CVE-2017-14017

HIGH

Progea Movicon <11.5.1181 - Code Injection

Title source: llm

Description

An Uncontrolled Search Path Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An uncontrolled search path element vulnerability has been identified, which may allow a remote attacker without privileges to execute arbitrary code in the form of a malicious DLL file.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/101483

[Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-17-290-01

Scores

CVSS v3 7.8

EPSS 0.0033

EPSS Percentile 55.3%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status draft

Affected Products (1)

progea/movicon < 11.5.1181

Timeline

Published Oct 19, 2017

Tracked Since Feb 18, 2026