CVE-2023-6061 - OpenCVE

Multiple components of Iconics SCADA Suite are prone to a Phantom DLL loading vulnerability. This issue arises from the applications improperly searching for and loading dynamic link libraries, potentially allowing an attacker to execute malicious code via a DLL with a matching name in an accessible search path. The affected components are: * MMXFax.exe * winfax.dll * MelSim2ComProc.exe * Sim2ComProc.dll * MMXCall_in.exe * libdxxmt.dll * libsrlmt.dll

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Iconics	Iconics Suite

Configuration 1 [-]

cpe:2.3:a:iconics:iconics_suite:*:*:*:*:*:*:*:*

References

Link	Resource
https://gist.github.com/AsherDLL/abdd2334ac8872999d73ba7b20328c21	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: palo_alto

Published: 2023-12-07T23:21:22.755Z

Updated: 2023-12-07T23:46:17.446Z

Reserved: 2023-11-09T18:55:45.555Z

Link: CVE-2023-6061

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-12-08T00:15:07.853

Modified: 2023-12-12T22:24:14.313

Link: CVE-2023-6061

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-6061", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "state": "PUBLISHED", "assignerShortName": "palo_alto", "dateReserved": "2023-11-09T18:55:45.555Z", "datePublished": "2023-12-07T23:21:22.755Z", "dateUpdated": "2023-12-07T23:46:17.446Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "platforms": ["Windows"], "product": "SCADA software Iconics Suite", "vendor": "ICONICS", "versions": [{"lessThan": "*", "status": "affected", "version": "10.97.2", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Asher Davila of Palo Alto Networks"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Malav Vyas of Palo Alto Networks"}], "datePublic": "2023-12-07T21:47:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Multiple components of Iconics SCADA Suite are prone to a Phantom DLL loading vulnerability. This issue arises from the applications improperly searching for and loading dynamic link libraries, potentially allowing an attacker to execute malicious code via a DLL with a matching name in an accessible search path. The affected components are:<br><ul><li><b><span style=\"background-color: transparent;\">MMXFax.exe</span></b><ul><li>winfax.dll<br></li></ul></li><li><b><b>MelSim2ComProc.exe</b></b></li><ul><li>Sim2ComProc.dll</li></ul></ul><ul><li><span style=\"background-color: transparent;\"><b><span style=\"background-color: transparent;\"><b><span style=\"background-color: transparent;\"><b><span style=\"background-color: transparent;\">MMXCall_in.exe</span></b></span></b></span></b><ul><li><span style=\"background-color: transparent;\"><span style=\"background-color: transparent;\">libdxxmt.dll</span></span></li><li><span style=\"background-color: transparent;\"><span style=\"background-color: transparent;\">libsrlmt.dll</span><br></span></li></ul></span></li></ul>"}], "value": "Multiple components of Iconics SCADA Suite are prone to a Phantom DLL loading vulnerability. This issue arises from the applications improperly searching for and loading dynamic link libraries, potentially allowing an attacker to execute malicious code via a DLL with a matching name in an accessible search path. The affected components are:\n * MMXFax.exe * winfax.dll\n\n\n\n\n * MelSim2ComProc.exe\n * Sim2ComProc.dll\n\n\n\n\n * MMXCall_in.exe * libdxxmt.dll\n * libsrlmt.dll\n\n\n\n\n\n\n"}], "impacts": [{"capecId": "CAPEC-641", "descriptions": [{"lang": "en", "value": "CAPEC-641 DLL Side-Loading"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-427", "description": "CWE-427 Uncontrolled Search Path Element", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-426", "description": "CWE-426 Untrusted Search Path", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2023-12-07T23:46:17.446Z"}, "references": [{"url": "https://gist.github.com/AsherDLL/abdd2334ac8872999d73ba7b20328c21"}], "source": {"discovery": "EXTERNAL"}, "title": "Phantom DLL Vulnerability in Iconics Suite", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:iconics:iconics_suite:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA4B9AA7-6305-4870-8299-1D00DF33DA0A", "versionEndExcluding": "10.97.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple components of Iconics SCADA Suite are prone to a Phantom DLL loading vulnerability. This issue arises from the applications improperly searching for and loading dynamic link libraries, potentially allowing an attacker to execute malicious code via a DLL with a matching name in an accessible search path. The affected components are:\n * MMXFax.exe * winfax.dll\n\n\n\n\n * MelSim2ComProc.exe\n * Sim2ComProc.dll\n\n\n\n\n * MMXCall_in.exe * libdxxmt.dll\n * libsrlmt.dll\n\n\n\n\n\n\n"}, {"lang": "es", "value": "Varios componentes de Iconics SCADA Suite son propensos a una vulnerabilidad de carga Phantom DLL. Este problema surge cuando las aplicaciones buscan y cargan librer\u00edas de v\u00ednculos din\u00e1micos de manera inadecuada, lo que potencialmente permite que un atacante ejecute c\u00f3digo malicioso a trav\u00e9s de una DLL con un nombre coincidente en una ruta de b\u00fasqueda accesible. Los componentes afectados son: * MMXFax.exe * winfax.dll * MelSim2ComProc.exe * Sim2ComProc.dll * MMXCall_in.exe * libdxxmt.dll * libsrlmt.dll"}], "id": "CVE-2023-6061", "lastModified": "2023-12-12T22:24:14.313", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 5.2, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2023-12-08T00:15:07.853", "references": [{"source": "psirt@paloaltonetworks.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gist.github.com/AsherDLL/abdd2334ac8872999d73ba7b20328c21"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-426"}, {"lang": "en", "value": "CWE-427"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-426"}, {"lang": "en", "value": "CWE-427"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}