Lucene search

K
cve[email protected]CVE-2017-5161
HistoryFeb 13, 2017 - 9:59 p.m.

CVE-2017-5161

2017-02-1321:59:02
CWE-427
web.nvd.nist.gov
26
sielco sistemi
winlog lite
winlog pro
scada software
dll hijacking
vulnerability
exploitation
nvd
cve-2017-5161

7.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

10.4%

An issue was discovered in Sielco Sistemi Winlog Lite SCADA Software, versions prior to Version 3.02.01, and Winlog Pro SCADA Software, versions prior to Version 3.02.01. An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. Exploitation of this vulnerability could give an attacker access to the system with the same level of privilege as the application that utilizes the malicious DLL.

Affected configurations

NVD
Node
sielcosistemiwinlog_liteRange3.01.10
OR
sielcosistemiwinlog_proRange3.01.10

CNA Affected

[
  {
    "product": "Sielco Sistemi Winlog SCADA Software prior to Version 3.02.01",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Sielco Sistemi Winlog SCADA Software prior to Version 3.02.01"
      }
    ]
  }
]

7.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

10.4%

Related for CVE-2017-5161