September 1, 2017 localuser

[ICS] SIMPlight SCADA software – Insecure Library Loading Allows Code Execution

Vendor: SIMPlight
Equipment: SCADA Software
Vulnerability: Uncontrolled Search Path Element

ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-222-01

AFFECTED PRODUCTS

The following versions of SIMPlight SCADA software, software for building management systems and automated facilities, are affected:

SCADA SIMPLIGHT – simple and affordable solution to build process control, data acquisition and visualization of technological processes.

BACKGROUND

IMPACT
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code.

VULNERABILITY OVERVIEW

UNCONTROLLED SEARCH PATH ELEMENT CWE-427
An uncontrolled search path element vulnerability has been identified, which may execute malicious DLL files that have been placed within the search path.

By placing specific DLL file(s), an attacker is able to force the process to load an arbitrary DLL. This allows an attacker to execute arbitrary code in the context of the process when it is run.

CVE-2017-9661 has been assigned to this vulnerability. A CVSS v3 base score of 7.0 has been assigned; the CVSS vector string is (AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).

Missing Libraries

Application Executables (that look for missing DLL)

Steps to reproduce

+++++

Tagged: , , , , , ,