CVE-2017-11349 in DT8x dEX
Summary
by MITRE
dataTaker DT8x dEX 1.72.007 allows remote attackers to compose programs or schedules, for purposes such as sending e-mail messages or making outbound connections to FTP servers for uploading data.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 01/16/2026
The vulnerability identified as CVE-2017-11349 affects the dataTaker DT8x dEX software version 1.72.007, representing a significant security weakness in industrial data acquisition and control systems. This flaw enables remote attackers to execute arbitrary program compositions or schedule operations within the system, fundamentally compromising the integrity and confidentiality of industrial control processes. The vulnerability exists within the software's remote access capabilities, which were not properly secured against unauthorized manipulation by external threat actors. The affected system is designed for industrial automation and data logging applications, making it a critical component in various industrial environments where security is paramount.
The technical implementation of this vulnerability stems from inadequate input validation and authentication mechanisms within the dEX software interface. Attackers can exploit this weakness to construct and execute programs or schedules that perform unauthorized actions including sending email notifications and establishing outbound connections to external FTP servers for data upload operations. This capability represents a direct violation of the principle of least privilege, as unauthorized entities can manipulate system behavior without proper authorization. The vulnerability is classified under CWE-284 which addresses improper access control issues, specifically targeting the software's ability to restrict unauthorized program execution and scheduling functions. The flaw essentially allows for privilege escalation through the manipulation of scheduled tasks and program compositions.
The operational impact of this vulnerability extends beyond simple unauthorized access, as it enables attackers to establish persistent communication channels with external systems through FTP uploads and email notifications. This capability allows threat actors to exfiltrate data from industrial environments, potentially compromising sensitive operational information and process control data. The ability to schedule outbound connections creates opportunities for attackers to maintain long-term presence within industrial networks, making this vulnerability particularly dangerous for critical infrastructure deployments. The risk is amplified when considering that industrial control systems often operate in isolated networks, making detection of such activities more challenging. This vulnerability aligns with ATT&CK technique T1071.004 which covers application layer protocol: DNS, and T1071.001 which addresses application layer protocol: file transfer protocol, demonstrating how the vulnerability enables both data exfiltration and command and control communications.
Mitigation strategies for CVE-2017-11349 should focus on implementing robust network segmentation and access controls to restrict remote access to industrial control systems. Organizations should deploy network monitoring solutions to detect unusual outbound FTP connections and email activity from industrial systems. The software should be updated to the latest available version where the vulnerability has been patched, and administrators should implement strict access controls for program composition and scheduling functions. Network firewalls should be configured to block unauthorized outbound connections, particularly to FTP servers and email relays. Additionally, implementing intrusion detection systems specifically designed for industrial environments can help identify exploitation attempts. The vulnerability demonstrates the importance of applying security patches promptly and maintaining comprehensive network visibility in industrial environments. Regular security assessments and penetration testing should be conducted to identify similar weaknesses in operational technology systems, ensuring that the security posture remains resilient against evolving threats.