Podatność CVE-2023-6061


Publikacja: 2023-12-08   Modyfikacja: 2023-12-14

Opis:
Multiple components of Iconics SCADA Suite are prone to a Phantom DLL loading vulnerability. This issue arises from the applications improperly searching for and loading dynamic link libraries, potentially allowing an attacker to execute malicious code via a DLL with a matching name in an accessible search path. The affected components are:
* MMXFax.exe * winfax.dll




* MelSim2ComProc.exe
* Sim2ComProc.dll




* MMXCall_in.exe * libdxxmt.dll
* libsrlmt.dll






Typ:

CWE-427

(Uncontrolled Search Path Element)

Affected software
Iconics -> Iconics suite 

 Referencje:
https://gist.github.com/AsherDLL/abdd2334ac8872999d73ba7b20328c21

Copyright 2024, cxsecurity.com

 

Back to Top