Vulnerability Details CVE-2019-6822
A Use After Free: CWE-416 vulnerability exists in Zelio Soft 2, V5.2 and earlier, which could cause remote code execution when opening a specially crafted Zelio Soft 2 project file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.035
EPSS Ranking 87.0%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
References
- http://www.securityfocus.com/bid/109100
- https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-190-01
- https://www.us-cert.gov/ics/advisories/icsa-19-190-03
- https://www.zerodayinitiative.com/advisories/ZDI-19-658/
- http://www.securityfocus.com/bid/109100
- https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-190-01
- https://www.us-cert.gov/ics/advisories/icsa-19-190-03
- https://www.zerodayinitiative.com/advisories/ZDI-19-658/
Products affected by CVE-2019-6822
-
cpe:2.3:a:schneider-electric:zelio_soft_2:-
-
cpe:2.3:a:schneider-electric:zelio_soft_2:4.6
-
cpe:2.3:a:schneider-electric:zelio_soft_2:5.0
-
cpe:2.3:a:schneider-electric:zelio_soft_2:5.1
-
cpe:2.3:a:schneider-electric:zelio_soft_2:5.2