An Externally Controlled Reference to a Resource (CWE-610) vulnerability exists in Schneider Electric Modbus Serial Driver (For 64-bit Windows OS:V3.17 IE 37 and prior , For 32-bit Windows OS:V2.17 IE 27 and prior, and as part of the Driver Suite version:V14.12 and prior) which could allow write access to system files available only to users with SYSTEM privilege or other important user files.
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Modbus_serial_driver | Schneider-electric | * | 3.17 (including) |