AutomationDirect has fixes for an uncontrolled search path element vulnerability in its CLICK, C-More, C-More Micro, GS Drives, SL-Soft SOLO products, according to a report with ICS-CERT.

Successful exploitation of this vulnerability, discovered by Mark Cross of RIoT Solutions, could allow an attacker to execute arbitrary code on the system.

Schneider Clears InduSoft, InTouch Hole
Advantech Fixes WebAccess Holes
Siemens Fixes SIMATIC PCS 7 Issue
No Fixes for Outdated ABB FOX515T

The following AutomationDirect products suffer from the issue:
• CLICK Programming Software (Part Number C0-PGMSW) versions 2.10 and prior
• C-More Programming Software (Part Number EA9-PGMSW)  versions 6.30 and prior
• C-More Micro (Part Number EA-PGMSW) versions and prior
• GS Drives Configuration Software (Part Number GSOFT) versions 4.0.6 and prior
• SL-SOFT SOLO Temperature Controller Configuration Software (Part Number SL-SOFT) versions and prior

No known public exploits specifically target this vulnerability. This vulnerability is not remotely exploitable. In addition, an attacker would need high skill level to exploit the issue.

Schneider Bold

An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. To exploit this vulnerability, an attacker could rename a malicious DLL to meet the criteria of the application, and the application would not verify the DLL is correct. The attacker needs to have administrative access to the default install location in order to plant the malicious DLL. Once loaded by the application, the DLL could run malicious code at the privilege level of the application.

CVE-2017-14020 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.7.

The products see action in the commercial facilities, critical manufacturing and information technology sectors. They also see use on a global basis.

Cumming, GA-baed AutomationDirect created fixes for the following software:
• CLICK Programming Software: Version 2.11
• C-more Programming Software: Version 6.32
• C-more Micro Programming Software:  Version 4.21
• GS Drives: Version 4.0.7
• SL-Soft SOLO Configuration software: Version

Do NOT follow this link or you will be banned from the site!

Pin It on Pinterest

Share This