CVE-2017-14020

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2017-14020
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2017-11-13 20:29:00 UTC
Updated2018-08-01 01:29:00 UTC
DescriptionIn AutomationDirect CLICK Programming Software (Part Number C0-PGMSW) Versions 2.10 and prior; C-More Programming Software (Part Number EA9-PGMSW) Versions 6.30 and prior; C-More Micro (Part Number EA-PGMSW) Versions 4.20.01.0 and prior; Do-more Designer Software (Part Number DM-PGMSW) Versions 2.0.3 and prior; GS Drives Configuration Software (Part Number GSOFT) Versions 4.0.6 and prior; SL-SOFT SOLO Temperature Controller Configuration Software (Part Number SL-SOFT) Versions 1.1.0.5 and prior; and DirectSOFT Programming Software Versions 6.1 and prior, an uncontrolled search path element (DLL Hijacking) vulnerability has been identified. To exploit this vulnerability, an attacker could rename a malicious DLL to meet the criteria of the application, and the application would not verify that the DLL is correct. Once loaded by the application, the DLL could run malicious code at the privilege level of the application.

Risk And Classification

Problem Types: CWE-427

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Hardware Automationdirect C-more Micro - All All All
Hardware Automationdirect C-more Micro - All All All
Operating System Automationdirect C-more Micro Firmware All All All All
Hardware Automationdirect C-more Plc - All All All
Hardware Automationdirect C-more Plc - All All All
Operating System Automationdirect C-more Plc Firmware All All All All
Hardware Automationdirect Click Plc - All All All
Hardware Automationdirect Click Plc - All All All
Operating System Automationdirect Click Plc Firmware All All All All
Hardware Automationdirect Gs Drives - All All All
Hardware Automationdirect Gs Drives - All All All
Operating System Automationdirect Gs Drives Fimware All All All All
Hardware Automationdirect Sl-soft Solo Temperature Controller - All All All
Hardware Automationdirect Sl-soft Solo Temperature Controller - All All All
Operating System Automationdirect Sl-soft Solo Temperature Controller Firmware All All All All

References

ReferenceSourceLinkTags
Multiple AutomationDirect Products CVE-2017-1402 DLL Loading Local Code Execution Vulnerability BID www.securityfocus.com Third Party Advisory, VDB Entry
ICS-CERT Advisories | ICS-CERT MISC ics-cert.us-cert.gov Issue Tracking, Mitigation, Third Party Advisory, US Government Resource
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report