cbcvebase.
CVE-2015-1006
published 2019-05-10

CVE-2015-1006: A vulnerable file in Opto 22 PAC Project Professional versions prior to R9.4006, PAC Project Basic versions prior to R9.4006, PAC Display Basic versions prior…

PriorityP264critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
5.34%
91.6th percentile
A vulnerable file in Opto 22 PAC Project Professional versions prior to R9.4006, PAC Project Basic versions prior to R9.4006, PAC Display Basic versions prior to R9.4f, PAC Display Professional versions prior to R9.4f, OptoOPCServer versions prior to R9.4c, and OptoDataLink version R9.4d and prior versions that were installed by PAC Project installer, versions prior to R9.4006, is susceptible to a heap-based buffer overflow condition that may allow remote code execution on the target system. Opto 22 suggests upgrading to the new product version as soon as possible.

Affected

11 ranges
VendorProductVersion rangeFixed in
opto22optodatalink< r9.4dr9.4d
opto22optoopcserver< r9.4cr9.4c
opto22pac_display< r9.4fr9.4f
opto22pac_project< r9.4006r9.4006
opto_22optodatalink
opto_22optodatalink
opto_22optoopcserver< R9.4cR9.4c
opto_22pac_display_basic< R9.4fR9.4f
opto_22pac_display_professional< R9.4fR9.4f
opto_22pac_project_basic< R9.4006R9.4006
opto_22pac_project_professional< R9.4006R9.4006

Detection & IOCsextracted from sources · hover to see the quote

processOPCTest.exe
  • Monitor for heap-based buffer overflow exploitation attempts against Opto 22 PAC Project / OptoOPCServer / OptoDataLink network-accessible services; CVSSv2 vector AV:N/AC:L/Au:S indicates network-reachable, low-complexity, authenticated attack surface.
  • For CVE-2015-1007 (stack overflow, same advisory), alert on loading of malformed/unexpected configuration files into OPCTest.exe; social engineering delivery vector means suspicious file-open events on OPCTest.exe are high-fidelity.
  • Presence of OPCTest.exe on a host indicates a vulnerable PAC Project installation (versions prior to R9.4008); the file was removed in the fixed installer version.
  • ·No public exploits were known at time of advisory publication; detection should focus on anomalous process behaviour and file-integrity rather than signature-based exploit matching.
  • ·The vulnerable file for CVE-2015-1006 is shared across multiple products installed by the PAC Project installer; patching the installer (R9.4006) remediates all listed products simultaneously.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.