DLL Hijacking Hole with 7T

Monday, February 20, 2012 @ 05:02 PM gHale

There is an uncontrolled search path element vulnerability, or DLL Hijacking, in the 7-Technologies (7T) AQUIS and TERMIS software programs.

ICS-CERT coordinated these reports with 7T, and 7T has created a patch that resolves this vulnerability. Researcher Kuang-Chun Hung of the Security Research and Service Institute−Information and Communication Security Technology Center (ICST), who discovered the vulnerabilities, confirmed the patches resolve the vulnerabilities.

RELATED STORIES
Threat Alert Reaches New High
More SCADA, HMI Holes Found
Wonderware Patches Holes
No Dancing Around: Samba Shuts DoS Hole

The following products suffer from the vulnerabilities: AQUIS V1.5 dated October 13, 2011, and any previous release and the TERMIS V2.10 dated November 30, 2011, and any previous version. A successful exploit of this vulnerability could lead to arbitrary code execution.

7T, based in Denmark, creates monitoring and control systems used primarily used in the United States, Europe, Northern Africa, and Asia. 7T AQUIS software is a water network simulation platform for improving system design and operation. AQUIS may also see use in other parts of the world via a freely licensed version. 7T TERMIS software sees use in the district energy network management.

For the 7T AQUIS software, an attacker may place a malicious DLL in a directory where it could load before the valid DLL. An attacker must have access to the host file system to exploit this vulnerability. If exploited, this vulnerability may allow execution of arbitrary code. CVE-2012-0223 is the number assigned to this vulnerability. This vulnerability is exploitable remotely.

7T has developed a patch to address this vulnerability. Users may need to uninstall an earlier version of the application before installing this update.

Meanwhile, as far as the 7T TERMIS software goes, the issue is pretty much the same as an attacker may place a malicious DLL in a directory where it could load before the valid DLL. An attacker must have access to the host file system to exploit this vulnerability. If exploited, this vulnerability may allow execution of arbitrary code. CVE-2012-0224 is the number assigned to this remotely exploitable vulnerability.

7T has developed a patch to address this vulnerability. Users may need to uninstall an earlier version of the application before installing this update.



Leave a Reply

You must be logged in to post a comment.