DLL Hijacking Vulnerability in Schneider Electric IGSS Software
CVE-2017-6033

7.8HIGH

Key Information:

Vendor

Schneider Electric
Status
Schneider Electric Interactive Graphical Scada System Software
Vendor
CVE Published:
7 April 2017

What is CVE-2017-6033?

A DLL Hijacking vulnerability was identified in Schneider Electric's Interactive Graphical SCADA System (IGSS) Software. This flaw allows an attacker to exploit the software by placing a malicious DLL file in a directory that is searched before the legitimate DLL file. As a result, when IGSS Software attempts to load the legitimate DLL, it inadvertently executes the malicious version instead, potentially compromising the system. This can lead to unauthorized actions and a breach of system integrity, making it essential for users to apply necessary security updates and follow best practices to mitigate risks.

Affected Version(s)

Schneider Electric Interactive Graphical SCADA System Software Schneider Electric Interactive Graphical SCADA System Software

References

http://www.securityfocus.com/bid/97389
vdb-entryx_refsource_BID
https://ics-cert.us-cert.gov/advisories/ICSA-17-094-01
x_refsource_MISC
http://download.schneider-electric.com/files?p_Doc_Ref=SE...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.