CVE-2017-5147
published 2017-09-09CVE-2017-5147: An Uncontrolled Search Path Element issue was discovered in AzeoTech DAQFactory versions prior to 17.1. An uncontrolled search path element vulnerability has…
PriorityP422medium5.3CVSS 3.0
AVLACLPRLUINSUCLILAL
EPSS
0.34%
25.5th percentile
An Uncontrolled Search Path Element issue was discovered in AzeoTech DAQFactory versions prior to 17.1. An uncontrolled search path element vulnerability has been identified, which may execute malicious DLL files that have been placed within the search path.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| azeotech | daqfactory | <= 16.3 | — |
CVSS provenance
nvdv3.05.3MEDIUMCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p772-97pf-8hmx: An Uncontrolled Search Path Element issue was discovered in AzeoTech DAQFactory versions prior to 17
ghsa_unreviewed·2022-05-13
CVE-2017-5147 [MEDIUM] CWE-427 GHSA-p772-97pf-8hmx: An Uncontrolled Search Path Element issue was discovered in AzeoTech DAQFactory versions prior to 17
An Uncontrolled Search Path Element issue was discovered in AzeoTech DAQFactory versions prior to 17.1. An uncontrolled search path element vulnerability has been identified, which may execute malicious DLL files that have been placed within the search path.
CISA ICS
AzeoTech DAQFactory
cisa_ics·2017-08-29
AzeoTech DAQFactory
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
AzeoTech DAQFactory
Last RevisedAugust 29, 2017
Alert CodeICSA-17-241-01
## CVSS v3 7.1
ATTENTION: Local access and user-level privileges are required to exploit these vulnerabilities
Vendor: AzeoTech
Equipment: DAQFactory
Vulnerabilities: Incorrect Default Permissions, Uncontrolled Search Path Element
## AFFECTED PRODUCTS
AzeoTech reports that the vulnerabilities affect the following versions of DAQFactory HMI:
- DAQFactory versions prior to 17.1
## IMPACT
Successful exploitation of these vulnerabilities could allow authenticated system users to escalate their privilege
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2017-09-09
Published