CVE-2015-1014
Last modified
CVE-2015-1014 is a vulnerability of currently unknown severity. A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3.5 with version v7.20 of Vijeo Citect/CitectSCADA.. If the application attempts to open that file, the application could crash or allow the attacker to execute arbitrary code. EPSS estimates a 0.46% chance of exploitation in the next 30 days.
Description
A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3.5 with version v7.20 of Vijeo Citect/CitectSCADA.. If the application attempts to open that file, the application could crash or allow the attacker to execute arbitrary code. Schneider Electric recommends vulnerable users upgrade the OFS to V3.5 and install the latest service pack (SP 6 or newer) for their associated version.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Opc Factory Server | 3.5 |
References
- https://ics-cert.us-cert.gov/advisories/ICSA-15-141-01Mitigation, Third Party Advisory, US Government Resource
- https://ics-cert.us-cert.gov/advisories/ICSA-15-141-01Mitigation, Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-1014?
How severe is CVE-2015-1014?
How do I fix CVE-2015-1014?
Are you affected by CVE-2015-1014?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST