CVE-2017-6033

A DLL Hijacking issue was discovered in Schneider Electric Interactive Graphical SCADA System (IGSS) Software, Version 12 and previous versions. The software will execute a malicious file if it is named the same as a legitimate file and placed in a location that is earlier in the search path.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
icscertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
VendorProductVersion
schneider-electricinteractive_graphical_scada_system
𝑥
≤ 12.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-090-01
http://www.securityfocus.com/bid/97389
https://ics-cert.us-cert.gov/advisories/ICSA-17-094-01
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-090-01
http://www.securityfocus.com/bid/97389
https://ics-cert.us-cert.gov/advisories/ICSA-17-094-01