CVE-2017-14010 - Vulnerability Details - OpenCVE

In SpiderControl MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior, an uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows 10 Windows 7 Windows 8 Windows Vista Windows Xp
Spidercontrol	Scada Microbrowser

Configuration 1 [-]

AND

cpe:2.3:a:spidercontrol:scada_microbrowser:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows_10::::::::
	cpe:2.3:o:microsoft:windows_7::::::::
	cpe:2.3:o:microsoft:windows_8::::::::
	cpe:2.3:o:microsoft:windows_vista::::::::
	cpe:2.3:o:microsoft:windows_xp::::::::

No data.

References

Link	Providers
http://spidercontrol.net/download/downloadarea/?lang=en
http://www.securityfocus.com/bid/101505
https://ics-cert.us-cert.gov/advisories/ICSA-17-292-01

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2018-04-26T19:00:00Z

Updated: 2024-09-16T21:04:09.236Z

Reserved: 2017-08-30T00:00:00

Link: CVE-2017-14010

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-04-26T19:29:00.370

Modified: 2024-11-21T03:11:57.553

Link: CVE-2017-14010

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "MicroBrowser", "vendor": "SpiderControl", "versions": [{"status": "affected", "version": "MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior."}]}], "datePublic": "2017-10-19T00:00:00", "descriptions": [{"lang": "en", "value": "In SpiderControl MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior, an uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-427", "description": "UNCONTROLLED SEARCH PATH ELEMENT CWE-427", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-04-27T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-292-01"}, {"tags": ["x_refsource_MISC"], "url": "http://spidercontrol.net/download/downloadarea/?lang=en"}, {"name": "101505", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/101505"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2017-10-19T00:00:00", "ID": "CVE-2017-14010", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "MicroBrowser", "version": {"version_data": [{"version_value": "MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior."}]}}]}, "vendor_name": "SpiderControl"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In SpiderControl MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior, an uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "UNCONTROLLED SEARCH PATH ELEMENT CWE-427"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-292-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-292-01"}, {"name": "http://spidercontrol.net/download/downloadarea/?lang=en", "refsource": "MISC", "url": "http://spidercontrol.net/download/downloadarea/?lang=en"}, {"name": "101505", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101505"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T19:13:41.628Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-292-01"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://spidercontrol.net/download/downloadarea/?lang=en"}, {"name": "101505", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/101505"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-14010", "datePublished": "2018-04-26T19:00:00Z", "dateReserved": "2017-08-30T00:00:00", "dateUpdated": "2024-09-16T21:04:09.236Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:spidercontrol:scada_microbrowser:*:*:*:*:*:*:*:*", "matchCriteriaId": "AE60B541-01B0-404E-A17E-F3BC85B560EB", "versionEndIncluding": "1.6.30.144", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*", "matchCriteriaId": "FBC814B4-7DEC-4EFC-ABFF-08FFD9FD16AA", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*", "matchCriteriaId": "D56B932B-9593-44E2-B610-E4EB2143EB21", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_8:*:*:*:*:*:*:*:*", "matchCriteriaId": "7B960E10-B1BD-494E-9A52-3FCA90AD2D85", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*", "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*", "matchCriteriaId": "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "In SpiderControl MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior, an uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system."}, {"lang": "es", "value": "En SpiderControl MicroBrowser en Windows XP, Vista 7, 8 y 10, en sus versiones 1.6.30.144 y anteriores, se ha identificado una vulnerabilidad no controlada del elemento de ruta de b\u00fasqueda que podr\u00eda explotarse colocando un archivo DLL especialmente manipulado en la ruta de b\u00fasqueda. Si el DLL malicioso se carga antes que el DLL v\u00e1lido, un atacante podr\u00eda ejecutar c\u00f3digo arbitrario en el sistema."}], "id": "CVE-2017-14010", "lastModified": "2024-11-21T03:11:57.553", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-04-26T19:29:00.370", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Patch"], "url": "http://spidercontrol.net/download/downloadarea/?lang=en"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101505"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-292-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://spidercontrol.net/download/downloadarea/?lang=en"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101505"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-292-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-427"}], "source": "nvd@nist.gov", "type": "Primary"}]}