This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Sap | First view | 2017-12-12 |
| Product | Plant Connectivity | Last view | 2017-12-12 |
| Version | 2.3 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:sap:plant_connectivity | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.8 | 2017-12-12 | CVE-2017-16690 | A malicious DLL preload attack possible on NwSapSetup and Installation self-extracting program for SAP Plant Connectivity 2.3 and 15.0. It is possible that SAPSetup / NwSapSetup.exe loads system DLLs like DWMAPI.dll (located in your Syswow64 / System32 folder) from the folder the executable is in and not from the system location. The desired behavior is that system dlls are only loaded from the system folders. If a dll with the same name as the system dll is located in the same folder as the executable, this dll is loaded and code is executed. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 100% (1) | CWE-426 | Untrusted Search Path |
