CVE-2015-1014

CWE-4273 documents3 sources
Severity
7.3HIGH
EPSS
0.1%
top 82.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Schneider Electric OFS V3.5Schneider-electric OPC Factory Server
Timeline
PublishedMar 25
Latest updateMay 13

Description

A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3.5 with version v7.20 of Vijeo Citect/CitectSCADA.. If the application attempts to open that file, the application could crash or allow the attacker to execute arbitrary code. Schneider Electric recommend

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages2 packages

CVEListV5schneider_electric/ofs_v3.5< v7.40 of SCADA Expert Vijeo Citect/CitectSCADA+2

🔴Vulnerability Details

2
GHSA
GHSA-f7j5-fwrm-8242: A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider2022-05-13
CVEList
CVE-2015-1014: A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider2019-03-25
CVE-2015-1014 (HIGH CVSS 7.3) | A successful exploit of these vulne | cvebase.io