Lucene search

[email protected]CVE-2017-5147

HistorySep 09, 2017 - 1:29 a.m.

CVE-2017-5147

2017-09-0901:29:00

CWE-427

[email protected]

web.nvd.nist.gov

cve-2017-5147

azeotech daqfactory

uncontrolled search path

nvd

vulnerability

5.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

7 High

AI Score

Confidence

High

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

10.1%

JSON

An Uncontrolled Search Path Element issue was discovered in AzeoTech DAQFactory versions prior to 17.1. An uncontrolled search path element vulnerability has been identified, which may execute malicious DLL files that have been placed within the search path.

CPENameOperatorVersion
azeotech:daqfactoryazeotech daqfactoryle16.3

CPE	Name	Operator	Version
azeotech:daqfactory	azeotech daqfactory	le	16.3

References

www.securityfocus.com/bid/100522

ics-cert.us-cert.gov/advisories/ICSA-17-241-01

5.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

7 High

AI Score

Confidence

High

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

10.1%

JSON

Related for CVE-2017-5147

prion1 cvelist1 ics1