cvelistv5 - CVE-2017-6051

CVE-2017-6051 (GCVE-0-2017-6051)

Vulnerability from cvelistv5

Published

2017-05-08 17:00

Modified

2024-08-05 15:18

Severity ?

CWE

CWE-427

Summary

References

URL

	Vendor	Product	Version
	n/a	BLF-Tech LLC VisualView HMI	Version: BLF-Tech LLC VisualView HMI

ICSA-17-115-01

Vulnerability from csaf_cisa

Published

2017-04-25 00:00

Modified

2017-04-25 00:00

Summary

BLF-Tech LLC VisualView HMI

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

ATTENTION: Low skill level to exploit

Critical infrastructure sectors

Critical Manufacturing, Water and Wastewater Systems

Countries/areas deployed

United States

Company headquarters location

Las Vegas, Nevada

Recommended Practices

NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.

Recommended Practices

Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Karn Ganeshen"
        ],
        "summary": "discovering this vulnerability"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "ATTENTION: Low skill level to exploit",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing, Water and Wastewater Systems",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "United States",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Las Vegas, Nevada",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-115-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2017/icsa-17-115-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-115-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-115-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-115-01"
      }
    ],
    "title": "BLF-Tech LLC VisualView HMI",
    "tracking": {
      "current_release_date": "2017-04-25T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-17-115-01",
      "initial_release_date": "2017-04-25T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2017-04-25T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-17-115-01 BLF-Tech LLC VisualView HMI"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 9.9.14.0",
                "product": {
                  "name": "VisualView HMI: Version 9.9.14.0 and prior",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "VisualView HMI"
          }
        ],
        "category": "vendor",
        "name": "BLF-Tech LLC"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-6051",
      "cwe": {
        "id": "CWE-427",
        "name": "Uncontrolled Search Path Element"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The uncontrolled search path element vulnerability has been identified, which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code.CVE-2017-6051 has been assigned to this vulnerability. A CVSS v3 base score of 7.0 has been assigned; the CVSS vector string is (AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6051"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "BLF-Tech LLC has released a new version of VisualView HMI to address the reported vulnerability. VisualView HMI Version 10.2.15.0 can be downloaded at:",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "http://www.hmisys.com/downloads/VisualViewTrialInstaller.exe"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    }
  ]
}

icsa-17-115-01

Vulnerability from csaf_cisa

Published

2017-04-25 00:00

Modified

2017-04-25 00:00

Summary

BLF-Tech LLC VisualView HMI

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

Risk evaluation

ATTENTION: Low skill level to exploit

Critical infrastructure sectors

Critical Manufacturing, Water and Wastewater Systems

Countries/areas deployed

United States

Company headquarters location

Las Vegas, Nevada

Recommended Practices

NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Karn Ganeshen"
        ],
        "summary": "discovering this vulnerability"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "ATTENTION: Low skill level to exploit",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing, Water and Wastewater Systems",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "United States",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Las Vegas, Nevada",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-115-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2017/icsa-17-115-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-115-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-115-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-115-01"
      }
    ],
    "title": "BLF-Tech LLC VisualView HMI",
    "tracking": {
      "current_release_date": "2017-04-25T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-17-115-01",
      "initial_release_date": "2017-04-25T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2017-04-25T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-17-115-01 BLF-Tech LLC VisualView HMI"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 9.9.14.0",
                "product": {
                  "name": "VisualView HMI: Version 9.9.14.0 and prior",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "VisualView HMI"
          }
        ],
        "category": "vendor",
        "name": "BLF-Tech LLC"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-6051",
      "cwe": {
        "id": "CWE-427",
        "name": "Uncontrolled Search Path Element"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The uncontrolled search path element vulnerability has been identified, which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code.CVE-2017-6051 has been assigned to this vulnerability. A CVSS v3 base score of 7.0 has been assigned; the CVSS vector string is (AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6051"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "BLF-Tech LLC has released a new version of VisualView HMI to address the reported vulnerability. VisualView HMI Version 10.2.15.0 can be downloaded at:",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "http://www.hmisys.com/downloads/VisualViewTrialInstaller.exe"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    }
  ]
}

var-201705-3543

Vulnerability from variot

An Uncontrolled Search Path Element issue was discovered in BLF-Tech LLC VisualView HMI Version 9.9.14.0 and prior. The uncontrolled search path element vulnerability has been identified, which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code. BLF-Tech LLC VisualView HMI Contains a vulnerability related to uncontrolled search path elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. BLF-Tech LLC VisualView HMI is a human-machine interface interactive program from BLF-Tech LLC. BLF-Tech LLC VisualView HMI has a security vulnerability that allows local attackers to exploit arbitrary requests, execute arbitrary code, and increase privileges. VisualView HMI 9.9.14.0 and prior versions are vulnerable

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201705-3543",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "visualview hmi",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "blftech",
        "version": "9.9.14.0"
      },
      {
        "model": "visualview hmi",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "blf tech",
        "version": "9.9.14.0"
      },
      {
        "model": "llc visualview hmi",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "blf tech",
        "version": "\u003c=9.9.14.0"
      },
      {
        "model": "visualview hmi",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "blftech",
        "version": "9.9.14.0"
      },
      {
        "model": "llc visualview hmi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blf tech",
        "version": "9.9.14.0"
      },
      {
        "model": "llc visualview hmi",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "blf tech",
        "version": "10.2.15.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "visualview hmi",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "860a990a-68f3-49ee-a184-de930173ccb7"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-06901"
      },
      {
        "db": "BID",
        "id": "98031"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003969"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1503"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6051"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:blftech:visualview_hmi",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003969"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Karn Ganeshen",
    "sources": [
      {
        "db": "BID",
        "id": "98031"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1503"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2017-6051",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 4.9,
            "id": "CVE-2017-6051",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "id": "CNVD-2017-06901",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "id": "860a990a-68f3-49ee-a184-de930173ccb7",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.0,
            "id": "CVE-2017-6051",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-6051",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-6051",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-06901",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201704-1503",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "860a990a-68f3-49ee-a184-de930173ccb7",
            "trust": 0.2,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "860a990a-68f3-49ee-a184-de930173ccb7"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-06901"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003969"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1503"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6051"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An Uncontrolled Search Path Element issue was discovered in BLF-Tech LLC VisualView HMI Version 9.9.14.0 and prior. The uncontrolled search path element vulnerability has been identified, which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code. BLF-Tech LLC VisualView HMI Contains a vulnerability related to uncontrolled search path elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. BLF-Tech LLC VisualView HMI is a human-machine interface interactive program from BLF-Tech LLC. BLF-Tech LLC VisualView HMI has a security vulnerability that allows local attackers to exploit arbitrary requests, execute arbitrary code, and increase privileges. \nVisualView HMI 9.9.14.0 and prior versions are vulnerable",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6051"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003969"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-06901"
      },
      {
        "db": "BID",
        "id": "98031"
      },
      {
        "db": "IVD",
        "id": "860a990a-68f3-49ee-a184-de930173ccb7"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-6051",
        "trust": 3.5
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-17-115-01",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "98031",
        "trust": 2.5
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-06901",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1503",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003969",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "860A990A-68F3-49EE-A184-DE930173CCB7",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "860a990a-68f3-49ee-a184-de930173ccb7"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-06901"
      },
      {
        "db": "BID",
        "id": "98031"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003969"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1503"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6051"
      }
    ]
  },
  "id": "VAR-201705-3543",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "860a990a-68f3-49ee-a184-de930173ccb7"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-06901"
      }
    ],
    "trust": 1.55
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "860a990a-68f3-49ee-a184-de930173ccb7"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-06901"
      }
    ]
  },
  "last_update_date": "2024-11-23T23:05:26.731000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "BLF-Tech LLC Patch for VisualView HMI Native Code Execution Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/93906"
      },
      {
        "title": "BLF-Tech LLC VisualView HMI Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69696"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-06901"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1503"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-427",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003969"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6051"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-115-01"
      },
      {
        "trust": 2.2,
        "url": "http://www.securityfocus.com/bid/98031"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6051"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6051"
      },
      {
        "trust": 0.3,
        "url": "http://www.hmisys.com/downloads/visualviewtrialinstaller.exe (link is external)"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-06901"
      },
      {
        "db": "BID",
        "id": "98031"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003969"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1503"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6051"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "860a990a-68f3-49ee-a184-de930173ccb7"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-06901"
      },
      {
        "db": "BID",
        "id": "98031"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003969"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1503"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6051"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-18T00:00:00",
        "db": "IVD",
        "id": "860a990a-68f3-49ee-a184-de930173ccb7"
      },
      {
        "date": "2017-05-18T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-06901"
      },
      {
        "date": "2017-04-25T00:00:00",
        "db": "BID",
        "id": "98031"
      },
      {
        "date": "2017-06-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-003969"
      },
      {
        "date": "2017-04-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201704-1503"
      },
      {
        "date": "2017-05-08T17:29:00.157000",
        "db": "NVD",
        "id": "CVE-2017-6051"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-18T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-06901"
      },
      {
        "date": "2017-05-02T04:09:00",
        "db": "BID",
        "id": "98031"
      },
      {
        "date": "2017-06-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-003969"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201704-1503"
      },
      {
        "date": "2024-11-21T03:28:59.577000",
        "db": "NVD",
        "id": "CVE-2017-6051"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "98031"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1503"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "BLF-Tech LLC VisualView HMI Native code execution vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "860a990a-68f3-49ee-a184-de930173ccb7"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-06901"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Code problem",
    "sources": [
      {
        "db": "IVD",
        "id": "860a990a-68f3-49ee-a184-de930173ccb7"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1503"
      }
    ],
    "trust": 0.8
  }
}

ghsa-w4rw-g4m2-64c5

Vulnerability from github

Published

2022-05-13 01:36

Modified

2022-05-13 01:36

Severity ?

7.0 (High) - CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-6051"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-427"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-05-08T17:29:00Z",
    "severity": "HIGH"
  },
  "details": "An Uncontrolled Search Path Element issue was discovered in BLF-Tech LLC VisualView HMI Version 9.9.14.0 and prior. The uncontrolled search path element vulnerability has been identified, which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code.",
  "id": "GHSA-w4rw-g4m2-64c5",
  "modified": "2022-05-13T01:36:33Z",
  "published": "2022-05-13T01:36:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6051"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/98031"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cnvd-2017-06901

Vulnerability from cnvd

Title

BLF-Tech LLC VisualView HMI本地代码执行漏洞

Description

BLF-Tech LLC VisualView HMI是BLF-Tech LLC公司的一款人机界面交互程序。 BLF-Tech LLC VisualView HMI存在安全漏洞，允许本地攻击者利用漏洞特殊的请求，执行任意代码，提升权限。

Severity

高

Patch Name

BLF-Tech LLC VisualView HMI本地代码执行漏洞的补丁

Patch Description

BLF-Tech LLC VisualView HMI是BLF-Tech LLC公司的一款人机界面交互程序。 BLF-Tech LLC VisualView HMI存在安全漏洞，允许本地攻击者利用漏洞特殊的请求，执行任意代码，提升权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： http://www.blftech.com/

Reference

http://www.securityfocus.com/bid/98031 https://nvd.nist.gov/vuln/detail/CVE-2017-6051 https://ics-cert.us-cert.gov/advisories/ICSA-17-115-01

Impacted products

Name
BLF-Tech LLC VisualView HMI <=9.9.14.0

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "98031"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-6051"
    }
  },
  "description": "BLF-Tech LLC VisualView HMI\u662fBLF-Tech LLC\u516c\u53f8\u7684\u4e00\u6b3e\u4eba\u673a\u754c\u9762\u4ea4\u4e92\u7a0b\u5e8f\u3002\r\n\r\nBLF-Tech LLC VisualView HMI\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u672c\u5730\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u63d0\u5347\u6743\u9650\u3002",
  "discovererName": "Karn Ganeshen",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://www.blftech.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-06901",
  "openTime": "2017-05-18",
  "patchDescription": "BLF-Tech LLC VisualView HMI\u662fBLF-Tech LLC\u516c\u53f8\u7684\u4e00\u6b3e\u4eba\u673a\u754c\u9762\u4ea4\u4e92\u7a0b\u5e8f\u3002\r\n\r\nBLF-Tech LLC VisualView HMI\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u672c\u5730\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u63d0\u5347\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "BLF-Tech LLC VisualView HMI\u672c\u5730\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "BLF-Tech LLC VisualView HMI \u003c=9.9.14.0"
  },
  "referenceLink": "http://www.securityfocus.com/bid/98031\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-6051\r\nhttps://ics-cert.us-cert.gov/advisories/ICSA-17-115-01",
  "serverity": "\u9ad8",
  "submitTime": "2017-04-27",
  "title": "BLF-Tech LLC VisualView HMI\u672c\u5730\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

gsd-2017-6051

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2017-6051

Aliases

CVE-2017-6051

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-6051",
    "description": "An Uncontrolled Search Path Element issue was discovered in BLF-Tech LLC VisualView HMI Version 9.9.14.0 and prior. The uncontrolled search path element vulnerability has been identified, which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code.",
    "id": "GSD-2017-6051"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-6051"
      ],
      "details": "An Uncontrolled Search Path Element issue was discovered in BLF-Tech LLC VisualView HMI Version 9.9.14.0 and prior. The uncontrolled search path element vulnerability has been identified, which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code.",
      "id": "GSD-2017-6051",
      "modified": "2023-12-13T01:21:09.550872Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "ID": "CVE-2017-6051",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "BLF-Tech LLC VisualView HMI",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "BLF-Tech LLC VisualView HMI"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An Uncontrolled Search Path Element issue was discovered in BLF-Tech LLC VisualView HMI Version 9.9.14.0 and prior. The uncontrolled search path element vulnerability has been identified, which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-427"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-01",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-01"
          },
          {
            "name": "98031",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/98031"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:blftech:visualview_hmi:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.9.14.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2017-6051"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An Uncontrolled Search Path Element issue was discovered in BLF-Tech LLC VisualView HMI Version 9.9.14.0 and prior. The uncontrolled search path element vulnerability has been identified, which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-427"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-01",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-01"
            },
            {
              "name": "98031",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/98031"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.0,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-09T23:28Z",
      "publishedDate": "2017-05-08T17:29Z"
    }
  }
}

fkie_cve-2017-6051

Vulnerability from fkie_nvd

Published

2017-05-08 17:29

Modified

2025-04-20 01:37

Severity ?

7.0 (High) - CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
ics-cert@hq.dhs.gov	http://www.securityfocus.com/bid/98031	Third Party Advisory, VDB Entry
ics-cert@hq.dhs.gov	https://ics-cert.us-cert.gov/advisories/ICSA-17-115-01	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/98031	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-17-115-01	Third Party Advisory, US Government Resource

Impacted products

	Vendor	Product	Version
	blftech	visualview_hmi	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:blftech:visualview_hmi:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5BF7806-1756-44BF-8A4A-D3EA97017679",
              "versionEndIncluding": "9.9.14.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An Uncontrolled Search Path Element issue was discovered in BLF-Tech LLC VisualView HMI Version 9.9.14.0 and prior. The uncontrolled search path element vulnerability has been identified, which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code."
    },
    {
      "lang": "es",
      "value": "Un problema de Elemento de Ruta (path) de B\u00fasqueda no Controlada se detect\u00f3 en VisualView HMI versi\u00f3n 9.9.14.0 y anteriores de BLF-Tech LLC. Se ha identificado la vulnerabilidad de elemento de ruta (path) de b\u00fasqueda no controlada, lo que puede permitir a un atacante ejecutar un archivo DLL malicioso dentro de la ruta de (path) b\u00fasqueda, resultando en una ejecuci\u00f3n de c\u00f3digo arbitrario."
    }
  ],
  "id": "CVE-2017-6051",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-05-08T17:29:00.157",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98031"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98031"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-01"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-427"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-427"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2017-6051 (GCVE-0-2017-6051)

Vulnerability from cvelistv5

ICSA-17-115-01

Vulnerability from csaf_cisa

icsa-17-115-01

Vulnerability from csaf_cisa

var-201705-3543

Vulnerability from variot

ghsa-w4rw-g4m2-64c5

Vulnerability from github

cnvd-2017-06901

Vulnerability from cnvd

gsd-2017-6051

Vulnerability from gsd

fkie_cve-2017-6051

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature