Vulnerability Description
An Uncontrolled Search Path Element issue was discovered in Solar Controls Heating Control Downloader (HCDownloader) Version 1.0.1.15 and prior. An uncontrolled search path element has been identified, which could allow an attacker to execute arbitrary code on a target system using a malicious DLL file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Solarcontrols | Heating Control Downloader | <= 1.0.1.15 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/100261Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-222-02MitigationThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/100261Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-222-02MitigationThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2017-9646?
CVE-2017-9646 is a vulnerability with a CVSS score of 7.8 (HIGH). An Uncontrolled Search Path Element issue was discovered in Solar Controls Heating Control Downloader (HCDownloader) Version 1.0.1.15 and prior. An uncontrolled search path element has been identified...
How severe is CVE-2017-9646?
CVE-2017-9646 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-9646?
Check the references section above for vendor advisories and patch information. Affected products include: Solarcontrols Heating Control Downloader.