September 1, 2017 Karn Ganeshen

[ICS] Moxa SoftNVR-IA Live Viewer – Insecure Library Loading Allows Code Execution

[ICS] Moxa SoftNVR-IA Live Viewer Insecure Library Loading Allows Code Execution

Vendor: Moxa
Equipment: SoftNVR-IA Live Viewer
Vulnerability: Uncontrolled Search Path Element

ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-220-02

CVE-ID
CVE-2017-5170

AFFECTED PRODUCTS

The following versions of SoftNVR-IA Live Viewer, a video surveillance software designed for industrial automation systems, are affected:


BACKGROUND


IMPACT

Successful exploitation of this vulnerability may allow an attacker to execute code from a malicious DLL on the affected system with the same privileges as the user running the program.


VULNERABILITY OVERVIEW

UNCONTROLLED SEARCH PATH ELEMENT CWE-427
An uncontrolled search path element vulnerability has been identified, which may execute malicious DLL files that have been placed within the search path.

By placing specific DLL file(s), an attacker is able to force the process to load an arbitrary DLL. This allows an attacker to execute arbitrary code in the context of the process when it is run.

CVE-2017-5170 has been assigned to this vulnerability. A CVSS v3 base score of 7.2 has been assigned; the CVSS vector string is (AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H).

Missing Libraries

Application Executables (that look for missing DLL)

Steps to reproduce


Note:
Few DLLs are loaded when the application starts, while few are loaded when the application is exited. Thus, code execution can happen at the start or at exit time of the application run.

+++++

Tagged: , , , , , , ,