{"api_version":"1","generated_at":"2026-06-05T07:25:07+00:00","cve":"CVE-2017-5147","urls":{"html":"https://cve.report/CVE-2017-5147","api":"https://cve.report/api/cve/CVE-2017-5147.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-5147","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-5147"},"summary":{"title":"CVE-2017-5147","description":"An Uncontrolled Search Path Element issue was discovered in AzeoTech DAQFactory versions prior to 17.1. An uncontrolled search path element vulnerability has been identified, which may execute malicious DLL files that have been placed within the search path.","state":"PUBLIC","assigner":"ics-cert@hq.dhs.gov","published_at":"2017-09-09 01:29:00","updated_at":"2019-10-09 23:28:00"},"problem_types":["CWE-427"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/100522","name":"100522","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"AzeoTech DAQFactory ICSA-17-241-01 Multiple Local Security Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-241-01","name":"https://ics-cert.us-cert.gov/advisories/ICSA-17-241-01","refsource":"MISC","tags":["Third Party Advisory","US Government Resource"],"title":"AzeoTech DAQFactory | ICS-CERT","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-5147","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5147","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"5147","vulnerable":"1","versionEndIncluding":"16.3","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"azeotech","cpe5":"daqfactory","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"ics-cert@hq.dhs.gov","ID":"CVE-2017-5147","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"AzeoTech DAQFactory","version":{"version_data":[{"version_value":"AzeoTech DAQFactory"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An Uncontrolled Search Path Element issue was discovered in AzeoTech DAQFactory versions prior to 17.1. An uncontrolled search path element vulnerability has been identified, which may execute malicious DLL files that have been placed within the search path."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-427"}]}]},"references":{"reference_data":[{"name":"100522","refsource":"BID","url":"http://www.securityfocus.com/bid/100522"},{"name":"https://ics-cert.us-cert.gov/advisories/ICSA-17-241-01","refsource":"MISC","url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-241-01"}]}},"nvd":{"publishedDate":"2017-09-09 01:29:00","lastModifiedDate":"2019-10-09 23:28:00","problem_types":["CWE-427"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW","baseScore":5.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":4.6},"severity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:azeotech:daqfactory:*:*:*:*:*:*:*:*","versionEndIncluding":"16.3","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"5147","Ordinal":"101647","Title":"CVE-2017-5147","CVE":"CVE-2017-5147","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"5147","Ordinal":"1","NoteData":"An Uncontrolled Search Path Element issue was discovered in AzeoTech DAQFactory versions prior to 17.1. An uncontrolled search path element vulnerability has been identified, which may execute malicious DLL files that have been placed within the search path.","Type":"Description","Title":null},{"CveYear":"2017","CveId":"5147","Ordinal":"2","NoteData":"2017-09-08","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"5147","Ordinal":"3","NoteData":"2017-09-09","Type":"Other","Title":"Modified"}]}}}