CVE-2020-25245

Summary

A vulnerability has been identified in DIGSI 4 (All versions < V4.94 SP1 HF 1). Several folders in the %PATH% are writeable by normal users. As these folders are included in the search for dlls, an attacker could place dlls there with code executed by SYSTEM.

Affected Software

VendorProductVersion RangeStatus
SiemensDIGSI 4All versions < V4.94 SP1 HF 1affected

Weaknesses

  • CWE-276: CWE-276: Incorrect Default Permissions

ADP Enrichment

CVE Program Container

Additional References

References