- Description
- In SpiderControl MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior, an uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system.
- Source
- ics-cert@hq.dhs.gov
- NVD status
- Modified
CVSS 3.0
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spidercontrol:scada_microbrowser:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AE60B541-01B0-404E-A17E-F3BC85B560EB",
"versionEndIncluding": "1.6.30.144"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "FBC814B4-7DEC-4EFC-ABFF-08FFD9FD16AA"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "D56B932B-9593-44E2-B610-E4EB2143EB21"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_8:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "7B960E10-B1BD-494E-9A52-3FCA90AD2D85"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]