CVE-2017-5161
HIGHSielco Sistemi Winlog Lite SCADA Software <3.02.01 - DLL Hijacking
Title source: llmDescription
An issue was discovered in Sielco Sistemi Winlog Lite SCADA Software, versions prior to Version 3.02.01, and Winlog Pro SCADA Software, versions prior to Version 3.02.01. An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. Exploitation of this vulnerability could give an attacker access to the system with the same level of privilege as the application that utilizes the malicious DLL.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/96119
Mitigation, Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-17-038-01
Scores
CVSS v3
7.2
EPSS
0.0094
EPSS Percentile
56.2%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
Details
CWE
CWE-427
Status
published
Products (3)
n/a/Sielco Sistemi Winlog SCADA Software prior to Version 3.02.01
Sielco Sistemi Winlog SCADA Software prior to Version 3.02.01
sielcosistemi/winlog_lite
< 3.01.10
sielcosistemi/winlog_pro
< 3.01.10
Published
Feb 13, 2017
Tracked Since
Feb 18, 2026