Vulnerability Description
An Uncontrolled Search Path or Element issue was discovered in i-SENS SmartLog Diabetes Management Software, Version 2.4.0 and prior versions. An uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system. This vulnerability does not affect the connected blood glucose monitor and would not impact delivery of therapy to the patient.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| I-Sens | Smartlog Diabetes Management Software | <= 2.4.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/100659Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-01PatchThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/100659Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-01PatchThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2017-13993?
CVE-2017-13993 is a vulnerability with a CVSS score of 7.8 (HIGH). An Uncontrolled Search Path or Element issue was discovered in i-SENS SmartLog Diabetes Management Software, Version 2.4.0 and prior versions. An uncontrolled search path element vulnerability has bee...
How severe is CVE-2017-13993?
CVE-2017-13993 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-13993?
Check the references section above for vendor advisories and patch information. Affected products include: I-Sens Smartlog Diabetes Management Software.