|CVSS SCORE||6.8, (AV:N/AC:M/Au:N/C:P/I:P/A:P)|
VisiLogic OPLC IDE
The specific flaw exists within implementation of the WinSockPath property of the HTTPS ActiveX control. The control passes this property as the URL for a DLL to the LoadLibraryA API, which will automatically execute DllMain in the DLL. This can be leveraged by an attacker for remote code execution in the context of the process.
Unitronics has issued an update to correct this vulnerability. More details can be found at:
https://ics-cert.us-cert.gov/advisories/ICSA-15-274-02 Unitronics has issued an update to correct this vulnerability. More details can be found at:
|CREDIT||Andrea Micalizzi (rgod)