Lucene search

[email protected]NVD:CVE-2017-9646

HistoryAug 14, 2017 - 4:29 p.m.

CVE-2017-9646

2017-08-1416:29:00

CWE-427

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

36.7%

JSON

An Uncontrolled Search Path Element issue was discovered in Solar Controls Heating Control Downloader (HCDownloader) Version 1.0.1.15 and prior. An uncontrolled search path element has been identified, which could allow an attacker to execute arbitrary code on a target system using a malicious DLL file.

Affected configurations

Nvd

Node

solarcontrolsheating_control_downloaderRange≤1.0.1.15

VendorProductVersionCPE
solarcontrolsheating_control_downloader*cpe:2.3:a:solarcontrols:heating_control_downloader:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
solarcontrols	heating_control_downloader	*	cpe:2.3:a:solarcontrols:heating_control_downloader::::::::

References

www.securityfocus.com/bid/100261

ics-cert.us-cert.gov/advisories/ICSA-17-222-02

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

36.7%

JSON

Related for NVD:CVE-2017-9646

cvelist1 ics1 cve1 prion1