Vulnerability Details : CVE-2015-1014
A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3.5 with version v7.20 of Vijeo Citect/CitectSCADA.. If the application attempts to open that file, the application could crash or allow the attacker to execute arbitrary code. Schneider Electric recommends vulnerable users upgrade the OFS to V3.5 and install the latest service pack (SP 6 or newer) for their associated version.
Vulnerability category: Execute code
Products affected by CVE-2015-1014
- cpe:2.3:a:schneider-electric:opc_factory_server:3.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-1014
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-1014
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.4
|
MEDIUM | AV:L/AC:M/Au:N/C:P/I:P/A:P |
3.4
|
6.4
|
NIST | |
7.3
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
1.3
|
5.9
|
NIST |
CWE ids for CVE-2015-1014
-
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.Assigned by:
- ics-cert@hq.dhs.gov (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2015-1014
-
https://ics-cert.us-cert.gov/advisories/ICSA-15-141-01
Schneider Electric OFS Server Vulnerability (Update A) | CISAMitigation;US Government Resource;Third Party Advisory
Jump to