ID

VAR-201709-0615


CVE

CVE-2017-5147


TITLE

AzeoTech DAQFactory Uncontrolled search path element vulnerability

Trust: 0.8

sources: IVD: 93aca8ed-db66-4e65-9918-6da112ded248 // CNVD: CNVD-2017-23888

DESCRIPTION

An Uncontrolled Search Path Element issue was discovered in AzeoTech DAQFactory versions prior to 17.1. An uncontrolled search path element vulnerability has been identified, which may execute malicious DLL files that have been placed within the search path. AzeoTech DAQFactory Contains a vulnerability related to uncontrolled search path elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AzeoTech DAQFactory is an HMI/SCADA software. AzeoTech DAQFactory is prone to multiple security vulnerabilities. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications or bypass certain security restrictions and perform unauthorized actions. Versions prior to DAQFactory 17.1 are vulnerable

Trust: 2.61

sources: NVD: CVE-2017-5147 // JVNDB: JVNDB-2017-007912 // CNVD: CNVD-2017-23888 // BID: 100522 // IVD: 93aca8ed-db66-4e65-9918-6da112ded248

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 93aca8ed-db66-4e65-9918-6da112ded248 // CNVD: CNVD-2017-23888

AFFECTED PRODUCTS

vendor:azeotechmodel:daqfactoryscope:ltversion:17.1

Trust: 1.4

vendor:azeotechmodel:daqfactoryscope:lteversion:16.3

Trust: 1.0

vendor:azeotechmodel:daqfactoryscope:eqversion:16.3

Trust: 0.9

vendor:azeotechmodel:daqfactoryscope:eqversion:5.91

Trust: 0.3

vendor:azeotechmodel:daqfactoryscope:eqversion:5.90

Trust: 0.3

vendor:azeotechmodel:daqfactoryscope:eqversion:5.86

Trust: 0.3

vendor:azeotechmodel:daqfactoryscope:eqversion:5.85

Trust: 0.3

vendor:azeotechmodel:daqfactoryscope:eqversion:5.84

Trust: 0.3

vendor:azeotechmodel:daqfactoryscope:eqversion:5.83

Trust: 0.3

vendor:azeotechmodel:daqfactoryscope:eqversion:16.2

Trust: 0.3

vendor:azeotechmodel:daqfactoryscope:eqversion:16.1

Trust: 0.3

vendor:azeotechmodel:daqfactoryscope:neversion:17.1

Trust: 0.3

vendor:daqfactorymodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 93aca8ed-db66-4e65-9918-6da112ded248 // CNVD: CNVD-2017-23888 // BID: 100522 // JVNDB: JVNDB-2017-007912 // CNNVD: CNNVD-201709-088 // NVD: CVE-2017-5147

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-5147
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-5147
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-23888
value: LOW

Trust: 0.6

CNNVD: CNNVD-201709-088
value: MEDIUM

Trust: 0.6

IVD: 93aca8ed-db66-4e65-9918-6da112ded248
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2017-5147
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-23888
severity: LOW
baseScore: 3.7
vectorString: AV:L/AC:H/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 1.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 93aca8ed-db66-4e65-9918-6da112ded248
severity: LOW
baseScore: 3.7
vectorString: AV:L/AC:H/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 1.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2017-5147
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.8
impactScore: 3.4
version: 3.0

Trust: 1.8

sources: IVD: 93aca8ed-db66-4e65-9918-6da112ded248 // CNVD: CNVD-2017-23888 // JVNDB: JVNDB-2017-007912 // CNNVD: CNNVD-201709-088 // NVD: CVE-2017-5147

PROBLEMTYPE DATA

problemtype:CWE-427

Trust: 1.8

sources: JVNDB: JVNDB-2017-007912 // NVD: CVE-2017-5147

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201709-088

TYPE

Code problem

Trust: 0.8

sources: IVD: 93aca8ed-db66-4e65-9918-6da112ded248 // CNNVD: CNNVD-201709-088

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-007912

PATCH

title:Top Pageurl:http://www.azeotech.com/daqfactory.php

Trust: 0.8

title:AzeoTech DAQFactory Uncontrolled Search Path Element Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/101183

Trust: 0.6

title:AzeoTech DAQFactory Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74543

Trust: 0.6

sources: CNVD: CNVD-2017-23888 // JVNDB: JVNDB-2017-007912 // CNNVD: CNNVD-201709-088

EXTERNAL IDS

db:NVDid:CVE-2017-5147

Trust: 3.5

db:ICS CERTid:ICSA-17-241-01

Trust: 3.3

db:BIDid:100522

Trust: 1.9

db:CNVDid:CNVD-2017-23888

Trust: 0.8

db:CNNVDid:CNNVD-201709-088

Trust: 0.8

db:JVNDBid:JVNDB-2017-007912

Trust: 0.8

db:IVDid:93ACA8ED-DB66-4E65-9918-6DA112DED248

Trust: 0.2

sources: IVD: 93aca8ed-db66-4e65-9918-6da112ded248 // CNVD: CNVD-2017-23888 // BID: 100522 // JVNDB: JVNDB-2017-007912 // CNNVD: CNNVD-201709-088 // NVD: CVE-2017-5147

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-17-241-01

Trust: 3.3

url:http://www.securityfocus.com/bid/100522

Trust: 1.6

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5147

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2017-5147

Trust: 0.8

url:http://www.azeotech.com/index.php

Trust: 0.3

url:https://www.azeotech.com/j/revision-history.html

Trust: 0.3

sources: CNVD: CNVD-2017-23888 // BID: 100522 // JVNDB: JVNDB-2017-007912 // CNNVD: CNNVD-201709-088 // NVD: CVE-2017-5147

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 100522

SOURCES

db:IVDid:93aca8ed-db66-4e65-9918-6da112ded248
db:CNVDid:CNVD-2017-23888
db:BIDid:100522
db:JVNDBid:JVNDB-2017-007912
db:CNNVDid:CNNVD-201709-088
db:NVDid:CVE-2017-5147

LAST UPDATE DATE

2025-04-20T23:25:57.095000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-23888date:2017-08-30T00:00:00
db:BIDid:100522date:2017-08-29T00:00:00
db:JVNDBid:JVNDB-2017-007912date:2017-10-04T00:00:00
db:CNNVDid:CNNVD-201709-088date:2019-10-17T00:00:00
db:NVDid:CVE-2017-5147date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:IVDid:93aca8ed-db66-4e65-9918-6da112ded248date:2017-08-30T00:00:00
db:CNVDid:CNVD-2017-23888date:2017-08-30T00:00:00
db:BIDid:100522date:2017-08-29T00:00:00
db:JVNDBid:JVNDB-2017-007912date:2017-10-04T00:00:00
db:CNNVDid:CNNVD-201709-088date:2017-08-29T00:00:00
db:NVDid:CVE-2017-5147date:2017-09-09T01:29:02.847