CVE-2024-1595 HIGH

CVE-2024-1595: Delta Electronics CNCSoft-B DOPSoft Uncontrolled Search Path Element

Vendor Delta Electronics
Product CNCSoft-B v1.0.0.4 DOPSoft
Weakness CWE-427
Published February 29, 2024
Last update August 22, 2024

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Delta Electronics CNCSoft-B DOPSoft prior to v4.0.0.82 insecurely loads libraries, which may allow an attacker to use DLL hijacking and take over the system where the software is installed.

Key dates

02Disclosure timeline

February 29, 2024 CVE published
August 22, 2024 Record updated