Описание
Multiple components of Iconics SCADA Suite are prone to a Phantom DLL loading vulnerability. This issue arises from the applications improperly searching for and loading dynamic link libraries, potentially allowing an attacker to execute malicious code via a DLL with a matching name in an accessible search path. The affected components are:
-
MMXFax.exe * winfax.dll
-
MelSim2ComProc.exe
-
Sim2ComProc.dll
-
MMXCall_in.exe * libdxxmt.dll
-
libsrlmt.dll
Multiple components of Iconics SCADA Suite are prone to a Phantom DLL loading vulnerability. This issue arises from the applications improperly searching for and loading dynamic link libraries, potentially allowing an attacker to execute malicious code via a DLL with a matching name in an accessible search path. The affected components are:
-
MMXFax.exe * winfax.dll
-
MelSim2ComProc.exe
-
Sim2ComProc.dll
-
MMXCall_in.exe * libdxxmt.dll
-
libsrlmt.dll
Связанные уязвимости
Rejected reason: This CVE ID has been rejected/withdrawn by its CVE Numbering Authority (Palo Alto Networks) based on discussions with Mitsubishi Electronics Corporation's PSIRT.
Уязвимость программного обеспечения для автоматизации, диспетчеризации и аналитики ICONICS Suite, связанная с использованием ненадёжного пути поиска, позволяющая нарушителю выполнить произвольный код