CVE-2017-9644

HIGH Year: 2017
CVSS v3 Score
7.0
High
CVSS v2 Score
6.9
Medium
Weakness Type
CWE-428
View all →

Vulnerability Description

An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges.

Related Vulnerabilities

CVE-2020-28209

HIGH
CVSS:7.0(High)

A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStruxure Building Operation Enterprise Server installer V1.9 - V3.1 and Enterprise Central installer V2.0 - V3.1 that could cause any ...

CWE-4282020

CVE-2019-16647

HIGH
CVSS:7.2(High)

Unquoted Search Path in Maxthon 5.1.0 to 5.2.7 Browser for Windows.

CWE-4282019

CVE-2022-27905

HIGH
CVSS:7.2(High)

In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An attacker would require write permissions to the root level of the OS drive (C:\) to exploit this.

CWE-4282022

CVE-2023-39464

HIGH
CVSS:7.2(High)

Triangle MicroWorks SCADA Data Gateway GTWWebMonitorService Unquoted Search Path Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute code on affected installatio...

CWE-4282023

CVE-2017-14019

MEDIUM
CVSS:6.7(Medium)

An Unquoted Search Path or Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An unquoted search path or element vulnerability has been identified, which may allow an authoriz...

CWE-4282017

CVE-2017-5873

MEDIUM
CVSS:6.7(Medium)

Unquoted Windows search path vulnerability in the guest service in Unisys s-Par before 4.4.20 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, a...

CWE-4282017