Siemens · Digsi 4 · CVE-2020-25245
Name of the Vulnerable Software and Affected Versions:
DIGSI 4 versions prior to V4.94 SP1 HF 1
Description:
A security issue has been found where several folders in the %PATH% are writable by normal users. Since these folders are included in the search for dlls, an attacker could potentially place malicious dlls there, which would be executed by SYSTEM.
Recommendations:
For versions prior to V4.94 SP1 HF 1, update to version V4.94 SP1 HF 1 or later to resolve the issue. As a temporary workaround, consider restricting write access to the folders included in the %PATH% to prevent malicious dll placement.