privileges, this vulnerability is only dangerous in anyway unsafe setups. The problem has been fixed in version 4.4.2. As a workaround, the exploitation of the vulnerability can be prevented by revoking administrative privileges from all potentially untrustworthy users.
Severity
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://github.com/veyon/veyon/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/veyon/veyon/issues/657 | x_refsource_MISC |
| https://github.com/veyon/veyon/commit/f231ec511b9… | x_refsource_MISC |
| http://packetstormsecurity.com/files/162873/Veyon… | x_refsource_MISC |
| https://www.exploit-db.com/exploits/49925 | x_refsource_MISC |
| https://www.exploit-db.com/exploits/48246 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:15:19.022Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/veyon/veyon/security/advisories/GHSA-c8cc-x786-hqqp"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/veyon/veyon/issues/657"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/veyon/veyon/commit/f231ec511b9a09f43f49b2c7bb7c60b8046276b1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162873/Veyon-4.4.1-Unquoted-Service-Path.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/49925"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/48246"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "veyon",
"vendor": "veyon",
"versions": [
{
"status": "affected",
"version": "\u003c 0.11.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. Since Veyon users (both students and teachers) usually don\u0027t have administrative privileges, this vulnerability is only dangerous in anyway unsafe setups. The problem has been fixed in version 4.4.2. As a workaround, the exploitation of the vulnerability can be prevented by revoking administrative privileges from all potentially untrustworthy users."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-18T11:03:40.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/veyon/veyon/security/advisories/GHSA-c8cc-x786-hqqp"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/veyon/veyon/issues/657"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/veyon/veyon/commit/f231ec511b9a09f43f49b2c7bb7c60b8046276b1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162873/Veyon-4.4.1-Unquoted-Service-Path.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/49925"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/48246"
}
],
"source": {
"advisory": "GHSA-c8cc-x786-hqqp",
"discovery": "UNKNOWN"
},
"title": "Unquoted service path vulnerability on Veyon",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15261",
"STATE": "PUBLIC",
"TITLE": "Unquoted service path vulnerability on Veyon"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "veyon",
"version": {
"version_data": [
{
"version_value": "\u003c 0.11.5"
}
]
}
}
]
},
"vendor_name": "veyon"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. Since Veyon users (both students and teachers) usually don\u0027t have administrative privileges, this vulnerability is only dangerous in anyway unsafe setups. The problem has been fixed in version 4.4.2. As a workaround, the exploitation of the vulnerability can be prevented by revoking administrative privileges from all potentially untrustworthy users."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-428 Unquoted Search Path or Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/veyon/veyon/security/advisories/GHSA-c8cc-x786-hqqp",
"refsource": "CONFIRM",
"url": "https://github.com/veyon/veyon/security/advisories/GHSA-c8cc-x786-hqqp"
},
{
"name": "https://github.com/veyon/veyon/issues/657",
"refsource": "MISC",
"url": "https://github.com/veyon/veyon/issues/657"
},
{
"name": "https://github.com/veyon/veyon/commit/f231ec511b9a09f43f49b2c7bb7c60b8046276b1",
"refsource": "MISC",
"url": "https://github.com/veyon/veyon/commit/f231ec511b9a09f43f49b2c7bb7c60b8046276b1"
},
{
"name": "http://packetstormsecurity.com/files/162873/Veyon-4.4.1-Unquoted-Service-Path.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162873/Veyon-4.4.1-Unquoted-Service-Path.html"
},
{
"name": "https://www.exploit-db.com/exploits/49925",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/49925"
},
{
"name": "https://www.exploit-db.com/exploits/48246",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/48246"
}
]
},
"source": {
"advisory": "GHSA-c8cc-x786-hqqp",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15261",
"datePublished": "2020-10-19T21:30:18.000Z",
"dateReserved": "2020-06-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:15:19.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1988 (GCVE-0-2020-1988)
Vulnerability from cvelistv5 – Published: 2020-04-08 18:41 – Updated: 2024-09-16 18:03
VLAI
Title
Global Protect Agent: Local privilege escalation due to an unquoted search path vulnerability
Summary
An unquoted search path vulnerability in the Windows release of Global Protect Agent allows an authenticated local user with file creation privileges on the root of the OS disk (C:\) or to Program Files directory to gain system privileges. This issue affects Palo Alto Networks GlobalProtect Agent 5.0 versions before 5.0.5; 4.1 versions before 4.1.13 on Windows;
Severity
4.2 (Medium)
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2020-1988 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Palo Alto Networks | Global Protect Agent |
Affected:
5.0 , < 5.0.5
(custom)
Affected: 4.1 , < 4.1.13 (custom) |
Date Public
2020-04-08 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:54:00.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2020-1988"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Global Protect Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "5.0.5",
"status": "unaffected"
}
],
"lessThan": "5.0.5",
"status": "affected",
"version": "5.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "4.1.13",
"status": "unaffected"
}
],
"lessThan": "4.1.13",
"status": "affected",
"version": "4.1",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "This issue only affects Windows systems where local users are configured with file creation privileges to the root of the OS disk (C:\\) or \u0027Program Files\u0027 directory."
}
],
"credits": [
{
"lang": "en",
"value": "Palo Alto Networks thanks Ratnesh Pandey of Bromium and Matthew Batten for discovering and reporting this issue."
}
],
"datePublic": "2020-04-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An unquoted search path vulnerability in the Windows release of Global Protect Agent allows an authenticated local user with file creation privileges on the root of the OS disk (C:\\) or to Program Files directory to gain system privileges. This issue affects Palo Alto Networks GlobalProtect Agent 5.0 versions before 5.0.5; 4.1 versions before 4.1.13 on Windows;"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-08T18:41:58.000Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2020-1988"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in Global Protect Agent 5.0.5, Global Protect Agent 4.1.13 and all later versions."
}
],
"source": {
"defect": [
"GPC-9320"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2020-04-08T00:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Global Protect Agent: Local privilege escalation due to an unquoted search path vulnerability",
"workarounds": [
{
"lang": "en",
"value": "Do not grant file creation privileges on the root of the OS disk (C:\\) or \u0027Program Files\u0027 directory to unprivileged users."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2020-04-08T16:00:00.000Z",
"ID": "CVE-2020-1988",
"STATE": "PUBLIC",
"TITLE": "Global Protect Agent: Local privilege escalation due to an unquoted search path vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Global Protect Agent",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "5.0",
"version_value": "5.0.5"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "4.1",
"version_value": "4.1.13"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "5.0",
"version_value": "5.0.5"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "4.1",
"version_value": "4.1.13"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "This issue only affects Windows systems where local users are configured with file creation privileges to the root of the OS disk (C:\\) or \u0027Program Files\u0027 directory."
}
],
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Ratnesh Pandey of Bromium and Matthew Batten for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unquoted search path vulnerability in the Windows release of Global Protect Agent allows an authenticated local user with file creation privileges on the root of the OS disk (C:\\) or to Program Files directory to gain system privileges. This issue affects Palo Alto Networks GlobalProtect Agent 5.0 versions before 5.0.5; 4.1 versions before 4.1.13 on Windows;"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-428 Unquoted Search Path or Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2020-1988",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-1988"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Global Protect Agent 5.0.5, Global Protect Agent 4.1.13 and all later versions."
}
],
"source": {
"defect": [
"GPC-9320"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2020-04-08T00:00:00.000Z",
"value": "Initial publication"
}
],
"work_around": [
{
"lang": "en",
"value": "Do not grant file creation privileges on the root of the OS disk (C:\\) or \u0027Program Files\u0027 directory to unprivileged users."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2020-1988",
"datePublished": "2020-04-08T18:41:58.415Z",
"dateReserved": "2019-12-04T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:03:55.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24682 (GCVE-0-2020-24682)
Vulnerability from cvelistv5 – Published: 2024-02-02 07:11 – Updated: 2025-06-17 21:29
VLAI
Title
Automation Studio and PVI Multiple unquoted service path vulnerabilities
Summary
Unquoted Search Path or Element vulnerability in B&R Industrial Automation Automation Studio, B&R Industrial Automation NET/PVI allows Target Programs with Elevated Privileges.This issue affects Automation Studio: from 4.0 through 4.6, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP; NET/PVI: from 4.0 through 4.6, from 4.7.0 before 4.7.7, from 4.8.0 before 4.8.6, from 4.9.0 before 4.9.4.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| B&R Industrial Automation | Automation Studio |
Affected:
4.0 , ≤ 4.6
(custom)
Affected: 4.7.0 , < 4.7.7 SP (custom) Affected: 4.8.0 , < 4.8.6 SP (custom) Affected: 4.9.0 , < 4.9.4 SP (custom) |
|
| B&R Industrial Automation | NET/PVI |
Affected:
4.0 , ≤ 4.6
(custom)
Affected: 4.7.0 , < 4.7.7 (custom) Affected: 4.8.0 , < 4.8.6 (custom) Affected: 4.9.0 , < 4.9.4 (custom) |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:09.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.br-automation.com/fileadmin/2021-14-BR-AS-NET-PVI-Service-Issues-c3710fbf.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-24682",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-02T14:19:51.368303Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:29:22.845Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Automation Studio",
"vendor": "B\u0026R Industrial Automation",
"versions": [
{
"lessThanOrEqual": "4.6",
"status": "affected",
"version": "4.0",
"versionType": "custom"
},
{
"lessThan": "4.7.7 SP",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
},
{
"lessThan": "4.8.6 SP",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
},
{
"lessThan": "4.9.4 SP",
"status": "affected",
"version": "4.9.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NET/PVI",
"vendor": "B\u0026R Industrial Automation",
"versions": [
{
"lessThanOrEqual": "4.6",
"status": "affected",
"version": "4.0",
"versionType": "custom"
},
{
"lessThan": "4.7.7",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
},
{
"lessThan": "4.8.6",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
},
{
"lessThan": "4.9.4",
"status": "affected",
"version": "4.9.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "B\u0026R would like to thank the following for working with us to help protect our customers: Mr. Andrew Hofmans"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unquoted Search Path or Element vulnerability in B\u0026amp;R Industrial Automation Automation Studio, B\u0026amp;R Industrial Automation NET/PVI allows Target Programs with Elevated Privileges.\u003cp\u003eThis issue affects Automation Studio: from 4.0 through 4.6, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP; NET/PVI: from 4.0 through 4.6, from 4.7.0 before 4.7.7, from 4.8.0 before 4.8.6, from 4.9.0 before 4.9.4.\u003c/p\u003e"
}
],
"value": "Unquoted Search Path or Element vulnerability in B\u0026R Industrial Automation Automation Studio, B\u0026R Industrial Automation NET/PVI allows Target Programs with Elevated Privileges.This issue affects Automation Studio: from 4.0 through 4.6, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP; NET/PVI: from 4.0 through 4.6, from 4.7.0 before 4.7.7, from 4.8.0 before 4.8.6, from 4.9.0 before 4.9.4.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-69",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-69 Target Programs with Elevated Privileges"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-02T11:30:17.773Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://www.br-automation.com/fileadmin/2021-14-BR-AS-NET-PVI-Service-Issues-c3710fbf.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Automation Studio and PVI Multiple unquoted service path vulnerabilities",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\nB\u0026amp;R has identified the following specific workarounds and mitigations.\nUsers of B\u0026amp;R Automation Studio and PVI may manually reconfigure the service paths and enclose them \nin quotes.\nAdditionally, it is recommended to limit access to the workstation running B\u0026amp;R Automation Studio and PVI \nto authorized users\n\n\n\n\u003cbr\u003e"
}
],
"value": "\n\n\nB\u0026R has identified the following specific workarounds and mitigations.\nUsers of B\u0026R Automation Studio and PVI may manually reconfigure the service paths and enclose them \nin quotes.\nAdditionally, it is recommended to limit access to the workstation running B\u0026R Automation Studio and PVI \nto authorized users\n\n\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2020-24682",
"datePublished": "2024-02-02T07:11:44.086Z",
"dateReserved": "2020-08-26T00:00:00.000Z",
"dateUpdated": "2025-06-17T21:29:22.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-28209 (GCVE-0-2020-28209)
Vulnerability from cvelistv5 – Published: 2020-11-19 21:15 – Updated: 2026-05-28 20:01
VLAI
Summary
A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStruxure Building Operation Enterprise Server installer V1.9 - V3.1 and Enterprise Central installer V2.0 - V3.1 that could cause any local Windows user who has write permission on at least one of the subfolders of the Connect Agent service binary path, being able to gain the privilege of the user who started the service. By default, the Enterprise Server and Enterprise Central is always installed at a location requiring Administrator privileges so the vulnerability is only valid if the application has been installed on a non-secure location.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-428 - Windows Unquoted Search Path
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.se.com/ww/en/download/document/SEVD-2… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | EcoStruxure Building Operation Enterprise Server installer V1.9 - V3.1 and Enterprise Central installer V2.0 - V3.1 |
Affected:
EcoStruxure Building Operation Enterprise Server installer V1.9 - V3.1 and Enterprise Central installer V2.0 - V3.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:33:58.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-315-04/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-28209",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T20:01:06.089831Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T20:01:54.233Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "EcoStruxure Building Operation Enterprise Server installer V1.9 - V3.1 and Enterprise Central installer V2.0 - V3.1",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EcoStruxure Building Operation Enterprise Server installer V1.9 - V3.1 and Enterprise Central installer V2.0 - V3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStruxure Building Operation Enterprise Server installer V1.9 - V3.1 and Enterprise Central installer V2.0 - V3.1 that could cause any local Windows user who has write permission on at least one of the subfolders of the Connect Agent service binary path, being able to gain the privilege of the user who started the service. By default, the Enterprise Server and Enterprise Central is always installed at a location requiring Administrator privileges so the vulnerability is only valid if the application has been installed on a non-secure location."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Windows Unquoted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-19T21:15:07.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-315-04/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-28209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EcoStruxure Building Operation Enterprise Server installer V1.9 - V3.1 and Enterprise Central installer V2.0 - V3.1",
"version": {
"version_data": [
{
"version_value": "EcoStruxure Building Operation Enterprise Server installer V1.9 - V3.1 and Enterprise Central installer V2.0 - V3.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStruxure Building Operation Enterprise Server installer V1.9 - V3.1 and Enterprise Central installer V2.0 - V3.1 that could cause any local Windows user who has write permission on at least one of the subfolders of the Connect Agent service binary path, being able to gain the privilege of the user who started the service. By default, the Enterprise Server and Enterprise Central is always installed at a location requiring Administrator privileges so the vulnerability is only valid if the application has been installed on a non-secure location."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-428 Windows Unquoted Search Path"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-315-04/",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-315-04/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-28209",
"datePublished": "2020-11-19T21:15:07.000Z",
"dateReserved": "2020-11-05T00:00:00.000Z",
"dateUpdated": "2026-05-28T20:01:54.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-35152 (GCVE-0-2020-35152)
Vulnerability from cvelistv5 – Published: 2021-02-02 23:35 – Updated: 2024-09-16 22:25
VLAI
Title
Privilege escalation through unquoted service binary path on Cloudflare WARP for Windows
Summary
Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running with non-administrative privileges can become an administrator by abusing the unquoted service path issue. Since version 1.2.2695.1, the vulnerability was fixed by adding quotes around the service's binary path. This issue affects Cloudflare WARP for Windows, versions prior to 1.2.2695.1.
Severity
4.5 (Medium)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/cloudflare/advisories/security… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cloudflare | Cloudflare WARP for Windows |
Affected:
unspecified , < 1.2.2695.1
(custom)
|
Date Public
2020-12-11 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:10.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-qc57-v5q8-f22h"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloudflare WARP for Windows",
"vendor": "Cloudflare",
"versions": [
{
"lessThan": "1.2.2695.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "James Tan"
}
],
"datePublic": "2020-12-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running with non-administrative privileges can become an administrator by abusing the unquoted service path issue. Since version 1.2.2695.1, the vulnerability was fixed by adding quotes around the service\u0027s binary path. This issue affects Cloudflare WARP for Windows, versions prior to 1.2.2695.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-02T23:35:31.000Z",
"orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
"shortName": "cloudflare"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-qc57-v5q8-f22h"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Privilege escalation through unquoted service binary path on Cloudflare WARP for Windows",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@cloudflare.com",
"DATE_PUBLIC": "2020-12-11T20:09:00.000Z",
"ID": "CVE-2020-35152",
"STATE": "PUBLIC",
"TITLE": "Privilege escalation through unquoted service binary path on Cloudflare WARP for Windows"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloudflare WARP for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.2695.1"
}
]
}
}
]
},
"vendor_name": "Cloudflare"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "James Tan"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running with non-administrative privileges can become an administrator by abusing the unquoted service path issue. Since version 1.2.2695.1, the vulnerability was fixed by adding quotes around the service\u0027s binary path. This issue affects Cloudflare WARP for Windows, versions prior to 1.2.2695.1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-428"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-qc57-v5q8-f22h"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
"assignerShortName": "cloudflare",
"cveId": "CVE-2020-35152",
"datePublished": "2021-02-02T23:35:31.270Z",
"dateReserved": "2020-12-11T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:25:07.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-36879 (GCVE-0-2020-36879)
Vulnerability from cvelistv5 – Published: 2025-12-05 17:18 – Updated: 2025-12-05 20:08
VLAI
Title
Flexsense DiskBoss Service Unquoted Service Path Vulnerability
Summary
Flexsense DiskBoss 11.7.28 allows unauthenticated attackers to elevate their privileges using any of its services, enabling remote code execution during startup or reboot with escalated privileges. Attackers can exploit the unquoted service path vulnerability by specifying a malicious service name in the 'sc qc' command, allowing them to execute arbitrary system commands.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/49022 | exploit |
| https://www.diskboss.com/ | product |
| https://www.diskboss.com/downloads.html | product |
| https://www.vulncheck.com/advisories/flexsense-di… | third-party-advisory |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Flexsense | DiskBoss |
Affected:
11.7.28
|
|
| Flexsense | DiskBoss Pro |
Affected:
11.7.28
|
|
| Flexsense | DiskBoss Ultimate |
Affected:
11.7.28
|
|
| Flexsense | DiskBoss Server |
Affected:
11.7.28
|
|
| Flexsense | DiskBoss Enterprise |
Affected:
11.7.28
|
Date Public
2020-08-20 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36879",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-05T20:08:41.218665Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T20:08:49.987Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DiskBoss",
"vendor": "Flexsense",
"versions": [
{
"status": "affected",
"version": "11.7.28"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DiskBoss Pro",
"vendor": "Flexsense",
"versions": [
{
"status": "affected",
"version": "11.7.28"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DiskBoss Ultimate",
"vendor": "Flexsense",
"versions": [
{
"status": "affected",
"version": "11.7.28"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DiskBoss Pro",
"vendor": "Flexsense",
"versions": [
{
"status": "affected",
"version": "11.7.28"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DiskBoss Ultimate",
"vendor": "Flexsense",
"versions": [
{
"status": "affected",
"version": "11.7.28"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DiskBoss Server",
"vendor": "Flexsense",
"versions": [
{
"status": "affected",
"version": "11.7.28"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DiskBoss Enterprise",
"vendor": "Flexsense",
"versions": [
{
"status": "affected",
"version": "11.7.28"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flexsense:diskboss:11.7.28:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flexense:diskboss:11.7.28:*:*:*:enterprise:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mohammed Alshehri, m507"
}
],
"datePublic": "2020-08-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eFlexsense DiskBoss 11.7.28 allows unauthenticated attackers to elevate their privileges using any of its services, enabling remote code execution during startup or reboot with escalated privileges. Attackers can exploit the unquoted service path vulnerability by specifying a malicious service name in the \u0027sc qc\u0027 command, allowing them to execute arbitrary system commands.\u003c/p\u003e"
}
],
"value": "Flexsense DiskBoss 11.7.28 allows unauthenticated attackers to elevate their privileges using any of its services, enabling remote code execution during startup or reboot with escalated privileges. Attackers can exploit the unquoted service path vulnerability by specifying a malicious service name in the \u0027sc qc\u0027 command, allowing them to execute arbitrary system commands."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T17:18:09.743Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Exploit Database Entry 49022",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49022"
},
{
"name": "DiskBoss Homepage",
"tags": [
"product"
],
"url": "https://www.diskboss.com/"
},
{
"name": "DiskBoss Software Link",
"tags": [
"product"
],
"url": "https://www.diskboss.com/downloads.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/flexsense-diskboss-service-unquoted-service-path-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Flexsense DiskBoss Service Unquoted Service Path Vulnerability",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-36879",
"datePublished": "2025-12-05T17:18:09.743Z",
"dateReserved": "2025-12-05T13:50:17.242Z",
"dateUpdated": "2025-12-05T20:08:49.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-36903 (GCVE-0-2020-36903)
Vulnerability from cvelistv5 – Published: 2025-12-31 18:39 – Updated: 2026-01-02 20:17
VLAI
Title
Selea CarPlateServer 4.0.1.6 Local Privilege Escalation via Unquoted Service Path
Summary
Selea CarPlateServer 4.0.1.6 contains an unquoted service path vulnerability in the Windows service configuration that allows local users to potentially execute code with elevated privileges. Attackers can exploit the service's unquoted binary path by inserting malicious code in the system root path that could execute with LocalSystem privileges during application startup or reboot.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/49453 | exploit |
| https://www.selea.com | product |
| https://www.zeroscience.mk/en/vulnerabilities/ZSL… | third-party-advisory |
| https://www.vulncheck.com/advisories/selea-carpla… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Selea | Selea CarPlateServer (CPS) |
Affected:
4.0.1.6
|
Date Public
2020-11-08 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36903",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-02T20:16:59.731068Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-02T20:17:18.554Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Selea CarPlateServer (CPS)",
"vendor": "Selea",
"versions": [
{
"status": "affected",
"version": "4.0.1.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"datePublic": "2020-11-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Selea CarPlateServer 4.0.1.6 contains an unquoted service path vulnerability in the Windows service configuration that allows local users to potentially execute code with elevated privileges. Attackers can exploit the service\u0027s unquoted binary path by inserting malicious code in the system root path that could execute with LocalSystem privileges during application startup or reboot."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-31T18:39:08.084Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-49453",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49453"
},
{
"name": "Vendor Homepage",
"tags": [
"product"
],
"url": "https://www.selea.com"
},
{
"name": "Zero Science Lab Disclosure (ZSL-2021-5621)",
"tags": [
"third-party-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5621.php"
},
{
"name": "VulnCheck Advisory: Selea CarPlateServer 4.0.1.6 Local Privilege Escalation via Unquoted Service Path",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/selea-carplateserver-local-privilege-escalation-via-unquoted-service-path"
}
],
"title": "Selea CarPlateServer 4.0.1.6 Local Privilege Escalation via Unquoted Service Path",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-36903",
"datePublished": "2025-12-31T18:39:08.084Z",
"dateReserved": "2025-12-23T13:21:10.768Z",
"dateUpdated": "2026-01-02T20:17:18.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phase: Implementation
Description:
- Properly quote the full search path before executing a program on the system.
Mitigation ID: MIT-5
Phase: Implementation
Strategy: Input Validation
Description:
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
Mitigation ID: MIT-20
Phase: Implementation
Strategy: Input Validation
Description:
- Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
No CAPEC attack patterns related to this CWE.