Sielco Sistemi created an update to its Winlog SCADA Software to mitigate an uncontrolled search path element, according to a report with ICS-CERT.
No known public exploits specifically target this vulnerability, discovered by researcher Karn Ganeshen. This vulnerability is not remotely exploitable. A high skill level is needed to exploit.
An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. Exploitation of this vulnerability could give an attacker access to the system with the same level of privilege as the application that utilizes the malicious DLL.
CVE-2017-5161 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.2.
The product sees action in the communications, critical manufacturing, energy, and Water and Wastewater industries. The product sees use on a global basis.
The following Sielco Sistemi products suffer from the issue:
• Winlog Lite SCADA Software, versions prior to Version 3.02.01
• Winlog Pro SCADA Software, versions prior to Version 3.02.01
Italy-based Sielco Sistemi released new versions of the Winlog Lite and Winlog Pro SCADA software that mitigate the uncontrolled search path element vulnerability.
Click here for the most current versions of Winlog Lite and Winlog Pro SCADA software.