Vendor: Progea
Equipment: Movicon SCADA/HMI
Vulnerability: Uncontrolled Search Path Element, Unquoted Search Path or Element
ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-290-01
CVE-ID
CVE-2017-14017
CVE-2017-14019
AFFECTED PRODUCTS
The following versions of Movicon HMI, an HMI software platform, are affected:
- Movicon Version 11.5.1181 and prior.
IMPACT
Successful exploitation of these vulnerabilities could allow privilege escalation or arbitrary code execution.
Read on for details.