Multiple components of Iconics SCADA Suite are prone to a Phantom DLL loading vulnerability. This issue arises from the applications improperly searching for and loading dynamic link libraries, potentially allowing an attacker to execute malicious code via a DLL with a matching name in an accessible search path. The affected components are:
* MMXFax.exe * winfax.dll
* MelSim2ComProc.exe
* Sim2ComProc.dll
* MMXCall_in.exe * libdxxmt.dll
* libsrlmt.dll
References
Link | Resource |
---|---|
https://gist.github.com/AsherDLL/abdd2334ac8872999d73ba7b20328c21 | Exploit Third Party Advisory |
Configurations
History
12 Dec 2023, 22:24
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
CWE | CWE-426 CWE-427 |
|
References | () https://gist.github.com/AsherDLL/abdd2334ac8872999d73ba7b20328c21 - Exploit, Third Party Advisory | |
CPE | cpe:2.3:a:iconics:iconics_suite:*:*:*:*:*:*:*:* |
08 Dec 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-08 00:15
Updated : 2024-02-05 00:22
NVD link : CVE-2023-6061
Mitre link : CVE-2023-6061
CVE.ORG link : CVE-2023-6061
JSON object : View
Products Affected
iconics
- iconics_suite