What is CVE-2017-14029?

CVE-2017-14029 is a high-severity vulnerability in Trihedral Vtscada, classified under Uncontrolled Search Path Element. CVSS score: 7.8/10. Published 2017-11-06.

How severe is CVE-2017-14029?

High severity. CVSS v3 base score is 7.8 out of 10.

Vulnerability in Trihedral Vtscada

CVE-2017-14029

An Uncontrolled Search Path Element issue was discovered in Trihedral VTScada 11.3.03 and prior. The program will execute specially crafted malicious dll files placed on the target machine.

EPSS: 0.001 (34.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Trihedral Vtscada
N/a Trihedral Engineering Limited Vtscada — versions Trihedral Engineering Limited VTScada

Weakness classification (CWE)

CWE-427 — Uncontrolled Search Path Element

References

ics-cert@hq.dhs.gov (US Government Resource, Third Party Advisory, x_refsource_MISC, Mitigation, Issue Tracking)

Frequently asked questions

What is CVE-2017-14029?: CVE-2017-14029 is a high-severity vulnerability in Trihedral Vtscada, classified under Uncontrolled Search Path Element. CVSS score: 7.8/10. Published 2017-11-06.
How severe is CVE-2017-14029?: High severity. CVSS v3 base score is 7.8 out of 10.