CVE-2015-0979 — HIGH (9.0) — White Hats Nepal

Q: What is CVE-2015-0979?

CVE-2015-0979 is a vulnerability with a CVSS score of 9.0 (HIGH). Heap-based buffer overflow in the SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to execute arbitrary code via a crafted packet.

Q: How severe is CVE-2015-0979?

CVE-2015-0979 has been rated HIGH with a CVSS base score of 9.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-0979?

Check the references section above for vendor advisories and patch information. Affected products include: Scadaengine Bacnet Opc Server.

Vulnerability Description

Heap-based buffer overflow in the SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to execute arbitrary code via a crafted packet.

CVSS Score

9.0

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:C

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Scadaengine	Bacnet Opc Server	<= 2.1.359.22

Related Weaknesses (CWE)

CWE-119

References

https://ics-cert.us-cert.gov/advisories/ICSA-15-069-03Third Party AdvisoryUS Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-15-069-03Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2015-0979?

CVE-2015-0979 is a vulnerability with a CVSS score of 9.0 (HIGH). Heap-based buffer overflow in the SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to execute arbitrary code via a crafted packet.

How severe is CVE-2015-0979?

CVE-2015-0979 has been rated HIGH with a CVSS base score of 9.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-0979?

Check the references section above for vendor advisories and patch information. Affected products include: Scadaengine Bacnet Opc Server.