CVE-2017-14019 — MEDIUM (6.7)

Vulnerability Description

An Unquoted Search Path or Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An unquoted search path or element vulnerability has been identified, which may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate his or her privileges.

CVSS Score

6.7

MEDIUM

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Progea	Movicon	11.5.1181

Related Weaknesses (CWE)

CWE-428

References

http://www.securityfocus.com/bid/101483Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-290-01Third Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/101483Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-290-01Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2017-14019?

CVE-2017-14019 is a vulnerability with a CVSS score of 6.7 (MEDIUM). An Unquoted Search Path or Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An unquoted search path or element vulnerability has been identified, which may allow an authoriz...

How severe is CVE-2017-14019?

CVE-2017-14019 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-14019?

Check the references section above for vendor advisories and patch information. Affected products include: Progea Movicon.