First published: Mon Mar 25 2019(Updated: )
A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3.5 with version v7.20 of Vijeo Citect/CitectSCADA.. If the application attempts to open that file, the application could crash or allow the attacker to execute arbitrary code. Schneider Electric recommends vulnerable users upgrade the OFS to V3.5 and install the latest service pack (SP 6 or newer) for their associated version.
Credit: ics-cert@hq.dhs.gov
Affected Software | Affected Version | How to fix |
---|---|---|
Schneider-electric Opc Factory Server | =3.5 | |
Schneider-electric Citectscada | =7.20 | |
Schneider-electric Citectscada | =7.30 | |
Schneider-electric Citectscada | =7.40 | |
Schneider-electric Scada Expert Vijeo Citect | =7.20 | |
Schneider-electric Scada Expert Vijeo Citect | =7.30 | |
Schneider-electric Scada Expert Vijeo Citect | =7.40 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this vulnerability is CVE-2015-1014.
This vulnerability affects Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3.5 with version v7.20 of Schneider-electric Opc Factory Server.
The severity level of this vulnerability is high with a CVSS score of 7.3.
A successful exploit of this vulnerability requires the local user to load a crafted DLL file in the system directory on the affected servers.
Please refer to the reference link provided for information on fixes and patches for this vulnerability.