Vulnerability CVE-2017-14019
Published: 2017-10-19   Modified: 2017-10-20

Description:
An Unquoted Search Path or Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An unquoted search path or element vulnerability has been identified, which may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate his or her privileges.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Progea Movicon 11.5.1181 Search Path Issues
Karn Ganeshen
01.11.2017

Type:

CWE-428

 (Unquoted Search Path or Element)

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.6/10
6.4/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Progea -> Movicon 

 References:
http://www.securityfocus.com/bid/101483
https://ics-cert.us-cert.gov/advisories/ICSA-17-290-01
Copyright 2024, cxsecurity.com

 

Back to Top