← back
CVE-2017-9644

CVE-2017-9644

EPSS 1.4%CWE-428
An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges.
Affected products
n/a · Automated Logic Corporation WebCTRL, i-VU, SiteScan
public PoCs found2
cve_referencewww.exploit-db.com/exploits/42542/unverifiedexploitdbwww.exploit-db.com/exploits/42542unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01https://www.exploit-db.com/exploits/42542/http://www.securityfocus.com/bid/100454