Solar Controls’ WATTConfig M Software is suffering from an uncontrolled search path element vulnerability and the company has failed to mitigate the issue, according to a report with ICS-CERT.
WATTConfig M Software, Version 22.214.171.124 and prior suffer from the issue, discovered by Karn Ganeshen. The software is for Windows 2.5.10 for M SSR/MAX PLCs.
Successful exploitation of this vulnerability may allow arbitrary code execution.
No known public exploits specifically target this vulnerability. This vulnerability is not remotely exploitable. However, an attacker with low skill level could leverage the vulnerability.
An uncontrolled search path element has been identified, which could allow an attacker to execute arbitrary code on a target system using a malicious DLL file.
CVE-2017-9648 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.8.
The product sees use in the energy sector.
Czech Republic-based Solar Controls has not responded to requests to coordinate with NCCIC/ICS-CERT.
In lieu of specific mitigation from the company, ICS-CERT recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Users should:
• Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
• Locate control system networks and remote devices behind firewalls, and isolate them from the business network.
• When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.