CVE-2017-9661

HIGH

SIMPlight SCADA <4.3.0.27 - Code Injection

Title source: llm

Description

An Uncontrolled Search Path Element issue was discovered in SIMPlight SCADA Software version 4.3.0.27 and prior. The uncontrolled search path element vulnerability has been identified, which may allow an attacker to place a malicious DLL file within the search path resulting in execution of arbitrary code.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/100263

[Mitigation, Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-17-222-01

Scores

CVSS v3 7.0

EPSS 0.0026

EPSS Percentile 49.3%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status draft

Affected Products (1)

simplight/scada < 4.3.0.27

Timeline

Published Aug 14, 2017

Tracked Since Feb 18, 2026