SAP Plant Connectivity is prone to a remote code-execution vulnerability.
A remote attacker can leverage this issue to execute arbitrary code in the context of the affected application.
SAP Plant Connectivity versions 2.3, and 15.0 are vulnerable.
Information
Bugtraq ID: 102145Class: Design Error
CVE: CVE-2017-16690
Remote: Yes
Local: No
Published: Dec 12 2017 12:00AM
Updated: Dec 12 2017 12:00AM
Credit: The vendor reported this issue.
Vulnerable: SAP Plant Connectivity 2.3
SAP Plant Connectivity 15.0
Not Vulnerable:
Exploit
Attackers must trick a user into opening a file on a remote WebDAV or SMB share to exploit this issue.
A general exploit technique has been documented by TheLeader and H.D. Moore for the Metasploit Project; please see the references for more information.
References: