How severe is CVE-2017-5170?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2017-5170?

This is classified as CWE-427, which is a common weakness in software security.

CVE-2017-5170 - HIGH Severity | CVSS 7.2

Vulnerability Description

An Uncontrolled Search Path Element issue was discovered in Moxa SoftNVR-IA Live Viewer, Version 3.30.3122 and prior versions. An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. To exploit this vulnerability, an attacker could rename a malicious DLL to meet the criteria of the application, and the application would not verify that the DLL is correct. The attacker needs to have administrative access to the default install location in order to plant the insecure DLL. Once loaded by the application, the DLL could run malicious code at the privilege level of the application.

Related Vulnerabilities

CVE-2017-5161

HIGH

CVSS:7.2(High)

An issue was discovered in Sielco Sistemi Winlog Lite SCADA Software, versions prior to Version 3.02.01, and Winlog Pro SCADA Software, versions prior to Version 3.02.01. An uncontrolled search path e...

CWE-4272017

CVE-2022-23050

HIGH

CVSS:7.2(High)

ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' func...

CWE-4272022

CVE-2022-2334

HIGH

CVSS:7.2(High)

The application searches for a library dll that is not found. If an attacker can place a dll with this name, then the attacker can leverage it to execute arbitrary code on the targeted Softing Secure ...

CWE-4272022

CVE-2023-40352

HIGH

CVSS:7.2(High)

McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs.

CWE-4272023

CVE-2024-2637

HIGH

CVSS:7.2(High)

An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automat...

CWE-4272024

CVE-2015-1014

HIGH

CVSS:7.3(High)

A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expe...

CWE-4272015