CVE-2017-14020

Name of the Vulnerable Software and Affected Versions AutomationDirect CLICK Programming Software versions 2.10 and prior C-More Programming Software versions 6.30 and prior C-More Micro versions 4.20.01.0 and prior Do-more Designer Software versions 2.0.3 and prior GS Drives Configuration Software versions 4.0.6 and prior SL-SOFT SOLO Temperature Controller Configuration Software versions 1.1.0.5 and prior DirectSOFT Programming Software versions 6.1 and prior

Description An uncontrolled search path element vulnerability, also known as DLL Hijacking, has been identified. This issue allows an attacker to exploit the vulnerability by renaming a malicious DLL to match the application's requirements. The application fails to verify the authenticity of the DLL, which could then load and execute malicious code at the privilege level of the application.

Recommendations For AutomationDirect CLICK Programming Software versions 2.10 and prior, update to a version later than 2.10 to resolve the issue. For C-More Programming Software versions 6.30 and prior, update to a version later than 6.30 to resolve the issue. For C-More Micro versions 4.20.01.0 and prior, update to a version later than 4.20.01.0 to resolve the issue. For Do-more Designer Software versions 2.0.3 and prior, update to a version later than 2.0.3 to resolve the issue. For GS Drives Configuration Software versions 4.0.6 and prior, update to a version later than 4.0.6 to resolve the issue. For SL-SOFT SOLO Temperature Controller Configuration Software versions 1.1.0.5 and prior, update to a version later than 1.1.0.5 to resolve the issue. For DirectSOFT Programming Software versions 6.1 and prior, update to a version later than 6.1 to resolve the issue.