Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SCADA_TERMIS_2_10.NBIN
HistoryMar 23, 2012 - 12:00 a.m.

7-Technologies TERMIS Unspecified Path Subversion Arbitrary DLL Injection Code Execution

2012-03-2300:00:00
This script is Copyright (C) 2012-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
JSON

The installed version of 7-Technologies TERMIS on the remote Windows host is 2.10 dated November 30, 2011 or earlier. As such, it insecurely looks in its current working directory when resolving DLL dependencies.

Attackers may exploit this issue by placing a specially crafted DLL file and another file associated with the application in a location controlled by the attacker. When the associated file is launched, the attacker’s arbitrary code can be executed.

This issue is corrected in newer versions of TERMIS by setting the following registry key :

  • SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\termis.exe\CWDIllegalInDllSearch
Binary data scada_termis_2_10.nbin
VendorProductVersionCPE
7ttermiscpe:/a:7t:termis
JSON