工控系统行业漏洞库平台
    ICS Vulnerability Database
漏洞参数

漏洞类型: 代码问题

危险级别: 高危

CVE编号: CVE-2018-13806

CNVD编号: CNVD-2020-02200

CNNVD编号: CNNVD-201809-574

发布时间: 2020-01-14

CVSS雷达图
CVSS评分: 9.3
受影响的平台和产品

td_keypad_designer *

漏洞描述

A vulnerability has been identified in SIEMENS TD Keypad Designer (All versions). A DLL hijacking vulnerability exists in all versions of SIEMENS TD Keypad Designer which could allow an attacker to execute code with the permission of the user running TD Designer. The attacker must have write access to the directory containing the TD project file in order to exploit the vulnerability. A legitimate user with higher privileges than the attacker must open the TD project in order for this vulnerability to be exploited. At the time of advisory publication no public exploitation of this security vulnerability was known.

安全建议&解决方案
  1. 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: https://cert-portal.siemens.com/productcert/pdf/ssa-198330.pdf
  • 联系我们
  • 如果您对我们感兴趣,请联系我们。
  • 北京威努特技术有限公司
    北京市海淀区上地三街9号嘉华大厦F座901室
    电话: 4000-680-620

    Copyright © 2017 Winicssec All Rights Reserved
    版权所有 京ICP备 14062383号-1