SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-285442445] SpiderControl MicroBrowser

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-10-19OtherSpiderControlKarn Ganeshen reported this vulnerability to ICS-CERT. N/ACVE-2017-1401 N/AN/AN/A

Source

						
							
								
#
# SpiderControl MicroBrowser
#


### VULNERABLE VENDOR
SpiderControl


### VULNERABLE PRODUCT
MicroBrowser



### RESEARCHER
Karn Ganeshen reported this vulnerability to ICS-CERT.



### AFFECTED PRODUCTS

The following versions of SpiderControl MicroBrowser, a touch panel operating system, are affected:

MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior.



### IMPACT

Exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system.



### VULNERABILITY OVERVIEW

UNCONTROLLED SEARCH PATH ELEMENT CWE-427
An uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path.
If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system.
CVE-2017-14010 has been assigned to this vulnerability.
A CVSS v3 base score of 8.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)





### BACKGROUND

Critical Infrastructure Sectors: Critical Manufacturing
Countries/Areas Deployed: Europe
Company Headquarters Location: Switzerland




### MITIGATION

SpiderControl has provided software update Version 1.6.30.148 for MicroBrowser, which fixes this vulnerability. SpiderControl recommends users update to the new version, which is available at the following location:

http://spidercontrol.net/download/downloadarea/?lang=en