Hole in Solar Controls HC DownloaderSolar Controls Heating Control Downloader (HCDownloader) product is suffering from an uncontrolled search path element and has not responded to calls to mitigate the vulnerability, according to a report with ICS-CERT.
HCDownloader, Version 18.104.22.168 and prior suffer from the issue, discovered by Karn Ganeshen.
Successful exploitation of this vulnerability may allow arbitrary code execution.
No known public exploits specifically target this vulnerability. This vulnerability is not remotely exploitable. However, an attacker with low skill level could exploit the vulnerability.
An uncontrolled search path element has been identified, which could allow an attacker to execute arbitrary code on a target system using a malicious DLL file.
CVE-2017-9646 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.8.
The product sees action mainly in the energy sector.
Czech Republic-based Solar Controls has not responded to requests to coordinate with ICS-CERT, officials said.
In lieu of specific details from the company, ICS-CERT recommends users take defensive measures to minimize the risk of exploitation. Users should:
• Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
• Locate control system networks and remote devices behind firewalls, and isolate them from the business network.
• When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.