CVE-2024-6618

Summary

In Ocean Data Systems Dream Report, a path traversal vulnerability could allow an attacker to perform remote code execution through the injection of a malicious dynamic-link library (DLL).

Affected Software

VendorProductVersion RangeStatus
Ocean Data SystemsDream Report 20230 <= 23.0.17795.1010affected
AVEVAReports for Operations23.0.17795.1010affected

Weaknesses

  • CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References