CVE-2015-1006
published 2019-05-10CVE-2015-1006: A vulnerable file in Opto 22 PAC Project Professional versions prior to R9.4006, PAC Project Basic versions prior to R9.4006, PAC Display Basic versions prior…
PriorityP264critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
5.34%
91.6th percentile
A vulnerable file in Opto 22 PAC Project Professional versions prior to R9.4006, PAC Project Basic versions prior to R9.4006, PAC Display Basic versions prior to R9.4f, PAC Display Professional versions prior to R9.4f, OptoOPCServer versions prior to R9.4c, and OptoDataLink version R9.4d and prior versions that were installed by PAC Project installer, versions prior to R9.4006, is susceptible to a heap-based buffer overflow condition that may allow remote code execution on the target system. Opto 22 suggests upgrading to the new product version as soon as possible.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| opto22 | optodatalink | < r9.4d | r9.4d |
| opto22 | optoopcserver | < r9.4c | r9.4c |
| opto22 | pac_display | < r9.4f | r9.4f |
| opto22 | pac_project | < r9.4006 | r9.4006 |
| opto_22 | optodatalink | — | — |
| opto_22 | optodatalink | — | — |
| opto_22 | optoopcserver | < R9.4c | R9.4c |
| opto_22 | pac_display_basic | < R9.4f | R9.4f |
| opto_22 | pac_display_professional | < R9.4f | R9.4f |
| opto_22 | pac_project_basic | < R9.4006 | R9.4006 |
| opto_22 | pac_project_professional | < R9.4006 | R9.4006 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for heap-based buffer overflow exploitation attempts against Opto 22 PAC Project / OptoOPCServer / OptoDataLink network-accessible services; CVSSv2 vector AV:N/AC:L/Au:S indicates network-reachable, low-complexity, authenticated attack surface. ↗
- →For CVE-2015-1007 (stack overflow, same advisory), alert on loading of malformed/unexpected configuration files into OPCTest.exe; social engineering delivery vector means suspicious file-open events on OPCTest.exe are high-fidelity. ↗
- →Presence of OPCTest.exe on a host indicates a vulnerable PAC Project installation (versions prior to R9.4008); the file was removed in the fixed installer version. ↗
- ·No public exploits were known at time of advisory publication; detection should focus on anomalous process behaviour and file-integrity rather than signature-based exploit matching. ↗
- ·The vulnerable file for CVE-2015-1006 is shared across multiple products installed by the PAC Project installer; patching the installer (R9.4006) remediates all listed products simultaneously. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qcrp-fp63-2c3q: A vulnerable file in Opto 22 PAC Project Professional versions prior to R9
ghsa_unreviewed·2022-05-24
CVE-2015-1006 [CRITICAL] GHSA-qcrp-fp63-2c3q: A vulnerable file in Opto 22 PAC Project Professional versions prior to R9
A vulnerable file in Opto 22 PAC Project Professional versions prior to R9.4006, PAC Project Basic versions prior to R9.4006, PAC Display Basic versions prior to R9.4f, PAC Display Professional versions prior to R9.4f, OptoOPCServer versions prior to R9.4c, and OptoDataLink version R9.4d and prior versions that were installed by PAC Project installer, versions prior to R9.4006, is susceptible to a heap-based buffer overflow condition that may allow remote code execution on the target system. Opto 22 suggests upgrading to the new product version as soon as possible.
CISA ICS
Opto 22 Multiple Product Vulnerabilities
cisa_ics·2018-10-18
Opto 22 Multiple Product Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Opto 22 Multiple Product Vulnerabilities
Last RevisedOctober 18, 2018
Alert CodeICSA-15-120-01
## OVERVIEW
Ivan Sanchez from Nullcode Team has identified two buffer overflow vulnerabilities that are present in Opto 22’s PAC Project Professional, PAC Project Basic, OptoOPCServer, OptoDataLink, PAC Display Basic, and PAC Display Professional products. Opto 22 has released new versions that mitigate these vulnerabilities. Ivan Sanchez has tested the new versions to validate that they resolve the vulnerabilities.
One of the two vulnerabilities could be exploited remotely.
## AFFEC
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-05-10
Published