CVE-2023-6061: Phantom DLL Vulnerability in Iconics Suite

6.6 CVSS

Description

Multiple components of Iconics SCADA Suite are prone to a Phantom DLL loading vulnerability. This issue arises from the applications improperly searching for and loading dynamic link libraries, potentially allowing an attacker to execute malicious code via a DLL with a matching name in an accessible search path. The affected components are:
* MMXFax.exe * winfax.dll

* MelSim2ComProc.exe
* Sim2ComProc.dll

* MMXCall_in.exe * libdxxmt.dll
* libsrlmt.dll

Classification

CVE ID: CVE-2023-6061

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.6

Affected Products

Vendor: ICONICS

Product: SCADA software Iconics Suite

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.44% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://gist.github.com/AsherDLL/abdd2334ac8872999d73ba7b20328c21

Timeline

2024-12-03 00:11:38 UTC
CVE

Phantom DLL Vulnerability in Iconics Suite