CVE-2024-6618

Aug. 13, 2024, 5:15 p.m.

Tags

ics-cert@hq.dhs.gov
CWE-22
2024-08-13
CVE-2024-6618

Product(s) Impacted

Dream Report

Description

In Ocean Data Systems Dream Report, a path traversal vulnerability could allow an attacker to perform remote code execution through the injection of a malicious dynamic-link library (DLL).

Weaknesses

CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CWE ID: 22

Date

Published: Aug. 13, 2024, 5:15 p.m.

Last Modified: Aug. 13, 2024, 5:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

ics-cert@hq.dhs.gov

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-226-08
ics-cert@hq.dhs.gov