CVE-2023-6061

Multiple components of Iconics SCADA Suite are prone to a Phantom DLL loading vulnerability. This issue arises from the applications improperly searching for and loading dynamic link libraries, potentially allowing an attacker to execute malicious code via a DLL with a matching name in an accessible search path. The affected components are: * MMXFax.exe * winfax.dll * MelSim2ComProc.exe * Sim2ComProc.dll * MMXCall_in.exe * libdxxmt.dll * libsrlmt.dll
References
Link Resource
https://gist.github.com/AsherDLL/abdd2334ac8872999d73ba7b20328c21 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:iconics:iconics_suite:*:*:*:*:*:*:*:*

History

12 Dec 2023, 22:24

Type Values Removed Values Added
CWE CWE-427
CWE-426
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8
CPE cpe:2.3:a:iconics:iconics_suite:*:*:*:*:*:*:*:*
References () https://gist.github.com/AsherDLL/abdd2334ac8872999d73ba7b20328c21 - () https://gist.github.com/AsherDLL/abdd2334ac8872999d73ba7b20328c21 - Exploit, Third Party Advisory
First Time Iconics
Iconics iconics Suite

08 Dec 2023, 00:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-08 00:15

Updated : 2024-02-28 20:54


NVD link : CVE-2023-6061

Mitre link : CVE-2023-6061

CVE.ORG link : CVE-2023-6061


JSON object : View

Products Affected

iconics

  • iconics_suite
CWE
CWE-426

Untrusted Search Path

CWE-427

Uncontrolled Search Path Element