exploitDog

CVE-2017-9648

Опубликовано: 14 авг. 2017

Источник: nvd

CVSS3: 7.8

CVSS2: 9.3

EPSS Низкий

Описание

An Uncontrolled Search Path Element issue was discovered in Solar Controls WATTConfig M Software Version 2.5.10.1 and prior. An uncontrolled search path element has been identified, which could allow an attacker to execute arbitrary code on a target system using a malicious DLL file.

Ссылки

http://www.securityfocus.com/bid/100264
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-222-03
Mitigation
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/100264
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-222-03
Mitigation
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:solarcontrols:wattconfig_m:*:*:*:*:*:*:*:*

Версия до 2.5.10.1 (включая)

EPSS

Процентиль: 37%

0.00157

Низкий

7.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-427

Связанные уязвимости

GHSA-9f7m-7mgg-5x9p

CVSS3: 7.8

github

больше 3 лет назад

An Uncontrolled Search Path Element issue was discovered in Solar Controls WATTConfig M Software Version 2.5.10.1 and prior. An uncontrolled search path element has been identified, which could allow an attacker to execute arbitrary code on a target system using a malicious DLL file.

EPSS

Процентиль: 37%

0.00157

Низкий

7.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-427