Schneider Electric Interactive Graphical SCADA DLL Loading Remote Code Execution Vulnerability

Schneider Electric Interactive Graphical SCADA System Software is prone to a remote code-execution vulnerability.

A remote attacker can leverage this issue to execute arbitrary code in the context of the affected system.

Schneider Electric Interactive Graphical SCADA System Software version 12 and prior are vulnerable.

Information

Bugtraq ID: 97389
Class: Design Error
CVE: CVE-2017-6033

Remote: Yes
Local: No
Published: Apr 05 2017 12:00AM
Credit: Karn Ganeshen
Vulnerable: Schneider-Electric Interactive Graphical SCADA System Software 12

Not Vulnerable:

Exploit

Attackers must trick a user into opening a file on a remote WebDAV or SMB share to exploit this issue.

References:

Schneider Electric HomePage (Schneider Electric)
Advisory (ICSA-17-094-01) Schneider Electric Interactive Graphical SCADA System (cert.us)

Source: www.securityfocus.com

Exploit Collector

Search Exploit