CVE-2017-16690

Name of the Vulnerable Software and Affected Versions SAP Plant Connectivity versions 2.3 and 15.0

Description A malicious DLL preload attack is possible due to the way system DLLs are loaded by the NwSapSetup and Installation self-extracting program. Specifically, the program loads system DLLs like DWMAPI.dll from the folder the executable is in, rather than from the system location. This allows an attacker to load a malicious DLL with the same name as a system DLL, potentially executing arbitrary code.

Recommendations For SAP Plant Connectivity version 2.3, ensure that system DLLs are only loaded from the system folders to prevent malicious DLL preload attacks. For SAP Plant Connectivity version 15.0, consider restricting access to the NwSapSetup.exe executable until a fix is available, and ensure that system DLLs are only loaded from the system folders.