CVE-2015-1014

Published: Mar 25, 2019Modified: Nov 21, 2024

7.3

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.3 / Impact: 5.9

Source: NVD

Description

A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3.5 with version v7.20 of Vijeo Citect/CitectSCADA.. If the application attempts to open that file, the application could crash or allow the attacker to execute arbitrary code. Schneider Electric recommends vulnerable users upgrade the OFS to V3.5 and install the latest service pack (SP 6 or newer) for their associated version.

Affected (1)

Products: Schneider Electric: Opc Factory Server

Schneider Electric

1 product

Opc Factory Server

Configuration A

1 vulnerable · 6 platform

Vulnerable Software	Affected Versions
Schneider Electric Opc Factory Server	Version 3.5

Running on/with	Platform Versions
Schneider Electric Citectscada	Version 7.20
Schneider Electric Citectscada	Version 7.30
Schneider Electric Citectscada	Version 7.40
Schneider Electric Scada Expert Vijeo Citect	Version 7.20
Schneider Electric Scada Expert Vijeo Citect	Version 7.30
Schneider Electric Scada Expert Vijeo Citect	Version 7.40

Related CWEs

CWE-427

Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (2)

https://ics-cert.us-cert.gov/advisories/ICSA-15-141-01

Source: ics-cert@hq.dhs.gov

MitigationThird Party AdvisoryUS Government Resource

https://ics-cert.us-cert.gov/advisories/ICSA-15-141-01

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationThird Party AdvisoryUS Government Resource

Timeline

No history available yet.