{"id":"CVE-2020-10626","details":"In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled search path element vulnerability could allow a malicious DLL file with the same name of any resident DLLs inside the software installation to execute arbitrary code.","modified":"2026-04-11T12:24:03.601186Z","published":"2020-05-14T16:15:12.530Z","database_specific":{"unresolved_ranges":[{"cpe":"cpe:2.3:a:schneider-electric:ecostruxure_it_gateway:*:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"introduced":"1.5.0.66"},{"last_affected":"1.5.2.28"},{"introduced":"1.6.0.39"},{"last_affected":"1.6.2.14"}]},{"cpe":"cpe:2.3:a:schneider-electric:ecostruxure_it_gateway:1.7.0.64:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"1.7.0.64"}]}]},"references":[{"type":"ADVISORY","url":"https://www.us-cert.gov/ics/advisories/ICSA2012601"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/fazecast/jserialcomm","events":[{"introduced":"0"},{"last_affected":"ddfe80828f7dde7a42cf7098ed3c20dba72b4c8c"}],"database_specific":{"cpe":"cpe:2.3:a:fazecast:jserialcomm:*:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"2.2.2"}]}}],"versions":["v2.0.2","v2.0.3","v2.1.0","v2.1.1","v2.2.1","v2.2.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-10626.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}