7.3
CWE
427
Advisory Published
Updated

CVE-2015-1014

First published: Mon Mar 25 2019(Updated: )

A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3.5 with version v7.20 of Vijeo Citect/CitectSCADA.. If the application attempts to open that file, the application could crash or allow the attacker to execute arbitrary code. Schneider Electric recommends vulnerable users upgrade the OFS to V3.5 and install the latest service pack (SP 6 or newer) for their associated version.

Credit: ics-cert@hq.dhs.gov

Affected SoftwareAffected VersionHow to fix
Schneider-electric Opc Factory Server=3.5
Schneider-electric Citectscada=7.20
Schneider-electric Citectscada=7.30
Schneider-electric Citectscada=7.40
Schneider-electric Scada Expert Vijeo Citect=7.20
Schneider-electric Scada Expert Vijeo Citect=7.30
Schneider-electric Scada Expert Vijeo Citect=7.40

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the vulnerability ID of this vulnerability?

    The vulnerability ID of this vulnerability is CVE-2015-1014.

  • What software is affected by this vulnerability?

    This vulnerability affects Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3.5 with version v7.20 of Schneider-electric Opc Factory Server.

  • What is the severity level of this vulnerability?

    The severity level of this vulnerability is high with a CVSS score of 7.3.

  • How can the vulnerability be exploited?

    A successful exploit of this vulnerability requires the local user to load a crafted DLL file in the system directory on the affected servers.

  • Is there a fix for this vulnerability?

    Please refer to the reference link provided for information on fixes and patches for this vulnerability.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203