Description
An Uncontrolled Search Path Element issue was discovered in SIMPlight SCADA Software version 4.3.0.27 and prior. The uncontrolled search path element vulnerability has been identified, which may allow an attacker to place a malicious DLL file within the search path resulting in execution of arbitrary code.
References (2)
Core 2
Core References
Mitigation, Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-17-222-01
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/100263
Scores
CVSS v3
7.0
EPSS
0.0136
EPSS Percentile
68.0%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-427
Status
published
Products (1)
simplight/scada
< 4.3.0.27
Published
Aug 14, 2017
Tracked Since
Feb 18, 2026