CVE-2024-0770 - Vulnerability Details - OpenCVE

A vulnerability, which was classified as critical, was found in European Chemicals Agency IUCLID 7.10.3 on Windows. Affected is an unknown function of the file iuclid6.exe of the component Desktop Installer. The manipulation leads to incorrect default permissions. The attack needs to be approached locally. VDB-251670 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Echa.europa	Iuclid
Microsoft	Windows

Configuration 1 [-]

AND

cpe:2.3:a:echa.europa:iuclid:7.10.3:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://imagebin.ca/v/7nx8zv3l62Kf
https://vuldb.com/?ctiid.251670
https://vuldb.com/?id.251670

History

Fri, 30 May 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-01-21T23:00:05.982Z

Updated: 2025-05-30T14:23:45.300Z

Reserved: 2024-01-21T09:07:24.291Z

Link: CVE-2024-0770

Vulnrichment

Updated: 2024-08-01T18:18:18.456Z

NVD

Status : Modified

Published: 2024-01-21T23:15:44.273

Modified: 2024-11-21T08:47:20.020

Link: CVE-2024-0770

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-0770", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-01-21T09:07:24.291Z", "datePublished": "2024-01-21T23:00:05.982Z", "dateUpdated": "2025-05-30T14:23:45.300Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-01-21T23:00:05.982Z"}, "title": "European Chemicals Agency IUCLID Desktop Installer iuclid6.exe default permission", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-276", "lang": "en", "description": "CWE-276 Incorrect Default Permissions"}]}], "affected": [{"vendor": "European Chemicals Agency", "product": "IUCLID", "versions": [{"version": "7.10.3", "status": "affected"}], "modules": ["Desktop Installer"]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, was found in European Chemicals Agency IUCLID 7.10.3 on Windows. Affected is an unknown function of the file iuclid6.exe of the component Desktop Installer. The manipulation leads to incorrect default permissions. The attack needs to be approached locally. VDB-251670 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in European Chemicals Agency IUCLID 7.10.3 f\u00fcr Windows gefunden. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei iuclid6.exe der Komponente Desktop Installer. Dank Manipulation mit unbekannten Daten kann eine incorrect default permissions-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.4, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 3.2, "vectorString": "AV:L/AC:L/Au:S/C:N/I:P/A:P"}}], "timeline": [{"time": "2024-01-21T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-01-21T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-01-21T19:21:12.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Andrea Intilangelo", "type": "finder"}, {"lang": "en", "value": "acme (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.251670", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.251670", "tags": ["signature", "permissions-required"]}, {"url": "https://imagebin.ca/v/7nx8zv3l62Kf", "tags": ["related"]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:18:18.456Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.251670", "tags": ["vdb-entry", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.251670", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://imagebin.ca/v/7nx8zv3l62Kf", "tags": ["related", "x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-08T20:11:31.582662Z", "id": "CVE-2024-0770", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-30T14:23:45.300Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.251670", "tags": ["vdb-entry", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.251670", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://imagebin.ca/v/7nx8zv3l62Kf", "tags": ["related", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:18:18.456Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-0770", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-08T20:11:31.582662Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-08T18:40:36.179Z"}}], "cna": {"title": "European Chemicals Agency IUCLID Desktop Installer iuclid6.exe default permission", "credits": [{"lang": "en", "type": "finder", "value": "Andrea Intilangelo"}, {"lang": "en", "type": "reporter", "value": "acme (VulDB User)"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 3.2, "vectorString": "AV:L/AC:L/Au:S/C:N/I:P/A:P"}}], "affected": [{"vendor": "European Chemicals Agency", "modules": ["Desktop Installer"], "product": "IUCLID", "versions": [{"status": "affected", "version": "7.10.3"}]}], "timeline": [{"lang": "en", "time": "2024-01-21T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2024-01-21T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2024-01-21T19:21:12.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.251670", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.251670", "tags": ["signature", "permissions-required"]}, {"url": "https://imagebin.ca/v/7nx8zv3l62Kf", "tags": ["related"]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, was found in European Chemicals Agency IUCLID 7.10.3 on Windows. Affected is an unknown function of the file iuclid6.exe of the component Desktop Installer. The manipulation leads to incorrect default permissions. The attack needs to be approached locally. VDB-251670 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in European Chemicals Agency IUCLID 7.10.3 f\u00fcr Windows gefunden. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei iuclid6.exe der Komponente Desktop Installer. Dank Manipulation mit unbekannten Daten kann eine incorrect default permissions-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-01-21T23:00:05.982Z"}}}, "cveMetadata": {"cveId": "CVE-2024-0770", "state": "PUBLISHED", "dateUpdated": "2025-05-30T14:23:45.300Z", "dateReserved": "2024-01-21T09:07:24.291Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2024-01-21T23:00:05.982Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:echa.europa:iuclid:7.10.3:*:*:*:*:*:*:*", "matchCriteriaId": "D0EF040E-347D-423A-9981-B9AC90E7BD39", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, was found in European Chemicals Agency IUCLID 7.10.3 on Windows. Affected is an unknown function of the file iuclid6.exe of the component Desktop Installer. The manipulation leads to incorrect default permissions. The attack needs to be approached locally. VDB-251670 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Una vulnerabilidad fue encontrada en European Chemicals Agency IUCLID 7.10.3 en Windows y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo iuclid6.exe del componente Desktop Installer es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a permisos predeterminados incorrectos. El ataque debe abordarse localmente. VDB-251670 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."}], "id": "CVE-2024-0770", "lastModified": "2024-11-21T08:47:20.020", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 3.2, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 2.5, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-21T23:15:44.273", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit"], "url": "https://imagebin.ca/v/7nx8zv3l62Kf"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?ctiid.251670"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.251670"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://imagebin.ca/v/7nx8zv3l62Kf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?ctiid.251670"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.251670"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "cna@vuldb.com", "type": "Secondary"}]}