CVE-2017-9661

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-222-01", "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-222-01", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/100263", "name": "100263", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "An Uncontrolled Search Path Element issue was discovered in SIMPlight SCADA Software version 4.3.0.27 and prior. The uncontrolled search path element vulnerability has been identified, which may allow an attacker to place a malicious DLL file within the search path resulting in execution of arbitrary code."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-427"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2017-9661", "ASSIGNER": "ics-cert@hq.dhs.gov"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.0}}, "publishedDate": "2017-08-14T16:29Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:simplight:scada:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "4.3.0.27"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-23T19:13Z"}