Somove
Vulnerabilities
5
Known exploited
0
Max CVSS
9.3
Top EPSS
0.22124
Severity breakdown
Critical
1
High
3
Medium
1
Low
0
Affected version ranges
< 2.6.2≤ 1.7≤ 2.8.1
Also matched as (raw): atv61_dtm,unity_pro,atv71_dtm,atv320_dtm,atv_lift_dtm,somachine,somove,somove_lite,atv900_dtm,atv312_dtm,atv32_dtm,atv340_dtm
Top vulnerabilities
CVE-2013-0662Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header.
CVE-2020-7527Incorrect Default Permission vulnerability exists in SoMove (V2.8.1) and prior which could cause elevation of privilege and provide full access control to local system users to SoMove component and services when a SoMove installer script is launched.
CVE-2018-7239A DLL hijacking vulnerability exists in Schneider Electric's SoMove Software and associated DTM software components in all versions prior to 2.6.2 which could allow an attacker to execute arbitrary code.
CVE-2014-9200Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library 1.0.0 and earlier, EM X80 Gateway DTM (MB TCP/SL), Advantys DTM for OTB, Advantys DTM for STB, KINOS DTM, SOLO DTM, and Xantrex DTMs allows remote attackers to execute arbitrary code via unspecified vectors.
BDU:2020-04011Уязвимость программного обеспечения для конфигурирования устройств и мониторинг показателей SoMove связана с ошибками использования стандартных разрешений. Эксплуатация уязвимости может позволить нарушителю нарушителю повысить свои привилегии