CVE-2017-12730
First published: Fri Oct 06 2017(Updated: )
An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Application services utilize unquoted search path elements, which could allow an attacker to execute arbitrary code with elevated privileges.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| mySCADA myPRO Manager | <=7.0.26 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-12730?
CVE-2017-12730 has a high severity due to the potential for arbitrary code execution with elevated privileges.
How do I fix CVE-2017-12730?
To fix CVE-2017-12730, ensure that all paths in the application services are properly quoted to prevent unquoted search path vulnerabilities.
What versions of mySCADA myPRO are affected by CVE-2017-12730?
CVE-2017-12730 affects mySCADA myPRO versions 7.0.26 and prior.
What type of vulnerability is CVE-2017-12730?
CVE-2017-12730 is an unquoted search path vulnerability that can allow attackers to execute arbitrary code.
Can CVE-2017-12730 be exploited remotely?
CVE-2017-12730 may be exploited locally by an attacker with access to the system since it involves executing code with elevated privileges.
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/myscada
- canonical/myscada mypro manager
- version/myscada mypro manager/7.0.26