CVE-2014-9209
published 2015-03-31CVE-2014-9209: Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View…
PriorityP419medium6.9CVSS 2.0
AVLACMAuNCCICAC
EPSS
0.69%
48.0th percentile
Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwellautomation | factorytalk_services_platform | <= 2.70.00 | — |
| rockwellautomation | factorytalk_view_studio | <= 8.00.00 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c55r-pfvh-5v9w: Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2
ghsa_unreviewed·2022-05-17
CVE-2014-9209 [MEDIUM] GHSA-c55r-pfvh-5v9w: Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2
Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.
CISA ICS
Rockwell Automation FactoryTalk DLL Hijacking Vulnerabilities
cisa_ics·2018-08-27
Rockwell Automation FactoryTalk DLL Hijacking Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Rockwell Automation FactoryTalk DLL Hijacking Vulnerabilities
Last RevisedAugust 27, 2018
Alert CodeICSA-15-062-02
## OVERVIEW
This advisory was originally posted to the US-CERT secure Portal library on March 3, 2015, and is being released to the NCCIC/ICS-CERT web site.
Ivan Sanchez of NullCode & Evilcode Team has identified multiple DLL Hijacking vulnerabilities in a software component included with Rockwell Automation’s FactoryTalk View Studio product. Rockwell Automation determined a similar vulnerability also affects the FactoryTalk Services Platform used with other Factor
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2015-03-31
Published