Sign-up

ID

VAR-201701-1142


TITLE

Scada-os Configuration Software dll Hijacking vulnerability

Trust: 0.8

sources: IVD: 9c00b987-57e6-4a46-b907-bbb644d2c47a // CNVD: CNVD-2017-00694

DESCRIPTION

Scada-os is a SCADA system developed by multiple SCADA configuration software engineers. The TsStudio.exe component of the Scada-os configuration software unsafely loads the library file. An attacker can construct a malicious application and place it in a specific path, which can cause the application to maliciously load a DLL and execute it. DLL And execute

Trust: 0.72

sources: CNVD: CNVD-2017-00694 // IVD: 9c00b987-57e6-4a46-b907-bbb644d2c47a

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 9c00b987-57e6-4a46-b907-bbb644d2c47a // CNVD: CNVD-2017-00694

AFFECTED PRODUCTS

vendor:scada osmodel:scada-os configuration softwarescope:eqversion:6.1.0.0

Trust: 0.8

sources: IVD: 9c00b987-57e6-4a46-b907-bbb644d2c47a // CNVD: CNVD-2017-00694

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2017-00694
value: MEDIUM

Trust: 0.6

IVD: 9c00b987-57e6-4a46-b907-bbb644d2c47a
value: MEDIUM

Trust: 0.2

CNVD: CNVD-2017-00694
severity: MEDIUM
baseScore: 6.3
vectorString: AV:L/AC:M/AU:N/C:C/I:N/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 9c00b987-57e6-4a46-b907-bbb644d2c47a
severity: MEDIUM
baseScore: 6.3
vectorString: AV:L/AC:M/AU:N/C:C/I:N/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 9c00b987-57e6-4a46-b907-bbb644d2c47a // CNVD: CNVD-2017-00694

TYPE

Code injection

Trust: 0.2

sources: IVD: 9c00b987-57e6-4a46-b907-bbb644d2c47a

PATCH

title:Scada-os configuration software has dll hijacking vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/88135

Trust: 0.6

sources: CNVD: CNVD-2017-00694

EXTERNAL IDS

db:CNVDid:CNVD-2017-00694

Trust: 0.8

db:IVDid:9C00B987-57E6-4A46-B907-BBB644D2C47A

Trust: 0.2

sources: IVD: 9c00b987-57e6-4a46-b907-bbb644d2c47a // CNVD: CNVD-2017-00694

SOURCES

db:IVDid:9c00b987-57e6-4a46-b907-bbb644d2c47a
db:CNVDid:CNVD-2017-00694

LAST UPDATE DATE

2022-05-17T02:07:06.499000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-00694date:2017-01-23T00:00:00

SOURCES RELEASE DATE

db:IVDid:9c00b987-57e6-4a46-b907-bbb644d2c47adate:2017-01-22T00:00:00
db:CNVDid:CNVD-2017-00694date:2017-03-06T00:00:00