PT-2019-12111 · Rockwell Automation · Network Configurator For Devicenet Safety

N0B0Dy

Published

2019-06-12

Updated

2019-10-09

CVE-2019-10971

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Network Configurator for DeviceNet Safety versions 3.41 and prior

Description The application searches for resources by means of an untrusted search path, which could lead to the execution of a malicious .dll file not under the application's direct control and outside the intended directories.

Recommendations For versions 3.41 and prior, consider restricting access to external directories to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using untrusted search paths in the application.

Fix

Untrusted Search Path

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-426

Related Identifiers

CVE-2019-10971

Affected Products

Network Configurator For Devicenet Safety

PT-2019-12111 · Rockwell Automation · Network Configurator For Devicenet Safety

CVE-2019-10971

Weakness Enumeration

Related Identifiers

Affected Products

References · 3