SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-512691225] BLF-Tech LLC VisualView HMI

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-04-25HMIBLF-Tech LLCKarn Ganeshen discovered this vulnerability. N/ACVE-2017-6051 N/AN/AN/A

Source

						
							
								
#
# BLF-Tech LLC VisualView HMI
#


### VULNERABLE VENDOR
BLF-Tech LLC


### VULNERABLE PRODUCT
VisualView HMI



### RESEARCHER
Karn Ganeshen discovered this vulnerability.



### AFFECTED PRODUCTS

The following VisualView HMI versions are affected:

VisualView HMI Version 9.9.14.0 and prior.



### IMPACT

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code within the system.



### VULNERABILITY OVERVIEW

UNCONTROLLED SEARCH PATH ELEMENT CWE-427
The uncontrolled search path element vulnerability has been identified, which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code.
CVE-2017-6051 has been assigned to this vulnerability.
A CVSS v3 base score of 7.0 has been assigned; the CVSS vector string is (AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)





### BACKGROUND

Critical Infrastructure Sectors: Critical Manufacturing, Water and Wastewater Systems
Countries/Areas Deployed: United States
Company Headquarters Location: Las Vegas, Nevada




### MITIGATION

BLF-Tech LLC has released a new version of VisualView HMI to address the reported vulnerability. VisualView HMI Version 10.2.15.0 can be downloaded at:

http://www.hmisys.com/downloads/VisualViewTrialInstaller.exe