Sign-up

ID

VAR-201708-1400


CVE

CVE-2017-9646


TITLE

Solar Controls Heating Control Downloader DLL Load Local Code Execution Vulnerability

Trust: 0.8

sources: IVD: 9d8f24b6-d968-4ac4-9677-d87844281234 // CNVD: CNVD-2017-22808

DESCRIPTION

An Uncontrolled Search Path Element issue was discovered in Solar Controls Heating Control Downloader (HCDownloader) Version 1.0.1.15 and prior. An uncontrolled search path element has been identified, which could allow an attacker to execute arbitrary code on a target system using a malicious DLL file. A security vulnerability exists in Solar Controls HCDownloader 1.0.1.15 and earlier

Trust: 2.61

sources: NVD: CVE-2017-9646 // JVNDB: JVNDB-2017-007176 // CNVD: CNVD-2017-22808 // BID: 100261 // IVD: 9d8f24b6-d968-4ac4-9677-d87844281234

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 9d8f24b6-d968-4ac4-9677-d87844281234 // CNVD: CNVD-2017-22808

AFFECTED PRODUCTS

vendor:solarcontrolsmodel:heating control downloaderscope:lteversion:1.0.1.15

Trust: 1.0

vendor:solar controls s r omodel:heating control downloaderscope:lteversion:1.0.1.15

Trust: 0.8

vendor:solarmodel:controls hc downloaderscope:lteversion:<=1.0.1.15

Trust: 0.6

vendor:solarcontrolsmodel:heating control downloaderscope:eqversion:1.0.1.15

Trust: 0.6

vendor:solarmodel:controls hc downloaderscope:eqversion:1.0.1

Trust: 0.3

vendor:solarmodel:controls hc downloaderscope:neversion:1.0.1.15

Trust: 0.3

vendor:heating control downloadermodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 9d8f24b6-d968-4ac4-9677-d87844281234 // CNVD: CNVD-2017-22808 // BID: 100261 // JVNDB: JVNDB-2017-007176 // CNNVD: CNNVD-201706-591 // NVD: CVE-2017-9646

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-9646
value: HIGH

Trust: 1.0

NVD: CVE-2017-9646
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-22808
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201706-591
value: CRITICAL

Trust: 0.6

IVD: 9d8f24b6-d968-4ac4-9677-d87844281234
value: CRITICAL

Trust: 0.2

nvd@nist.gov: CVE-2017-9646
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-22808
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 9d8f24b6-d968-4ac4-9677-d87844281234
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2017-9646
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: 9d8f24b6-d968-4ac4-9677-d87844281234 // CNVD: CNVD-2017-22808 // JVNDB: JVNDB-2017-007176 // CNNVD: CNNVD-201706-591 // NVD: CVE-2017-9646

PROBLEMTYPE DATA

problemtype:CWE-427

Trust: 1.8

sources: JVNDB: JVNDB-2017-007176 // NVD: CVE-2017-9646

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-591

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201706-591

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-007176

PATCH
title:Top Pageurl:http://www.solarcontrols.cz/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-007176

EXTERNAL IDS
db:NVDid:CVE-2017-9646
Trust: 3.5
db:ICS CERTid:ICSA-17-222-02
Trust: 3.3
db:BIDid:100261
Trust: 1.3
db:CNVDid:CNVD-2017-22808
Trust: 0.8
db:CNNVDid:CNNVD-201706-591
Trust: 0.8
db:JVNDBid:JVNDB-2017-007176
Trust: 0.8
db:IVDid:9D8F24B6-D968-4AC4-9677-D87844281234
Trust: 0.2
sources:
            
            
            IVD: 9d8f24b6-d968-4ac4-9677-d87844281234 // 
            
            
            
            CNVD: CNVD-2017-22808 // 
            
            
            
            BID: 100261 // 
            
            
            
            JVNDB: JVNDB-2017-007176 // 
            
            
            
            CNNVD: CNNVD-201706-591 // 
            
            
            
            NVD: CVE-2017-9646

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-17-222-02
Trust: 3.3
url:https://nvd.nist.gov/vuln/detail/cve-2017-9646
Trust: 1.4
url:http://www.securityfocus.com/bid/100261
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9646
Trust: 0.8
url:http://www.solarcontrols.cz/en/update_heating_control.html
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-22808 // 
            
            
            
            BID: 100261 // 
            
            
            
            JVNDB: JVNDB-2017-007176 // 
            
            
            
            CNNVD: CNNVD-201706-591 // 
            
            
            
            NVD: CVE-2017-9646

CREDITS
Karn Ganeshen
Trust: 0.3
sources:
            
            
            BID: 100261

SOURCES
db:IVDid:9d8f24b6-d968-4ac4-9677-d87844281234
db:CNVDid:CNVD-2017-22808
db:BIDid:100261
db:JVNDBid:JVNDB-2017-007176
db:CNNVDid:CNNVD-201706-591
db:NVDid:CVE-2017-9646

LAST UPDATE DATE
2025-04-20T23:42:57.751000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-22808date:2017-08-25T00:00:00
db:BIDid:100261date:2017-08-10T00:00:00
db:JVNDBid:JVNDB-2017-007176date:2017-09-13T00:00:00
db:CNNVDid:CNNVD-201706-591date:2017-08-15T00:00:00
db:NVDid:CVE-2017-9646date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:IVDid:9d8f24b6-d968-4ac4-9677-d87844281234date:2017-08-25T00:00:00
db:CNVDid:CNVD-2017-22808date:2017-08-25T00:00:00
db:BIDid:100261date:2017-08-10T00:00:00
db:JVNDBid:JVNDB-2017-007176date:2017-09-13T00:00:00
db:CNNVDid:CNNVD-201706-591date:2017-06-15T00:00:00
db:NVDid:CVE-2017-9646date:2017-08-14T16:29:00.177