CVE-2017-5176
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A DLL Hijack issue was discovered in Rockwell Automation Connected Components Workbench (CCW). The following versions are affected: Connected Components Workbench - Developer Edition, v9.01.00 and earlier: 9328-CCWDEVENE, 9328-CCWDEVZHE, 9328-CCWDEVFRE, 9328-CCWDEVITE, 9328-CCWDEVDEE, 9328-CCWDEVESE, and 9328-CCWDEVPTE; and Connected Components Workbench - Free Standard Edition (All Supported Languages), v9.01.00 and earlier. Certain DLLs included with versions of CCW software can be potentially hijacked to allow an attacker to gain rights to a victim's affected personal computer. Such access rights can be at the same or potentially higher level of privileges as the compromised user account, including and up to computer administrator privileges.
Se detectó un problema de secuestro de DLL en Connected Components Workbench (CCW) de Rockwell Automation. Están afectadas las siguientes versiones: Connected Components Workbench - Developer Edition, versión v9.01.00 y anteriores a: 9328-CCWDEVENE, 9328-CCWDEVZHE, 9328-CCWDEVFRE, 9328-CCWDEVITE, 9328-CCWDEVDEE, 9328-CC y Connected Components Workbench - Edición Estándar Gratuita (todos los idiomas compatibles), versión v9.01.00 y anteriores. Ciertos bibliotecas DLL incluidas con las versiones de software de CCW pueden ser secuestradas para permitir a un atacante alcanzar derechos sobre la computadora personal afectada de la víctima. Dichos derechos de acceso pueden estar en el mismo nivel de privilegios o potencialmente en un nivel más alto al de la cuenta de usuario comprometida, incluyendo los privilegios de administrador de computadora.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-01-03 CVE Reserved
- 2017-05-19 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-427: Uncontrolled Search Path Element
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/97000 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-17-047-01 | 2019-10-09 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Rockwellautomation Search vendor "Rockwellautomation" | Connected Components Workbench Search vendor "Rockwellautomation" for product "Connected Components Workbench" | <= 9.01.00 Search vendor "Rockwellautomation" for product "Connected Components Workbench" and version " <= 9.01.00" | developer |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | 9328-ccwdevdee Search vendor "Rockwellautomation" for product "9328-ccwdevdee" | - | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | Connected Components Workbench Search vendor "Rockwellautomation" for product "Connected Components Workbench" | <= 9.01.00 Search vendor "Rockwellautomation" for product "Connected Components Workbench" and version " <= 9.01.00" | developer |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | 9328-ccwdevene Search vendor "Rockwellautomation" for product "9328-ccwdevene" | - | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | Connected Components Workbench Search vendor "Rockwellautomation" for product "Connected Components Workbench" | <= 9.01.00 Search vendor "Rockwellautomation" for product "Connected Components Workbench" and version " <= 9.01.00" | developer |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | 9328-ccwdevese Search vendor "Rockwellautomation" for product "9328-ccwdevese" | - | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | Connected Components Workbench Search vendor "Rockwellautomation" for product "Connected Components Workbench" | <= 9.01.00 Search vendor "Rockwellautomation" for product "Connected Components Workbench" and version " <= 9.01.00" | developer |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | 9328-ccwdevfre Search vendor "Rockwellautomation" for product "9328-ccwdevfre" | - | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | Connected Components Workbench Search vendor "Rockwellautomation" for product "Connected Components Workbench" | <= 9.01.00 Search vendor "Rockwellautomation" for product "Connected Components Workbench" and version " <= 9.01.00" | developer |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | 9328-ccwdevite Search vendor "Rockwellautomation" for product "9328-ccwdevite" | - | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | Connected Components Workbench Search vendor "Rockwellautomation" for product "Connected Components Workbench" | <= 9.01.00 Search vendor "Rockwellautomation" for product "Connected Components Workbench" and version " <= 9.01.00" | developer |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | 9328-ccwdevpte Search vendor "Rockwellautomation" for product "9328-ccwdevpte" | - | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | Connected Components Workbench Search vendor "Rockwellautomation" for product "Connected Components Workbench" | <= 9.01.00 Search vendor "Rockwellautomation" for product "Connected Components Workbench" and version " <= 9.01.00" | developer |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | 9328-ccwdevzhe Search vendor "Rockwellautomation" for product "9328-ccwdevzhe" | - | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | Connected Components Workbench Search vendor "Rockwellautomation" for product "Connected Components Workbench" | <= 9.01.00 Search vendor "Rockwellautomation" for product "Connected Components Workbench" and version " <= 9.01.00" | free_standard |
Affected
| ||||||