PT-2017-13187 · I Sens · I-Sens Smartlog Diabetes Management

Published

2017-10-04

Updated

2019-10-09

CVE-2017-13993

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions i-SENS SmartLog Diabetes Management Software versions 2.4.0 and prior

Description An Uncontrolled Search Path or Element issue was discovered, which could be exploited by placing a specially crafted DLL file in the search path, allowing an attacker to execute arbitrary code on the system if the malicious DLL is loaded prior to the valid DLL.

Recommendations For i-SENS SmartLog Diabetes Management Software versions 2.4.0 and prior, consider restricting access to the search path to prevent malicious DLL files from being loaded, until a patch or fix is available.

Fix

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-428CWE-427

Related Identifiers

CVE-2017-13993

Affected Products

I-Sens Smartlog Diabetes Management

PT-2017-13187 · I Sens · I-Sens Smartlog Diabetes Management

CVE-2017-13993

Weakness Enumeration

Related Identifiers

Affected Products

References · 4