Tag: DLL hijacking

security advisory

[ICS] BLF-Tech LLC VisualView HMI Software – Insecure Library Loading Allows Code Execution

ICS-CERT published an advisory on one of my reports last month –
https://ics-cert.us-cert.gov/advisories/ICSA-17-115-01

BLF-Tech LLC VisualView HMI Insecure Library Loading Allows Code Execution

Vendor: BLF-Tech LLC
Equipment: VisualView HMI Software
Vulnerability: Uncontrolled Search Path Element

security advisory

[ICS] Schneider Electric Interactive Graphical SCADA System Software – Insecure Library Loading Allows Code Execution

ICS-CERT published an advisory on one of my reports last month –
https://ics-cert.us-cert.gov/advisories/ICSA-17-094-01

Schneider Electric Interactive Graphical SCADA System Software – Insecure Library Loading Allows Code Execution

Vendor: Schneider Electric
Equipment: Interactive Graphical SCADA System Software [IGSS]
Vulnerability: Uncontrolled Search Path Element

Read on for details.

security advisory

Rapid7 AppSpider vulnerabilities

Recently, I checked out Rapid7’s AppSpider Web Application Testing software. It is a Windows based application, and the demo version is available for anyone to play with.

I found 2 vulnerabilities in AppSpider – DLL Pre-loading & Buffer overflow – which I then reported privately to R7 team. The folks at Rapid7 confirmed my reports and released the CVE-ID# & fixed versions shortly after.

Here’s the writeup from Rapid7 Release Announcement:

* Updated nginx.exe to utilize Microsoft Security Advisory on remote code execution. Windows 7, Windows Server 2008 R2, Windows Vista and Windows Server 2008: KB2533623 must be installed on the target platform. Resolves -CVE-2017-5236
* Resolved buffer over flow crash in the AppSpider command line tool for inputs. Resolves -CVE-2017-5240

Read on for more details.

security advisory

[ICS] Sielco Sistemi Winlog SCADA Software – Insecure Library Loading Allows Code Execution

ICS-CERT published an advisory on one of my reports last month –
https://ics-cert.us-cert.gov/advisories/ICSA-17-038-01

Sielco Sistemi Winlog SCADA Software Insecure Library Loading Allows Code Execution

Vendor: Sielco Sistemi
Equipment: Winlog SCADA Software
Vulnerability: Uncontrolled Search Path Element

security advisory

PostgreSQL pgAdmin4 – Insecure Library Loading Allows Code Execution

This vulnerability can allow attackers to execute arbitrary code on vulnerable installations of pgAdmin4 software. pgAdmin4 is a GUI application for database server administration, and comes packaged with PostgreSQL package.

User interaction is required to exploit this vulnerability in that the malicious dll file(s) should be saved in any of the DLL search paths.

Confirmed on products
pgAdmin4 v1.1: Current version packaged with PostgreSQL v9.6.1.1 (Windows x86 Current version)