Vulnerability Description
An Uncontrolled Search Path Element issue was discovered in SIMPlight SCADA Software version 4.3.0.27 and prior. The uncontrolled search path element vulnerability has been identified, which may allow an attacker to place a malicious DLL file within the search path resulting in execution of arbitrary code.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Simplight | Scada | <= 4.3.0.27 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/100263Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-222-01MitigationThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/100263Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-222-01MitigationThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2017-9661?
CVE-2017-9661 is a vulnerability with a CVSS score of 7.0 (HIGH). An Uncontrolled Search Path Element issue was discovered in SIMPlight SCADA Software version 4.3.0.27 and prior. The uncontrolled search path element vulnerability has been identified, which may allow...
How severe is CVE-2017-9661?
CVE-2017-9661 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-9661?
Check the references section above for vendor advisories and patch information. Affected products include: Simplight Scada.