CVE-2017-14017
published 2017-10-19CVE-2017-14017: An Uncontrolled Search Path Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An uncontrolled search path element vulnerability has…
PriorityP339high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
EPSS
0.67%
47.4th percentile
An Uncontrolled Search Path Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An uncontrolled search path element vulnerability has been identified, which may allow a remote attacker without privileges to execute arbitrary code in the form of a malicious DLL file.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| progea | movicon | <= 11.5.1181 | — |
| progea_movicon_scada | hmi | — | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7xjq-r49q-hwq9: An Uncontrolled Search Path Element issue was discovered in Progea Movicon Version 11
ghsa_unreviewed·2022-05-13
CVE-2017-14017 [HIGH] CWE-427 GHSA-7xjq-r49q-hwq9: An Uncontrolled Search Path Element issue was discovered in Progea Movicon Version 11
An Uncontrolled Search Path Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An uncontrolled search path element vulnerability has been identified, which may allow a remote attacker without privileges to execute arbitrary code in the form of a malicious DLL file.
CISA ICS
Progea Movicon SCADA/HMI
cisa_ics·2017-10-17
Progea Movicon SCADA/HMI
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Progea Movicon SCADA/HMI
Last RevisedOctober 17, 2017
Alert CodeICSA-17-290-01
## CVSS v3 6.8
ATTENTION: Remotely exploitable/low skill level to exploit.
Vendor: Progea
Equipment: Movicon SCADA/HMI
Vulnerability: Uncontrolled Search Path Element, Unquoted Search Path or Element
## AFFECTED PRODUCTS
The following versions of Movicon HMI, an HMI software platform, are affected:
- Movicon Version 11.5.1181 and prior.
## IMPACT
Successful exploitation of these vulnerabilities could allow privilege escalation or arbitrary code execution.
## MITIGATION
Progea has not provide
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2017-10-19
Published