Arbitrary code execution in Solar Controls Heating Control Downloader

Published: 2017-08-10 00:00:00 | Updated: 2017-08-15 10:22:12
Severity Low
Patch available NO
Number of vulnerabilities 1
CVSSv2 6.1 (AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:U/RC:C)
CVSSv3 7.9 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE ID CVE-2017-9646
CWE ID CWE-426
Exploitation vector Local
Public exploit Not available
Vulnerable software Heating Control Downloader
Vulnerable software versions Heating Control Downloader 1.0.1
Heating Control Downloader 1.0.1.15
Vendor URL Solar Controls
Advisory type Public

Security Advisory

1) Insecure DLL loading

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to untrusted search path element. A local attacker can load a specially crafted .dll file, gain root access and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.

External links

https://ics-cert.us-cert.gov/advisories/ICSA-17-222-02

Back to List