Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-1014

A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3.5 with version v7.20 of Vijeo Citect/CitectSCADA.. If the application attempts to open that file, the application could crash or allow the attacker to execute arbitrary code. Schneider Electric recommends vulnerable users upgrade the OFS to V3.5 and install the latest service pack (SP 6 or newer) for their associated version.

Published

2019-03-25T19:29:00.337

Last Modified

2024-11-21T02:24:29.743

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 7.3 (HIGH)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.4

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-427
Type: Primary
CWE-427

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	schneider-electric	opc_factory_server	3.5	Yes
Application	schneider-electric	citectscada	7.20	No
Application	schneider-electric	citectscada	7.30	No
Application	schneider-electric	citectscada	7.40	No
Application	schneider-electric	scada_expert_vijeo_citect	7.20	No
Application	schneider-electric	scada_expert_vijeo_citect	7.30	No
Application	schneider-electric	scada_expert_vijeo_citect	7.40	No

References

https://ics-cert.us-cert.gov/advisories/ICSA-15-141-01 Mitigation, Third Party Advisory, US Government Resource ([email protected])
https://ics-cert.us-cert.gov/advisories/ICSA-15-141-01 Mitigation, Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)