cve-2017-7966
Vulnerability from cvelistv5
Published
2017-06-07 19:00
Modified
2024-08-05 16:19
Severity ?
EPSS score ?
Summary
A DLL Hijacking vulnerability in the programming software in Schneider Electric's SoMachine HVAC v2.1.0 allows a remote attacker to execute arbitrary code on the targeted system. The vulnerability exists due to the improper loading of a DLL.
References
▼ | URL | Tags | |
---|---|---|---|
cybersecurity@se.com | http://www.schneider-electric.com/en/download/document/SEVD-2017-125-02/ | Vendor Advisory | |
cybersecurity@se.com | http://www.securityfocus.com/bid/98446 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.schneider-electric.com/en/download/document/SEVD-2017-125-02/ | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98446 | Third Party Advisory, VDB Entry |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Schneider Electric SE | SoMachine HVAC Programming Software |
Version: v2.1.0 for Modicon M171/M172 Controllers |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T16:19:29.779Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-125-02/" }, { "name": "98446", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98446" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SoMachine HVAC Programming Software", "vendor": "Schneider Electric SE", "versions": [ { "status": "affected", "version": "v2.1.0 for Modicon M171/M172 Controllers" } ] } ], "datePublic": "2017-05-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A DLL Hijacking vulnerability in the programming software in Schneider Electric\u0027s SoMachine HVAC v2.1.0 allows a remote attacker to execute arbitrary code on the targeted system. The vulnerability exists due to the improper loading of a DLL." } ], "problemTypes": [ { "descriptions": [ { "description": "DLL Hijacking", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-06-08T09:57:01", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-125-02/" }, { "name": "98446", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98446" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2017-7966", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SoMachine HVAC Programming Software", "version": { "version_data": [ { "version_value": "v2.1.0 for Modicon M171/M172 Controllers" } ] } } ] }, "vendor_name": "Schneider Electric SE" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A DLL Hijacking vulnerability in the programming software in Schneider Electric\u0027s SoMachine HVAC v2.1.0 allows a remote attacker to execute arbitrary code on the targeted system. The vulnerability exists due to the improper loading of a DLL." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "DLL Hijacking" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.schneider-electric.com/en/download/document/SEVD-2017-125-02/", "refsource": "CONFIRM", "url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-125-02/" }, { "name": "98446", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98446" } ] } } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2017-7966", "datePublished": "2017-06-07T19:00:00", "dateReserved": "2017-04-19T00:00:00", "dateUpdated": "2024-08-05T16:19:29.779Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2017-7966\",\"sourceIdentifier\":\"cybersecurity@se.com\",\"published\":\"2017-06-07T19:29:00.227\",\"lastModified\":\"2024-11-21T03:33:03.770\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A DLL Hijacking vulnerability in the programming software in Schneider Electric\u0027s SoMachine HVAC v2.1.0 allows a remote attacker to execute arbitrary code on the targeted system. The vulnerability exists due to the improper loading of a DLL.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de secuestro de DLL en el software de programaci\u00f3n de SoMachine HVAC versi\u00f3n v2.1.0 de Schneider Electric, permite que un atacante remoto ejecute c\u00f3digo arbitrario en el sistema apuntado. La vulnerabilidad existe debido a la carga inapropiada de una DLL.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-427\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:somachine:2.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20558BC2-6E75-4CA5-81AD-27652926A17A\"}]}]}],\"references\":[{\"url\":\"http://www.schneider-electric.com/en/download/document/SEVD-2017-125-02/\",\"source\":\"cybersecurity@se.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/98446\",\"source\":\"cybersecurity@se.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.schneider-electric.com/en/download/document/SEVD-2017-125-02/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/98446\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.