Details of VAR-201706-0651

ID

VAR-201706-0651

CVE

CVE-2017-7966

TITLE

Schneider Electric SoMachine HVAC Arbitrary code execution vulnerability

Trust: 0.8

sources: IVD: d24e5bf7-8f13-41cd-9ff1-9b9f830fd317 // CNVD: CNVD-2017-10359

DESCRIPTION

A DLL Hijacking vulnerability in the programming software in Schneider Electric's SoMachine HVAC v2.1.0 allows a remote attacker to execute arbitrary code on the targeted system. The vulnerability exists due to the improper loading of a DLL. SoMachine HVAC is a PLC programming software

Trust: 2.7

sources: NVD: CVE-2017-7966 // JVNDB: JVNDB-2017-004715 // CNVD: CNVD-2017-10359 // BID: 98446 // IVD: d24e5bf7-8f13-41cd-9ff1-9b9f830fd317 // VULHUB: VHN-116169

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: d24e5bf7-8f13-41cd-9ff1-9b9f830fd317 // CNVD: CNVD-2017-10359

AFFECTED PRODUCTS

vendor:	schneider electric	model:	somachine	scope:	eq	version:	2.1.0	Trust: 1.6
vendor:	schneider electric	model:	somachine	scope:	eq	version:	hvac 2.1.0	Trust: 0.8
vendor:	schneider	model:	electric somachine hvac	scope:	eq	version:	2.1.0	Trust: 0.6
vendor:	schneider electric	model:	somachine hvac	scope:	eq	version:	2.1	Trust: 0.3
vendor:	schneider electric	model:	somachine hvac	scope:	ne	version:	2.2	Trust: 0.3
vendor:	somachine	model:	-	scope:	eq	version:	2.1.0	Trust: 0.2

sources: IVD: d24e5bf7-8f13-41cd-9ff1-9b9f830fd317 // CNVD: CNVD-2017-10359 // BID: 98446 // JVNDB: JVNDB-2017-004715 // CNNVD: CNNVD-201704-902 // NVD: CVE-2017-7966

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-7966
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-7966
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-10359
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201704-902
value:	HIGH
Trust: 0.6
IVD:	d24e5bf7-8f13-41cd-9ff1-9b9f830fd317
value:	HIGH
Trust: 0.2
VULHUB:	VHN-116169
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-7966
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-10359
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	d24e5bf7-8f13-41cd-9ff1-9b9f830fd317
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-116169
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-7966
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: d24e5bf7-8f13-41cd-9ff1-9b9f830fd317 // CNVD: CNVD-2017-10359 // VULHUB: VHN-116169 // JVNDB: JVNDB-2017-004715 // CNNVD: CNNVD-201704-902 // NVD: CVE-2017-7966

PROBLEMTYPE DATA

problemtype:	CWE-427	Trust: 1.1
problemtype:	CWE-284	Trust: 0.9

sources: VULHUB: VHN-116169 // JVNDB: JVNDB-2017-004715 // NVD: CVE-2017-7966

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-902

TYPE

Code problem

Trust: 0.8

sources: IVD: d24e5bf7-8f13-41cd-9ff1-9b9f830fd317 // CNNVD: CNNVD-201704-902

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-004715

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-116169

PATCH

title:	SEVD-2017-125-02	url:	http://www.schneider-electric.com/en/download/document/SEVD-2017-125-02/	Trust: 0.8
title:	Schneider Electric SoMachine HVAC patch for arbitrary code execution vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/95695	Trust: 0.6
title:	Schneider Electric SoMachine HVAC Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99739	Trust: 0.6

sources: CNVD: CNVD-2017-10359 // JVNDB: JVNDB-2017-004715 // CNNVD: CNNVD-201704-902

EXTERNAL IDS

db:	NVD	id:	CVE-2017-7966	Trust: 3.6
db:	BID	id:	98446	Trust: 2.6
db:	SCHNEIDER	id:	SEVD-2017-125-02	Trust: 2.0
db:	CNNVD	id:	CNNVD-201704-902	Trust: 0.9
db:	CNVD	id:	CNVD-2017-10359	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-004715	Trust: 0.8
db:	ICS CERT	id:	ICSA-17-136-02	Trust: 0.3
db:	IVD	id:	D24E5BF7-8F13-41CD-9FF1-9B9F830FD317	Trust: 0.2
db:	VULHUB	id:	VHN-116169	Trust: 0.1

sources: IVD: d24e5bf7-8f13-41cd-9ff1-9b9f830fd317 // CNVD: CNVD-2017-10359 // VULHUB: VHN-116169 // BID: 98446 // JVNDB: JVNDB-2017-004715 // CNNVD: CNNVD-201704-902 // NVD: CVE-2017-7966

REFERENCES

url:	http://www.securityfocus.com/bid/98446	Trust: 2.3
url:	http://www.schneider-electric.com/en/download/document/sevd-2017-125-02/	Trust: 2.0
url:	https://nvd.nist.gov/vuln/detail/cve-2017-7966	Trust: 1.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7966	Trust: 0.8
url:	http://blog.rapid7.com/?p=5325	Trust: 0.3
url:	http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html	Trust: 0.3
url:	http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx	Trust: 0.3
url:	http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true	Trust: 0.3
url:	https://ics-cert.us-cert.gov/advisories/icsa-17-136-02	Trust: 0.3

sources: CNVD: CNVD-2017-10359 // VULHUB: VHN-116169 // BID: 98446 // JVNDB: JVNDB-2017-004715 // CNNVD: CNNVD-201704-902 // NVD: CVE-2017-7966

CREDITS

Himanshu Mehta

Trust: 0.3

sources: BID: 98446

SOURCES

db:	IVD	id:	d24e5bf7-8f13-41cd-9ff1-9b9f830fd317
db:	CNVD	id:	CNVD-2017-10359
db:	VULHUB	id:	VHN-116169
db:	BID	id:	98446
db:	JVNDB	id:	JVNDB-2017-004715
db:	CNNVD	id:	CNNVD-201704-902
db:	NVD	id:	CVE-2017-7966

LAST UPDATE DATE

2024-11-23T22:34:37.060000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-10359	date:	2017-06-20T00:00:00
db:	VULHUB	id:	VHN-116169	date:	2019-10-03T00:00:00
db:	BID	id:	98446	date:	2017-05-23T16:26:00
db:	JVNDB	id:	JVNDB-2017-004715	date:	2017-07-05T00:00:00
db:	CNNVD	id:	CNNVD-201704-902	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-7966	date:	2024-11-21T03:33:03.770

SOURCES RELEASE DATE

db:	IVD	id:	d24e5bf7-8f13-41cd-9ff1-9b9f830fd317	date:	2017-06-20T00:00:00
db:	CNVD	id:	CNVD-2017-10359	date:	2017-06-20T00:00:00
db:	VULHUB	id:	VHN-116169	date:	2017-06-07T00:00:00
db:	BID	id:	98446	date:	2017-05-05T00:00:00
db:	JVNDB	id:	JVNDB-2017-004715	date:	2017-07-05T00:00:00
db:	CNNVD	id:	CNNVD-201704-902	date:	2017-04-20T00:00:00
db:	NVD	id:	CVE-2017-7966	date:	2017-06-07T19:29:00.227