CVE-2018-7813

Name of the Vulnerable Software and Affected Versions Eurotherm by Schneider Electric GUIcon version V2.0 (Gold Build 683.0)

Description A Type Confusion issue exists in the pcwin.dll library of the GUIcon software, which could allow remote code execution when parsing a GD1 file. This is related to a data type mismatch error. The exploitation of this issue may enable a remote attacker to execute arbitrary code during the parsing of a GD1 file.

Recommendations For Eurotherm by Schneider Electric GUIcon version V2.0 (Gold Build 683.0), consider restricting access to the pcwin.dll library or avoiding the parsing of GD1 files until a patch is available. As a temporary workaround, disabling the functionality related to GD1 file parsing may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.