Details of VAR-201711-0410

ID

VAR-201711-0410

CVE

CVE-2017-14020

TITLE

plural AutomationDirect Uncontrolled search path element vulnerability in product

Trust: 0.8

sources: JVNDB: JVNDB-2017-010444

DESCRIPTION

In AutomationDirect CLICK Programming Software (Part Number C0-PGMSW) Versions 2.10 and prior; C-More Programming Software (Part Number EA9-PGMSW) Versions 6.30 and prior; C-More Micro (Part Number EA-PGMSW) Versions 4.20.01.0 and prior; Do-more Designer Software (Part Number DM-PGMSW) Versions 2.0.3 and prior; GS Drives Configuration Software (Part Number GSOFT) Versions 4.0.6 and prior; SL-SOFT SOLO Temperature Controller Configuration Software (Part Number SL-SOFT) Versions 1.1.0.5 and prior; and DirectSOFT Programming Software Versions 6.1 and prior, an uncontrolled search path element (DLL Hijacking) vulnerability has been identified. To exploit this vulnerability, an attacker could rename a malicious DLL to meet the criteria of the application, and the application would not verify that the DLL is correct. Once loaded by the application, the DLL could run malicious code at the privilege level of the application. plural AutomationDirect The product is vulnerable to an uncontrolled search path element.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. AutomationDirect is the world's largest PLC design and production company. An attacker would need administrative access to the default installation location to install a malicious DLL. Multiple AutomationDirect Products are prone to local arbitrary code-execution vulnerability because it fails to sanitize user-supplied input. A local attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. are all products of American AutomationDirect. Several AutomationDirect products have DLL hijacking vulnerabilities

Trust: 2.7

sources: NVD: CVE-2017-14020 // JVNDB: JVNDB-2017-010444 // CNVD: CNVD-2017-33807 // BID: 101780 // IVD: 579caf4e-6fe9-4eec-bca4-7f3e62f9ff08 // VULHUB: VHN-104701

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 579caf4e-6fe9-4eec-bca4-7f3e62f9ff08 // CNVD: CNVD-2017-33807

AFFECTED PRODUCTS

vendor:	automationdirect	model:	sl-soft solo temperature controller	scope:	lte	version:	1.1.0.5	Trust: 1.0
vendor:	automationdirect	model:	click plc	scope:	lte	version:	2.10	Trust: 1.0
vendor:	automationdirect	model:	c-more micro	scope:	lte	version:	4.20.01.0	Trust: 1.0
vendor:	automationdirect	model:	gs drives fimware	scope:	lte	version:	4.0.6	Trust: 1.0
vendor:	automationdirect	model:	c-more plc	scope:	lte	version:	6.30	Trust: 1.0
vendor:	automationdirect	model:	c-more micro	scope:	eq	version:	4.20.01.0	Trust: 0.9
vendor:	automationdirect	model:	c-more micro	scope:	lte	version:	(part number ea-pgmsw) 4.20.01.0	Trust: 0.8
vendor:	automationdirect	model:	c-more programming software	scope:	lte	version:	(part number ea9-pgmsw) 6.30	Trust: 0.8
vendor:	automationdirect	model:	click programming software	scope:	lte	version:	(part number c0-pgmsw) 2.10	Trust: 0.8
vendor:	automationdirect	model:	gs drives configuration software	scope:	lte	version:	(part number gsoft) 4.0.6	Trust: 0.8
vendor:	automationdirect	model:	sl-soft solo temperature controller configuration software	scope:	lte	version:	(part number sl-soft) 1.1.0.5	Trust: 0.8
vendor:	automationdirect	model:	click	scope:	lte	version:	<=2.10	Trust: 0.6
vendor:	automationdirect	model:	c-more	scope:	lte	version:	<=6.30	Trust: 0.6
vendor:	automationdirect	model:	c-more micro	scope:	lte	version:	<=4.20.01.0	Trust: 0.6
vendor:	automationdirect	model:	gs drives	scope:	lte	version:	<=4.0.6	Trust: 0.6
vendor:	automationdirect	model:	sl-soft solo	scope:	lte	version:	<=1.1.0.5	Trust: 0.6
vendor:	automationdirect	model:	sl-soft solo temperature controller	scope:	eq	version:	1.1.0.5	Trust: 0.6
vendor:	automationdirect	model:	c-more plc	scope:	eq	version:	6.30	Trust: 0.6
vendor:	automationdirect	model:	gs drives fimware	scope:	eq	version:	4.0.6	Trust: 0.6
vendor:	automationdirect	model:	click plc	scope:	eq	version:	2.10	Trust: 0.6
vendor:	automationdirect	model:	sl-soft solo	scope:	eq	version:	1.1.0.5	Trust: 0.3
vendor:	automationdirect	model:	gs drives configuration software	scope:	eq	version:	4.0.6	Trust: 0.3
vendor:	automationdirect	model:	click programming software	scope:	eq	version:	2.10	Trust: 0.3
vendor:	automationdirect	model:	c-more programming software	scope:	eq	version:	6.30	Trust: 0.3
vendor:	automationdirect	model:	sl-soft solo	scope:	ne	version:	1.1.0.6	Trust: 0.3
vendor:	automationdirect	model:	gs drives configuration software	scope:	ne	version:	4.0.7	Trust: 0.3
vendor:	automationdirect	model:	click programming software	scope:	ne	version:	2.11	Trust: 0.3
vendor:	automationdirect	model:	c-more programming software	scope:	ne	version:	6.32	Trust: 0.3
vendor:	automationdirect	model:	c-more micro	scope:	ne	version:	4.21	Trust: 0.3
vendor:	click plc	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	c more plc	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	c more micro	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	gs drives fimware	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	sl soft solo temperature controller	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 579caf4e-6fe9-4eec-bca4-7f3e62f9ff08 // CNVD: CNVD-2017-33807 // BID: 101780 // JVNDB: JVNDB-2017-010444 // CNNVD: CNNVD-201708-1255 // NVD: CVE-2017-14020

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-14020
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-14020
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-33807
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201708-1255
value:	CRITICAL
Trust: 0.6
IVD:	579caf4e-6fe9-4eec-bca4-7f3e62f9ff08
value:	CRITICAL
Trust: 0.2
VULHUB:	VHN-104701
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-14020
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-33807
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	579caf4e-6fe9-4eec-bca4-7f3e62f9ff08
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-104701
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-14020
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: 579caf4e-6fe9-4eec-bca4-7f3e62f9ff08 // CNVD: CNVD-2017-33807 // VULHUB: VHN-104701 // JVNDB: JVNDB-2017-010444 // CNNVD: CNNVD-201708-1255 // NVD: CVE-2017-14020

PROBLEMTYPE DATA

problemtype:

CWE-427

Trust: 1.9

sources: VULHUB: VHN-104701 // JVNDB: JVNDB-2017-010444 // NVD: CVE-2017-14020

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-1255

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201708-1255

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010444

PATCH

title:	C-more Micro Panels Support Resources	url:	http://support.automationdirect.com/products/cmoremicro.html	Trust: 0.8
title:	GSoft Support Resources	url:	http://support.automationdirect.com/products/gsoft.html	Trust: 0.8
title:	SOLO Temperature Controllers Support Resources	url:	http://support.automationdirect.com/products/solo.html	Trust: 0.8
title:	CLICK PLC Support Resources	url:	http://support.automationdirect.com/products/clickplcs.html	Trust: 0.8
title:	C-More Support Resources	url:	http://support.automationdirect.com/products/cmore.html	Trust: 0.8
title:	AutomationDirect multiple product DLL hijacked patch	url:	https://www.cnvd.org.cn/patchInfo/show/106012	Trust: 0.6
title:	Multiple AutomationDirect Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76097	Trust: 0.6

sources: CNVD: CNVD-2017-33807 // JVNDB: JVNDB-2017-010444 // CNNVD: CNNVD-201708-1255

EXTERNAL IDS

db:	NVD	id:	CVE-2017-14020	Trust: 3.6
db:	ICS CERT	id:	ICSA-17-313-01	Trust: 2.6
db:	BID	id:	101780	Trust: 1.4
db:	CNNVD	id:	CNNVD-201708-1255	Trust: 0.9
db:	CNVD	id:	CNVD-2017-33807	Trust: 0.8
db:	ICS CERT	id:	ICSA-17-313-01A	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-010444	Trust: 0.8
db:	IVD	id:	579CAF4E-6FE9-4EEC-BCA4-7F3E62F9FF08	Trust: 0.2
db:	VULHUB	id:	VHN-104701	Trust: 0.1

sources: IVD: 579caf4e-6fe9-4eec-bca4-7f3e62f9ff08 // CNVD: CNVD-2017-33807 // VULHUB: VHN-104701 // BID: 101780 // JVNDB: JVNDB-2017-010444 // CNNVD: CNNVD-201708-1255 // NVD: CVE-2017-14020

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-17-313-01	Trust: 2.6
url:	http://www.securityfocus.com/bid/101780	Trust: 1.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14020	Trust: 0.8
url:	https://ics-cert.us-cert.gov/advisories/icsa-17-313-01a	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-14020	Trust: 0.8

sources: CNVD: CNVD-2017-33807 // VULHUB: VHN-104701 // BID: 101780 // JVNDB: JVNDB-2017-010444 // CNNVD: CNNVD-201708-1255 // NVD: CVE-2017-14020

CREDITS

Mark Cross of RIoT Solutions

Trust: 0.6

sources: CNNVD: CNNVD-201708-1255

SOURCES

db:	IVD	id:	579caf4e-6fe9-4eec-bca4-7f3e62f9ff08
db:	CNVD	id:	CNVD-2017-33807
db:	VULHUB	id:	VHN-104701
db:	BID	id:	101780
db:	JVNDB	id:	JVNDB-2017-010444
db:	CNNVD	id:	CNNVD-201708-1255
db:	NVD	id:	CVE-2017-14020

LAST UPDATE DATE

2025-04-20T23:37:46.699000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-33807	date:	2017-11-14T00:00:00
db:	VULHUB	id:	VHN-104701	date:	2018-08-01T00:00:00
db:	BID	id:	101780	date:	2017-12-19T21:00:00
db:	JVNDB	id:	JVNDB-2017-010444	date:	2017-12-14T00:00:00
db:	CNNVD	id:	CNNVD-201708-1255	date:	2017-11-13T00:00:00
db:	NVD	id:	CVE-2017-14020	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	IVD	id:	579caf4e-6fe9-4eec-bca4-7f3e62f9ff08	date:	2017-11-14T00:00:00
db:	CNVD	id:	CNVD-2017-33807	date:	2017-11-14T00:00:00
db:	VULHUB	id:	VHN-104701	date:	2017-11-13T00:00:00
db:	BID	id:	101780	date:	2017-11-09T00:00:00
db:	JVNDB	id:	JVNDB-2017-010444	date:	2017-12-14T00:00:00
db:	CNNVD	id:	CNNVD-201708-1255	date:	2017-11-09T00:00:00
db:	NVD	id:	CVE-2017-14020	date:	2017-11-13T20:29:00.257