CVE-2017-5161

low-risk
Published 2017-02-13

An issue was discovered in Sielco Sistemi Winlog Lite SCADA Software, versions prior to Version 3.02.01, and Winlog Pro SCADA Software, versions prior to Version 3.02.01. An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. Exploitation of this vulnerability could give an attacker access to the system with the same level of privilege as the application that utilizes the malicious DLL.

Do I need to act?

-
0.12% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.2/10 High
LOCAL / HIGH complexity

Affected Products (2)

Winlog Lite
Winlog Pro

Affected Vendors

Sielcosistemi

References (4)

Third Party Advisory http://www.securityfocus.com/bid/96119
Mitigation https://ics-cert.us-cert.gov/advisories/ICSA-17-038-01
Third Party Advisory http://www.securityfocus.com/bid/96119
Mitigation https://ics-cert.us-cert.gov/advisories/ICSA-17-038-01
26
/ 100
low-risk
Severity 19/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 7/34 · Low