CVE-2017-9646
HIGHSolar Controls HCDownloader <1.0.1.15 - Code Injection
Title source: llmDescription
An Uncontrolled Search Path Element issue was discovered in Solar Controls Heating Control Downloader (HCDownloader) Version 1.0.1.15 and prior. An uncontrolled search path element has been identified, which could allow an attacker to execute arbitrary code on a target system using a malicious DLL file.
References (2)
Core 2
Core References
Mitigation, Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-17-222-02
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/100261
Scores
CVSS v3
7.8
EPSS
0.0176
EPSS Percentile
75.1%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-427
Status
published
Products (1)
solarcontrols/heating_control_downloader
< 1.0.1.15
Published
Aug 14, 2017
Tracked Since
Feb 18, 2026