Cimon Fixes DLL Hijacking Vulnerability

Wednesday, March 11, 2015 @ 02:03 PM gHale


CIMON, Inc. created a patch that mitigates a DLL Hijacking vulnerability in its CmnView.exe application, according to a report on ICS-CERT.

This vulnerability, discovered by Ivan Sanchez of Wise Security, could end up exploited remotely with social engineering and requires local user input.

RELATED STORIES
ABB Updates HART Device DTM
SCADA Engine Fixes OPC Server Holes
Elipse E3 Process Control Vulnerability Fixed
GE TCP Sequence Vulnerability

The following CIMON CmnView.exe application versions suffer from the issue:
• CmnView Version 2.14.0.1
• CmnView Version 3.x

This DLL Hijacking vulnerability requires someone with local access play a part in the exploitation. The vulnerability will allow a malicious user to have access on the victim machine with the same privileges as the application or DLL exploited.

CIMON, Inc. is a South Korean-based company that maintains offices in South Korea and the United States.

The affected application, CmnView, is a web-based SCADA application. According to CIMON, Inc., CmnView sees use across several sectors including critical manufacturing, energy, water and wastewater systems. CIMON, Inc. estimates these products primarily see use in Asia.

The CmnView application calls DLLs without specifying an absolute path; this causes Windows to search for the DLL allowing potentially malicious DLLs to load.

CVE-2014-9207 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 9.3.

This vulnerability could end up exploited remotely with social engineering and requires local user input. The exploit only triggers when a local user runs the vulnerable application and loads the malformed file.

General exploits are publicly available that utilize this attack vector. However, ICS-CERT said it is not aware of any specific exploits that target the CmnView application.

Crafting a working exploit for this vulnerability would take some effort. Social engineering and local user interaction is a requirement for the malformed file to exploit the victim machine running the vulnerable application.

CIMON, Inc. produced a patch that mitigates the DLL vulnerability. The updated UltimateAccess Version 3.02 corrects the vulnerability of the CmnView application and is free of charge to users by logging in to the CIMON, Inc. web site.



Leave a Reply

You must be logged in to post a comment.