Posted by Praveen D on Sep 07

Create a malicious DLL and rename as anyone of the below DLL’s.
UxTheme.dll
CtComDlgENU.dll
CtComDlgLOC.dll
CTPROJENU.dll
CTPROJLOC.dll
CRYPTBASE.dll
SspiCli.dll
profapi.dll
dnsapi.dll
located at
C:Program FilesSchneider ElectricCitectSCADA 7.40Bin
Vulnerable Process Name, CtExplor.exe
The malicious DLL’s will have arbitrary code written by attacker.

Tested on OS: Windows 7 Ultimate N SP1
Schneider Electric CitectSCADA 7.40

Best…