CVE-2017-9648

HIGH

Solar Controls WATTConfig M <2.5.10.1 - Code Injection

Title source: llm

Description

An Uncontrolled Search Path Element issue was discovered in Solar Controls WATTConfig M Software Version 2.5.10.1 and prior. An uncontrolled search path element has been identified, which could allow an attacker to execute arbitrary code on a target system using a malicious DLL file.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/100264

[Mitigation, Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-17-222-03

Scores

CVSS v3 7.8

EPSS 0.0016

EPSS Percentile 36.4%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status draft

Affected Products (1)

solarcontrols/wattconfig_m < 2.5.10.1

Timeline

Published Aug 14, 2017

Tracked Since Feb 18, 2026