Vulnerability Description
A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3.5 with version v7.20 of Vijeo Citect/CitectSCADA.. If the application attempts to open that file, the application could crash or allow the attacker to execute arbitrary code. Schneider Electric recommends vulnerable users upgrade the OFS to V3.5 and install the latest service pack (SP 6 or newer) for their associated version.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Opc Factory Server | 3.5 |
| Schneider-Electric | Citectscada | 7.20 |
| Schneider-Electric | Scada Expert Vijeo Citect | 7.20 |
Related Weaknesses (CWE)
References
- https://ics-cert.us-cert.gov/advisories/ICSA-15-141-01MitigationThird Party AdvisoryUS Government Resource
- https://ics-cert.us-cert.gov/advisories/ICSA-15-141-01MitigationThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2015-1014?
CVE-2015-1014 is a vulnerability with a CVSS score of 7.3 (HIGH). A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expe...
How severe is CVE-2015-1014?
CVE-2015-1014 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-1014?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Opc Factory Server, Schneider-Electric Citectscada, Schneider-Electric Scada Expert Vijeo Citect.