CVE-2017-5161
Published Feb 13, 2017
Last updated 8 years ago
Overview
- Description
- An issue was discovered in Sielco Sistemi Winlog Lite SCADA Software, versions prior to Version 3.02.01, and Winlog Pro SCADA Software, versions prior to Version 3.02.01. An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. Exploitation of this vulnerability could give an attacker access to the system with the same level of privilege as the application that utilizes the malicious DLL.
- Source
- ics-cert@hq.dhs.gov
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 6
- Exploitability score
- 0.6
- Vector string
- CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 9.3
- Impact score
- 10
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-427
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sielcosistemi:winlog_lite:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "03372132-C2BD-471F-A2D0-3CE01A3BB432",
"versionEndIncluding": "3.01.10"
},
{
"criteria": "cpe:2.3:a:sielcosistemi:winlog_pro:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6BE1A9F0-0F59-4133-8876-16CF6936ACEC",
"versionEndIncluding": "3.01.10"
}
],
"operator": "OR"
}
]
}
]