← Back

CVE-2017-14010

nvd nist
Published: Apr 26, 2018Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

In SpiderControl MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior, an uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system.

Affected (1)

Spidercontrol
1 product
Scada Microbrowser
Configuration A
1 vulnerable · 5 platform
Vulnerable SoftwareAffected Versions
Scada Microbrowser
Up to 1.6.30.144
Running on/withPlatform Versions
Microsoft
Windows 10
All versions
Microsoft
Windows 7
All versions
Microsoft
Windows 8
All versions
Microsoft
Windows Vista
All versions
Microsoft
Windows Xp
All versions

Related CWEs

CWE-427
Uncontrolled Search Path Element
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (6)

Source: ics-cert@hq.dhs.gov
Patch
Source: ics-cert@hq.dhs.gov
Third Party AdvisoryVDB Entry
Source: ics-cert@hq.dhs.gov
PatchThird Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party AdvisoryUS Government Resource

Timeline

No history available yet.