Arbitrary code execution in Solar Controls WATTConfig M Software

Published: 2017-08-10 00:00:00 | Updated: 2017-08-15 10:40:05
Severity Low
Patch available NO
Number of vulnerabilities 1
CVE ID CVE-2017-9648
Exploitation vector Local
Public exploit Not available
Vulnerable software WATTConfig M Software
Vulnerable software versions WATTConfig M Software
WATTConfig M Software 2.5
WATTConfig M Software 2.4
Show more
Vendor URL Solar Controls

Security Advisory

1) Insecure DLL loading


The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to untrusted search path element. A local attacker can load a specially crafted .dll file, gain root access and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.


Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.

External links

Back to List