CVE-2017-5161

HIGH

Sielco Sistemi Winlog Lite SCADA Software <3.02.01 - DLL Hijacking

Title source: llm

Description

An issue was discovered in Sielco Sistemi Winlog Lite SCADA Software, versions prior to Version 3.02.01, and Winlog Pro SCADA Software, versions prior to Version 3.02.01. An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. Exploitation of this vulnerability could give an attacker access to the system with the same level of privilege as the application that utilizes the malicious DLL.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/96119

[Mitigation, Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-17-038-01

Scores

CVSS v3 7.2

EPSS 0.0012

EPSS Percentile 30.3%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Classification

CWE

CWE-427

Status draft

Affected Products (2)

sielcosistemi/winlog_lite < 3.01.10

sielcosistemi/winlog_pro < 3.01.10

Timeline

Published Feb 13, 2017

Tracked Since Feb 18, 2026