Cimon CmnView DLL Hijacking Vulnerability

Low RiskICS-CERT ICSA-15-069-01Dec 11, 2015

Summary

CmnView versions 2.14.0.1 and 3.x contain a DLL hijacking vulnerability that could allow an attacker to load and execute arbitrary code on a system where CmnView is installed.

What this means

What could happen

An attacker could execute arbitrary code on workstations running CmnView, potentially compromising engineering systems or operator workstations used to manage industrial processes.

Who's at risk

This affects organizations running CmnView for HMI, SCADA, or engineering workstation functions. Particularly relevant for electric utilities, water authorities, and manufacturing facilities that use CmnView for process monitoring or control system engineering.

How it could be exploited

An attacker would need to place a malicious DLL in a directory where CmnView searches for libraries during startup. When CmnView launches, it loads the attacker's DLL instead of the legitimate library, executing arbitrary code with the privileges of the user running CmnView.

Prerequisites

CmnView application installed and executed on the target workstation
Ability to write files to a directory in CmnView's DLL search path (typically the application directory or system directories)
User must launch or have CmnView running

no patch availablelow complexity exploitationaffects engineering workstations and HMI systems

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

CmnView: 2.14.0.12.14.0.1No fix (EOL)

CmnView: 3.x3.xNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDDisable or restrict execution of CmnView on workstations where it is not actively required for operations

HARDENINGEnsure users do not run CmnView with administrative privileges unless absolutely necessary

Mitigations - no patch available

0/3

The following products have reached End of Life with no planned fix: CmnView: 2.14.0.1, CmnView: 3.x. Apply the following compensating controls:

HARDENINGImplement file system access controls and permissions to prevent unauthorized modification of application directories where CmnView is installed

HARDENINGMonitor CmnView application directory and system directories for unauthorized DLL files or modifications

HARDENINGSegment engineering workstations running CmnView from general-purpose networks to limit exposure to untrusted file sources

CVEs (1)

CVE-2014-9207

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c729aa83-cbea-47ac-bd64-1242c116b94a