Posts Tagged ‘CWE-427’
-
(CVE-2017-14029) VTScada HMI and SCADA Software Vulnerability
Background: On the 05th August 2017 I discovered an Uncontrolled Search Path Element (CWE-427) vulnerability in Trihedral Engineering Limited’s VTScada HMI and SCADA software. This vulnerability can be exploited by placing a crafted DLL file in the search path which is loaded prior to a valid DLL, allowing an attacker to hijack the DLL and […]
-
(CVE-2017-13993) i-SENS Inc. SmartLog Diabetes Management Software Vulnerability
Background: On the 03rd August 2017 I discovered an Uncontrolled Search Path Element (CWE-427) vulnerability in i-SENS Inc. SmartLog Diabetes Management Software. This vulnerability can be exploited by placing a crafted DLL file in the search path which is loaded prior to a valid DLL, allowing an attacker to hijack the DLL and execute arbitrary […]