SAP Plant Connectivity CVE-2017-16690 DLL Loading Remote Code Execution Vulnerability

SAP Plant Connectivity is prone to a remote code-execution vulnerability.

A remote attacker can leverage this issue to execute arbitrary code in the context of the affected application.

SAP Plant Connectivity versions 2.3, and 15.0 are vulnerable.


Bugtraq ID: 102145
Class: Design Error
CVE: CVE-2017-16690

Remote: Yes
Local: No
Published: Dec 12 2017 12:00AM
Updated: Dec 12 2017 12:00AM
Credit: The vendor reported this issue.
Vulnerable: SAP Plant Connectivity 2.3
SAP Plant Connectivity 15.0

Not Vulnerable:


Attackers must trick a user into opening a file on a remote WebDAV or SMB share to exploit this issue.

A general exploit technique has been documented by TheLeader and H.D. Moore for the Metasploit Project; please see the references for more information.

Related Posts