SpiderControl Mitigates MicroBrowser Hole

Thursday, October 19, 2017 @ 04:10 PM gHale


SpiderControl released a software update to mitigate an uncontrolled search path element in its MicroBrowser, according to report with ICS-CERT.

A touch panel operating system, MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior suffer from the remotely exploitable vulnerability, discovered by Karn Ganeshen.

RELATED STORIES
Boston Scientific Mitigates Vulnerabilities
Holes in Progea Movicon SCADA/HMI
NXP Fixing Multiple Vulnerabilities
Envitech Patches EnviDAS Ultimate

Exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

An uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system.

CVE-2017-14010 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.8.

The product sees use mainly in the critical manufacturing sector. It also sees action in Europe.

Switzerland-based SpiderControl has provided software update Version 1.6.30.148 for MicroBrowser, which fixes this vulnerability. SpiderControl recommends users update to the new version.



Leave a Reply

You must be logged in to post a comment.