var-201705-3257
Vulnerability from variot
A DLL Hijack issue was discovered in Rockwell Automation Connected Components Workbench (CCW). The following versions are affected: Connected Components Workbench - Developer Edition, v9.01.00 and earlier: 9328-CCWDEVENE, 9328-CCWDEVZHE, 9328-CCWDEVFRE, 9328-CCWDEVITE, 9328-CCWDEVDEE, 9328-CCWDEVESE, and 9328-CCWDEVPTE; and Connected Components Workbench - Free Standard Edition (All Supported Languages), v9.01.00 and earlier. Certain DLLs included with versions of CCW software can be potentially hijacked to allow an attacker to gain rights to a victim's affected personal computer. Such access rights can be at the same or potentially higher level of privileges as the compromised user account, including and up to computer administrator privileges. Rockwell Automation Connected Components Workbench Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Rockwell Automation Connected Components Workbench is an HMI editor and component-level industrial product for designing and configuring applications and implementing microcontrollers. A local attacker could exploit this vulnerability to execute arbitrary code in the context of a user running in an affected program. The software can be used for controller programming and device configuration, and is integrated with an HMI editor to further simplify stand-alone device programming
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-3257",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "connected components workbench",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "9.01.00"
},
{
"model": "connected components workbench software",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "developer edition 9.01.00"
},
{
"model": "connected components workbench software",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "free standard edition (all supported languages) 9.01.00"
},
{
"model": "automation connected components workbench",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=v9.01.00"
},
{
"model": "connected components workbench",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "9.01.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "connected components workbench",
"version": "*"
},
{
"model": "automation connected components workbench free standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "??9.1"
},
{
"model": "automation connected components workbench developer edition",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "??9.1"
},
{
"model": "automation connected components workbench free standard edition",
"scope": "ne",
"trust": 0.3,
"vendor": "rockwell",
"version": "??10.01"
},
{
"model": "automation connected components workbench free standard edition",
"scope": "ne",
"trust": 0.3,
"vendor": "rockwell",
"version": "??10.00"
},
{
"model": "automation connected components workbench developer edition",
"scope": "ne",
"trust": 0.3,
"vendor": "rockwell",
"version": "??10.01"
},
{
"model": "automation connected components workbench developer edition",
"scope": "ne",
"trust": 0.3,
"vendor": "rockwell",
"version": "??10.00"
}
],
"sources": [
{
"db": "IVD",
"id": "efb00b70-253b-4c60-8992-9defd0413fb8"
},
{
"db": "CNVD",
"id": "CNVD-2017-04296"
},
{
"db": "BID",
"id": "97000"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004364"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-965"
},
{
"db": "NVD",
"id": "CVE-2017-5176"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:rockwellautomation:connected_components_workbench",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004364"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ivan Sanchez",
"sources": [
{
"db": "BID",
"id": "97000"
}
],
"trust": 0.3
},
"cve": "CVE-2017-5176",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.9,
"id": "CVE-2017-5176",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.9,
"id": "CNVD-2017-04296",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.9,
"id": "efb00b70-253b-4c60-8992-9defd0413fb8",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.9,
"id": "VHN-113379",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:H/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.0,
"id": "CVE-2017-5176",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-5176",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-5176",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-04296",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-965",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "efb00b70-253b-4c60-8992-9defd0413fb8",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-113379",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "efb00b70-253b-4c60-8992-9defd0413fb8"
},
{
"db": "CNVD",
"id": "CNVD-2017-04296"
},
{
"db": "VULHUB",
"id": "VHN-113379"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004364"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-965"
},
{
"db": "NVD",
"id": "CVE-2017-5176"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A DLL Hijack issue was discovered in Rockwell Automation Connected Components Workbench (CCW). The following versions are affected: Connected Components Workbench - Developer Edition, v9.01.00 and earlier: 9328-CCWDEVENE, 9328-CCWDEVZHE, 9328-CCWDEVFRE, 9328-CCWDEVITE, 9328-CCWDEVDEE, 9328-CCWDEVESE, and 9328-CCWDEVPTE; and Connected Components Workbench - Free Standard Edition (All Supported Languages), v9.01.00 and earlier. Certain DLLs included with versions of CCW software can be potentially hijacked to allow an attacker to gain rights to a victim\u0027s affected personal computer. Such access rights can be at the same or potentially higher level of privileges as the compromised user account, including and up to computer administrator privileges. Rockwell Automation Connected Components Workbench Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Rockwell Automation Connected Components Workbench is an HMI editor and component-level industrial product for designing and configuring applications and implementing microcontrollers. A local attacker could exploit this vulnerability to execute arbitrary code in the context of a user running in an affected program. The software can be used for controller programming and device configuration, and is integrated with an HMI editor to further simplify stand-alone device programming",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5176"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004364"
},
{
"db": "CNVD",
"id": "CNVD-2017-04296"
},
{
"db": "BID",
"id": "97000"
},
{
"db": "IVD",
"id": "efb00b70-253b-4c60-8992-9defd0413fb8"
},
{
"db": "VULHUB",
"id": "VHN-113379"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5176",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-047-01",
"trust": 3.4
},
{
"db": "BID",
"id": "97000",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201703-965",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-04296",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004364",
"trust": 0.8
},
{
"db": "IVD",
"id": "EFB00B70-253B-4C60-8992-9DEFD0413FB8",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-113379",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "efb00b70-253b-4c60-8992-9defd0413fb8"
},
{
"db": "CNVD",
"id": "CNVD-2017-04296"
},
{
"db": "VULHUB",
"id": "VHN-113379"
},
{
"db": "BID",
"id": "97000"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004364"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-965"
},
{
"db": "NVD",
"id": "CVE-2017-5176"
}
]
},
"id": "VAR-201705-3257",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "efb00b70-253b-4c60-8992-9defd0413fb8"
},
{
"db": "CNVD",
"id": "CNVD-2017-04296"
},
{
"db": "VULHUB",
"id": "VHN-113379"
}
],
"trust": 1.38214287
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "efb00b70-253b-4c60-8992-9defd0413fb8"
},
{
"db": "CNVD",
"id": "CNVD-2017-04296"
}
]
},
"last_update_date": "2024-11-23T22:38:34.793000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Connected Components Workbench Software",
"trust": 0.8,
"url": "http://www.rockwellautomation.com/global/support/connected-components/workbench.page"
},
{
"title": "Rockwell Automation Connected Components Workbench DLL loads patches for native code execution vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/91709"
},
{
"title": "Rockwell Automation Connected Components Workbench Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68694"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04296"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004364"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-965"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-427",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113379"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004364"
},
{
"db": "NVD",
"id": "CVE-2017-5176"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-047-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/97000"
},
{
"trust": 1.4,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5176"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5176"
},
{
"trust": 0.3,
"url": "http://www.rockwellautomation.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04296"
},
{
"db": "VULHUB",
"id": "VHN-113379"
},
{
"db": "BID",
"id": "97000"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004364"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-965"
},
{
"db": "NVD",
"id": "CVE-2017-5176"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "efb00b70-253b-4c60-8992-9defd0413fb8"
},
{
"db": "CNVD",
"id": "CNVD-2017-04296"
},
{
"db": "VULHUB",
"id": "VHN-113379"
},
{
"db": "BID",
"id": "97000"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004364"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-965"
},
{
"db": "NVD",
"id": "CVE-2017-5176"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-12T00:00:00",
"db": "IVD",
"id": "efb00b70-253b-4c60-8992-9defd0413fb8"
},
{
"date": "2017-04-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04296"
},
{
"date": "2017-05-19T00:00:00",
"db": "VULHUB",
"id": "VHN-113379"
},
{
"date": "2017-03-22T00:00:00",
"db": "BID",
"id": "97000"
},
{
"date": "2017-06-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004364"
},
{
"date": "2017-03-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-965"
},
{
"date": "2017-05-19T03:29:00.293000",
"db": "NVD",
"id": "CVE-2017-5176"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04296"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-113379"
},
{
"date": "2017-03-23T00:01:00",
"db": "BID",
"id": "97000"
},
{
"date": "2017-06-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004364"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-965"
},
{
"date": "2024-11-21T03:27:12.343000",
"db": "NVD",
"id": "CVE-2017-5176"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "97000"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-965"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell Automation Connected Components Workbench DLL Load Local Code Execution Vulnerability",
"sources": [
{
"db": "IVD",
"id": "efb00b70-253b-4c60-8992-9defd0413fb8"
},
{
"db": "CNVD",
"id": "CNVD-2017-04296"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "efb00b70-253b-4c60-8992-9defd0413fb8"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-965"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…