CVE-2023-6061
Phantom DLL Vulnerability in Iconics Suite
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Multiple components of Iconics SCADA Suite are prone to a Phantom DLL loading vulnerability. This issue arises from the applications improperly searching for and loading dynamic link libraries, potentially allowing an attacker to execute malicious code via a DLL with a matching name in an accessible search path. The affected components are:
* MMXFax.exe * winfax.dll
* MelSim2ComProc.exe
* Sim2ComProc.dll
* MMXCall_in.exe * libdxxmt.dll
* libsrlmt.dll
Varios componentes de Iconics SCADA Suite son propensos a una vulnerabilidad de carga Phantom DLL. Este problema surge cuando las aplicaciones buscan y cargan librerías de vínculos dinámicos de manera inadecuada, lo que potencialmente permite que un atacante ejecute código malicioso a través de una DLL con un nombre coincidente en una ruta de búsqueda accesible. Los componentes afectados son: * MMXFax.exe * winfax.dll * MelSim2ComProc.exe * Sim2ComProc.dll * MMXCall_in.exe * libdxxmt.dll * libsrlmt.dll
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-11-09 CVE Reserved
- 2023-12-07 CVE Published
- 2023-12-13 EPSS Updated
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-426: Untrusted Search Path
- CWE-427: Uncontrolled Search Path Element
CAPEC
- CAPEC-641: DLL Side-Loading
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://gist.github.com/AsherDLL/abdd2334ac8872999d73ba7b20328c21 | 2024-08-02 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Iconics Search vendor "Iconics" | Iconics Suite Search vendor "Iconics" for product "Iconics Suite" | < 10.97.2 Search vendor "Iconics" for product "Iconics Suite" and version " < 10.97.2" | - |
Affected
|