cbcvebase.
CVE-2015-1007
published 2019-03-25

CVE-2015-1007: A specially crafted configuration file could be used to cause a stack-based buffer overflow condition in the OPCTest.exe, which may allow remote code execution…

PriorityP342high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EPSS
2.67%
83.8th percentile
A specially crafted configuration file could be used to cause a stack-based buffer overflow condition in the OPCTest.exe, which may allow remote code execution on Opto 22 PAC Project Professional versions prior to R9.4008, PAC Project Basic versions prior to R9.4008, PAC Display Basic versions prior to R9.4g, PAC Display Professional versions prior to R9.4g, OptoOPCServer version R9.4c and prior that were installed by PAC Project installer, versions prior to R9.4008, and OptoDataLink version R9.4d and prior that were installed by PAC Project installer, versions prior to R9.4008. Opto 22 suggests upgrading to the new product version as soon as possible.

Affected

10 ranges
VendorProductVersion rangeFixed in
opto22optodatalink<= r9.4d
opto22optoopcserver<= r9.4c
opto22pac_display< r9.4gr9.4g
opto22pac_project< r9.4008r9.4008
opto_22optodatalink
opto_22optoopcserver
opto_22pac_display_basic< R9.4gR9.4g
opto_22pac_display_professional< R9.4gR9.4g
opto_22pac_project_basic< R9.4008R9.4008
opto_22pac_project_professional< R9.4008R9.4008

CVSS provenance

nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.