CVE-2016-2281

Vulnerability

ABB Panel Builder 800 version 5.1 contains an uncontrolled search path element vulnerability (CWE-427). The application loads DLLs without specifying an absolute path, causing Windows to search the current working directory first. If an attacker places a malicious DLL in that directory, it will be loaded instead of the legitimate system DLL. Version 6.0 is not affected [1].

Exploitation

An attacker must have local access to the system and the ability to write a malicious DLL into the current working directory from which Panel Builder 800 is launched. When a user starts the application from that directory, the malicious DLL is loaded automatically. No additional user interaction is required beyond launching the application [1].

Impact

Successful exploitation allows the attacker to execute arbitrary code with the privileges of the user running Panel Builder 800. This can lead to full system compromise, including data exfiltration, modification, or installation of persistent malware [1].

Mitigation

ABB has released Panel Builder 800 version 6.0, which is not affected by this vulnerability. Users should upgrade to version 6.0 or later. No workarounds are documented. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the advisory date [1].