CVE-2017-5161

{"id": "CVE-2017-5161", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 7.2, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 0.6}]}, "published": "2017-02-13T21:59:02.830", "references": [{"url": "http://www.securityfocus.com/bid/96119", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-038-01", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Sielco Sistemi Winlog Lite SCADA Software, versions prior to Version 3.02.01, and Winlog Pro SCADA Software, versions prior to Version 3.02.01. An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. Exploitation of this vulnerability could give an attacker access to the system with the same level of privilege as the application that utilizes the malicious DLL."}, {"lang": "es", "value": "Ha sido descubierto un problema en Sielco Sistemi Software Winlog Lite SCADA Software, versiones anteriores a la Versi\u00f3n 3.02.01 y Winlog Pro SCADA Software, versiones anteriores a la Versi\u00f3n 3.02.01. Se ha identificado una vulnerabilidad no controlada del elemento de ruta de acceso de b\u00fasqueda (DLL Hijacking). La explotaci\u00f3n de esta vulnerabilidad podr\u00eda dar a un atacante acceso al sistema con el mismo nivel de privilegio que la aplicaci\u00f3n que utiliza la DLL maliciosa."}], "lastModified": "2017-03-15T17:44:08.717", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sielcosistemi:winlog_lite:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03372132-C2BD-471F-A2D0-3CE01A3BB432", "versionEndIncluding": "3.01.10"}, {"criteria": "cpe:2.3:a:sielcosistemi:winlog_pro:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BE1A9F0-0F59-4133-8876-16CF6936ACEC", "versionEndIncluding": "3.01.10"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}