Sign-up

ID

VAR-201704-1594


TITLE

SCADA engine BACnetOPCServer has dll hijacking vulnerability

Trust: 0.6

sources: CNVD: CNVD-2017-04198

DESCRIPTION

The SCADA system is a data acquisition and monitoring control system. BACnetOPCServer is the server software of SCADA engine. The BACnSvrTest.exe component of the BACnetOPCServer software has a DLL hijacking vulnerability due to the insecure loading of library files. An attacker can construct a malicious application and place it in a specific path to make the application maliciously load the DLL and execute arbitrary commands. DLL , Execute any command

Trust: 0.72

sources: CNVD: CNVD-2017-04198 // IVD: d8c72433-e51b-4f53-b34f-df873cd4e910

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: d8c72433-e51b-4f53-b34f-df873cd4e910 // CNVD: CNVD-2017-04198

AFFECTED PRODUCTS

vendor:scadamodel:bacnetopcserverscope:eqversion:2.1.371.24

Trust: 0.8

sources: IVD: d8c72433-e51b-4f53-b34f-df873cd4e910 // CNVD: CNVD-2017-04198

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2017-04198
value: MEDIUM

Trust: 0.6

IVD: d8c72433-e51b-4f53-b34f-df873cd4e910
value: MEDIUM

Trust: 0.2

CNVD: CNVD-2017-04198
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: d8c72433-e51b-4f53-b34f-df873cd4e910
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: d8c72433-e51b-4f53-b34f-df873cd4e910 // CNVD: CNVD-2017-04198

TYPE

Code injection

Trust: 0.2

sources: IVD: d8c72433-e51b-4f53-b34f-df873cd4e910

PATCH

title:SCADA engine BACnetOPCServer has dll hijacking vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/91557

Trust: 0.6

sources: CNVD: CNVD-2017-04198

EXTERNAL IDS

db:CNVDid:CNVD-2017-04198

Trust: 0.8

db:IVDid:D8C72433-E51B-4F53-B34F-DF873CD4E910

Trust: 0.2

sources: IVD: d8c72433-e51b-4f53-b34f-df873cd4e910 // CNVD: CNVD-2017-04198

SOURCES

db:IVDid:d8c72433-e51b-4f53-b34f-df873cd4e910
db:CNVDid:CNVD-2017-04198

LAST UPDATE DATE

2022-05-17T02:08:58.258000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-04198date:2017-05-10T00:00:00

SOURCES RELEASE DATE

db:IVDid:d8c72433-e51b-4f53-b34f-df873cd4e910date:2017-04-11T00:00:00
db:CNVDid:CNVD-2017-04198date:2017-05-20T00:00:00