CVE-2017-6033

HIGH

Schneider-electric Interactive Graphi... - Uncontrolled Search Path

Title source: rule

Description

A DLL Hijacking issue was discovered in Schneider Electric Interactive Graphical SCADA System (IGSS) Software, Version 12 and previous versions. The software will execute a malicious file if it is named the same as a legitimate file and placed in a location that is earlier in the search path.

References (3)

[Vendor Advisory] http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-090-01

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/97389

[Mitigation, Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-17-094-01

Scores

CVSS v3 7.8

EPSS 0.0022

EPSS Percentile 44.0%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status draft

Affected Products (1)

schneider-electric/interactive_graphical_scada_system < 12.0

Timeline

Published Apr 07, 2017

Tracked Since Feb 18, 2026