CVE-2018-14812 — HIGH (7.8)

Vulnerability Description

An uncontrolled search path element (DLL Hijacking) vulnerability has been identified in Fuji Electric Energy Savings Estimator versions V.1.0.2.0 and prior. Exploitation of this vulnerability could give an attacker access to the system with the same level of privilege as the application that utilizes the malicious DLL.

CVSS Score

7.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Fujielectric	Energy Savings Estimator	1.0.2.0

Related Weaknesses (CWE)

CWE-427

References

http://www.securityfocus.com/bid/105543Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-282-07Third Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/105543Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-282-07Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2018-14812?

CVE-2018-14812 is a vulnerability with a CVSS score of 7.8 (HIGH). An uncontrolled search path element (DLL Hijacking) vulnerability has been identified in Fuji Electric Energy Savings Estimator versions V.1.0.2.0 and prior. Exploitation of this vulnerability could g...

How severe is CVE-2018-14812?

CVE-2018-14812 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-14812?

Check the references section above for vendor advisories and patch information. Affected products include: Fujielectric Energy Savings Estimator.