CVE-2024-3459

HIGH Year: 2024
CVSS v3 Score
7.8
High
Weakness Type
CWE-424
View all →

Vulnerability Description

KioWare for Windows (versions all through 8.34) allows to escape the environment by downloading PDF files, which then by default are opened in an external PDF viewer. By using built-in functions of that viewer it is possible to launch a web browser, search through local files and, subsequently, launch any program with user privileges.

Related Vulnerabilities

CVE-2019-18996

HIGH
CVSS:7.8(High)

Path settings in HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier accept DLLs outside of the program directory, potentially allowing an attacker with access to the loc...

CWE-4242019

CVE-2023-46176

HIGH
CVSS:7.8(High)

IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys. IBM X-Force ID: 269535.

CWE-4242023

CVE-2019-18997

HIGH
CVSS:7.5(High)

The HMISimulator component of ABB PB610 Panel Builder 600 uses the readFile/writeFile interface to manipulate the work file. Path configuration in PB610 HMISimulator versions 2.8.0.424 and earlier pot...

CWE-4242019

CVE-2023-0629

HIGH
CVSS:7.1(High)

Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/docker_engine_linux...

CWE-4242023

CVE-2023-52952

CRITICAL
CVSS:8.5(High)

A vulnerability has been identified in HiMed Cockpit 12 pro (J31032-K2017-H259) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit 14 pro+ (J31032-K2017-H435) (All versions >= V11.5.1 < V11.6.2), HiMe...

CWE-4242023

CVE-2024-3460

HIGH
CVSS:7.0(High)

In KioWare for Windows (versions all through 8.34) it is possible to exit this software and use other already opened applications utilizing a short time window before the forced automatic logout occur...

CWE-4242024