CVE-2017-7966Uncontrolled Search Path Element in Electric SE Somachine Hvac Programming Software

CWE-427Uncontrolled Search Path Element3 documents3 sources
Severity
8.8HIGHNVD
EPSS
1.0%
top 23.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Schneider Electric SE Somachine Hvac Programming SoftwareSchneider-electric Somachine
Timeline
PublishedJun 7
Latest updateMay 13

Description

A DLL Hijacking vulnerability in the programming software in Schneider Electric's SoMachine HVAC v2.1.0 allows a remote attacker to execute arbitrary code on the targeted system. The vulnerability exists due to the improper loading of a DLL.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5schneider_electric_se/somachine_hvac_programming_softwarev2.1.0 for Modicon M171/M172 Controllers

🔴Vulnerability Details

2
GHSA
GHSA-7hr2-2p6f-7h25: A DLL Hijacking vulnerability in the programming software in Schneider Electric's SoMachine HVAC v22022-05-13
CVEList
CVE-2017-7966: A DLL Hijacking vulnerability in the programming software in Schneider Electric's SoMachine HVAC v22017-06-07
CVE-2017-7966 — Uncontrolled Search Path Element | cvebase