DLL Hijacking Vulnerability in AutomationDirect Programming Software and Related Products
CVE-2017-14020

7.8HIGH

Key Information:

Vendor

Automationdirect

Status
Click Programming Software (part Number C0-pgmsw)
C-more Programming Software (part Number Ea9-pgmsw)
C-more Micro (part Number Ea-pgmsw)
Do-more Designer Software (part Number Dm-pgmsw)
Vendor
CVE Published:
13 November 2017

What is CVE-2017-14020?

An uncontrolled search path element vulnerability exists in various AutomationDirect programming software, including the CLICK, C-More, and DirectSOFT products. Attackers can exploit this vulnerability by renaming a malicious Dynamic Link Library (DLL) to match the expected criteria of the application. The application fails to validate the integrity of the loaded DLL, allowing the execution of arbitrary code with the same privileges as the application. This could lead to unauthorized actions and data breaches, emphasizing the need for prompt remediation and security best practices.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

C-More Micro (Part Number EA-PGMSW) 4.20.01.0 and prior

C-More Programming Software (Part Number EA9-PGMSW) 6.30 and prior

CLICK Programming Software (Part Number C0-PGMSW) 2.10 and prior

References

http://www.securityfocus.com/bid/101780
vdb-entryx_refsource_BID
https://ics-cert.us-cert.gov/advisories/ICSA-17-313-01
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.