CVE-2017-9646

{"id": "CVE-2017-9646", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2017-08-14T16:29:00.177", "references": [{"url": "http://www.securityfocus.com/bid/100261", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-222-02", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "An Uncontrolled Search Path Element issue was discovered in Solar Controls Heating Control Downloader (HCDownloader) Version 1.0.1.15 and prior. An uncontrolled search path element has been identified, which could allow an attacker to execute arbitrary code on a target system using a malicious DLL file."}, {"lang": "es", "value": "Se ha descubierto un problema de elemento de ruta de b\u00fasqueda no controlado en Solar Controls Heating Control Downloader (HCDownloader) versi\u00f3n 1.0.1.15 y anteriores. Se ha identificado un problema de elemento de ruta de b\u00fasqueda no controlado, lo que podr\u00eda permitir que un atacante ejecute c\u00f3digo arbitrario en un sistema objetivo mediante un archivo DLL malicioso."}], "lastModified": "2017-08-24T18:44:20.507", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:solarcontrols:heating_control_downloader:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1AFDB908-9BF6-4091-B9F9-AAB5C81BF7AC", "versionEndIncluding": "1.0.1.15"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}