Full Disclosure mailing list archives

Schneider Electric CitectSCADA Insecure DLL Loading Code Execution Vulnerability

From: Praveen D <praveend.hac () gmail com>
Date: Fri, 4 Sep 2015 18:11:45 +0530

Create a malicious DLL and rename as anyone of the below DLL's.
UxTheme.dll
CtComDlgENU.dll
CtComDlgLOC.dll
CTPROJENU.dll
CTPROJLOC.dll
CRYPTBASE.dll
SspiCli.dll
profapi.dll
dnsapi.dll
located at
C:\Program Files\Schneider Electric\CitectSCADA 7.40\Bin\
Vulnerable Process Name, CtExplor.exe
The malicious DLL's will have arbitrary code written by attacker.

Tested on OS: Windows 7 Ultimate N SP1
Schneider Electric CitectSCADA 7.40

Best Regards,
Praveen Darshanam
http://blog.disects.com

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Current thread:

Schneider Electric CitectSCADA Insecure DLL Loading Code Execution Vulnerability Praveen D (Sep 07)
- Re: Schneider Electric CitectSCADA Insecure DLL Loading Code Execution Vulnerability W Gillespie (Sep 10)