CVE-2015-1014
First published: Mon Mar 25 2019(Updated: )
A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3.5 with version v7.20 of Vijeo Citect/CitectSCADA.. If the application attempts to open that file, the application could crash or allow the attacker to execute arbitrary code. Schneider Electric recommends vulnerable users upgrade the OFS to V3.5 and install the latest service pack (SP 6 or newer) for their associated version.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider-electric Opc Factory Server | =3.5 | |
| Schneider-electric Citectscada | =7.20 | |
| Schneider-electric Citectscada | =7.30 | |
| Schneider-electric Citectscada | =7.40 | |
| Schneider-electric Scada Expert Vijeo Citect | =7.20 | |
| Schneider-electric Scada Expert Vijeo Citect | =7.30 | |
| Schneider-electric Scada Expert Vijeo Citect | =7.40 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID of this vulnerability is CVE-2015-1014.
What software is affected by this vulnerability?
This vulnerability affects Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3.5 with version v7.20 of Schneider-electric Opc Factory Server.
What is the severity level of this vulnerability?
The severity level of this vulnerability is high with a CVSS score of 7.3.
How can the vulnerability be exploited?
A successful exploit of this vulnerability requires the local user to load a crafted DLL file in the system directory on the affected servers.
Is there a fix for this vulnerability?
Please refer to the reference link provided for information on fixes and patches for this vulnerability.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/schneider-electric
- canonical/schneider-electric opc factory server
- version/schneider-electric opc factory server/3.5
- canonical/schneider-electric citectscada
- version/schneider-electric citectscada/7.20
- version/schneider-electric citectscada/7.30
- version/schneider-electric citectscada/7.40
- canonical/schneider-electric scada expert vijeo citect
- version/schneider-electric scada expert vijeo citect/7.20
- version/schneider-electric scada expert vijeo citect/7.30
- version/schneider-electric scada expert vijeo citect/7.40