Vulnerabilities: Improper Access Control, Uncontrolled Search Path Element
Trihedral Engineering Limited reports that the vulnerability affects the following versions of the VTScada HMI and SCADA software:
- VTScada 11.3.03 and prior.
Critical Infrastructure Sectors: Chemical, Communications, Critical Manufacturing, Energy, Food and Agriculture, Transportation Systems, Water and Wastewater Systems
Countries/Areas Deployed: North America, Europe
Company Headquarters Location: Canada
IMPROPER ACCESS CONTROL
A local, non-administrator user has privileges to read and write to the file system of the target machine.
The application is vulnerable to local privilege escalation. EVERYONE has FULL permissions over all the install files (*exe, *dll), therefore, it is possible for any local, authenticated, non-admin user to replace/modify original application files with malicious ones, and gain higher privileged access once an administrative user runs the application. Other vectors are possible as well.
CVE-2017-14031 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
UNCONTROLLED SEARCH PATH ELEMENT
The program will execute specially crafted malicious dll files placed on the target machine.
CVE-2017-14029 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
Successful exploitation of these vulnerabilities may allow execution of arbitrary code.