Schneider Electric has an updated version of Zelio Soft 2 that mitigates an use after free vulnerability, according to a report from NCCIC.
Successful exploitation of this vulnerability, discovered by 9sg Security Team working with Trend Micro Zero Day Initiative (ZDI), could allow remote code execution through the opening of a specially crafted project file.
A programming platform, Zelio Soft 2 Versions 5.2 and prior suffer from the remotely exploitable vulnerability.
A use after free vulnerability has been identified, which could cause remote code execution when opening a specially crafted Zelio Soft 2 project file.
CVE-2019-6822 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.8.
The product sees use mainly in the critical manufacturing sector and it sees action on a global basis.
No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.
Schneider Electric said version 5.3 of the affected software mitigates the reported vulnerability.