Sign-up

ID

VAR-201903-0646


CVE

CVE-2015-1014


TITLE

Schneider Electric OFS Vulnerabilities in uncontrolled search path elements

Trust: 0.8

sources: JVNDB: JVNDB-2015-008253

DESCRIPTION

A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3.5 with version v7.20 of Vijeo Citect/CitectSCADA.. If the application attempts to open that file, the application could crash or allow the attacker to execute arbitrary code. Schneider Electric recommends vulnerable users upgrade the OFS to V3.5 and install the latest service pack (SP 6 or newer) for their associated version. Schneider Electric OFS Contains a vulnerability related to uncontrolled search path elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric OPC Factory Server (OFS) is a data communication editing software. The software supports important information access, open page design, transparent architecture and interoperability, etc., to enable users to obtain good processes and communication effects. Schneider Electric OFS has security vulnerabilities in loading DLLs, allowing remote attackers to use the vulnerabilities to submit special files and load them to execute arbitrary code

Trust: 2.52

sources: NVD: CVE-2015-1014 // JVNDB: JVNDB-2015-008253 // CNVD: CNVD-2015-03451 // BID: 74772 // VULHUB: VHN-78974

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-03451

AFFECTED PRODUCTS

vendor:schneider electricmodel:opc factory serverscope:eqversion:3.5

Trust: 2.1

vendor:schneidermodel:electric opc factory server sp6scope:ltversion:3.5

Trust: 0.6

vendor:schneider electricmodel:opc factory serverscope:eqversion:3.4

Trust: 0.3

vendor:schneider electricmodel:opc factory server sp6scope:neversion:3.5

Trust: 0.3

sources: CNVD: CNVD-2015-03451 // BID: 74772 // JVNDB: JVNDB-2015-008253 // NVD: CVE-2015-1014

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-1014
value: HIGH

Trust: 1.0

NVD: CVE-2015-1014
value: HIGH

Trust: 0.8

CNVD: CNVD-2015-03451
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201505-506
value: HIGH

Trust: 0.6

VULHUB: VHN-78974
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-1014
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-03451
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-78974
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-1014
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.3
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2015-03451 // VULHUB: VHN-78974 // JVNDB: JVNDB-2015-008253 // CNNVD: CNNVD-201505-506 // NVD: CVE-2015-1014

PROBLEMTYPE DATA

problemtype:CWE-427

Trust: 1.9

sources: VULHUB: VHN-78974 // JVNDB: JVNDB-2015-008253 // NVD: CVE-2015-1014

THREAT TYPE

local

Trust: 0.9

sources: BID: 74772 // CNNVD: CNNVD-201505-506

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201505-506

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-008253

PATCH
title:Top Pageurl:https://www.schneider-electric.us/en/
Trust: 0.8
title:Patch for Schneider Electric OPC Factory Server DLL Load Arbitrary Code Execution Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/59058
Trust: 0.6
title:Schneider Electric OPC Factory Server Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90843
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-03451 // 
            
            
            
            JVNDB: JVNDB-2015-008253 // 
            
            
            
            CNNVD: CNNVD-201505-506

EXTERNAL IDS
db:NVDid:CVE-2015-1014
Trust: 3.4
db:ICS CERTid:ICSA-15-141-01
Trust: 2.8
db:BIDid:74772
Trust: 1.0
db:JVNDBid:JVNDB-2015-008253
Trust: 0.8
db:CNNVDid:CNNVD-201505-506
Trust: 0.7
db:CNVDid:CNVD-2015-03451
Trust: 0.6
db:VULHUBid:VHN-78974
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-03451 // 
            
            
            
            VULHUB: VHN-78974 // 
            
            
            
            BID: 74772 // 
            
            
            
            JVNDB: JVNDB-2015-008253 // 
            
            
            
            CNNVD: CNNVD-201505-506 // 
            
            
            
            NVD: CVE-2015-1014

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-15-141-01
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2015-1014
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1014
Trust: 0.8
url:http://www.securityfocus.com/bid/74772
Trust: 0.6
url:http://www.schneider-electric.com/products/ww/en/2400-industrial-communication/2450-software-for-networks/547-opc-factory-server/
Trust: 0.3
url:https://ics-cert.us-cert.gov/advisories/icsa-15-141-01#footnoteb_0dado2g
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-03451 // 
            
            
            
            VULHUB: VHN-78974 // 
            
            
            
            BID: 74772 // 
            
            
            
            JVNDB: JVNDB-2015-008253 // 
            
            
            
            CNNVD: CNNVD-201505-506 // 
            
            
            
            NVD: CVE-2015-1014

CREDITS
Ivan Sanchez from Nullcode Team
Trust: 0.9
sources:
            
            
            BID: 74772 // 
            
            
            
            CNNVD: CNNVD-201505-506

SOURCES
db:CNVDid:CNVD-2015-03451
db:VULHUBid:VHN-78974
db:BIDid:74772
db:JVNDBid:JVNDB-2015-008253
db:CNNVDid:CNNVD-201505-506
db:NVDid:CVE-2015-1014

LAST UPDATE DATE
2024-11-23T22:21:45.328000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-03451date:2015-05-29T00:00:00
db:VULHUBid:VHN-78974date:2019-10-09T00:00:00
db:BIDid:74772date:2015-05-21T00:00:00
db:JVNDBid:JVNDB-2015-008253date:2019-05-13T00:00:00
db:CNNVDid:CNNVD-201505-506date:2019-10-10T00:00:00
db:NVDid:CVE-2015-1014date:2024-11-21T02:24:29.743

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-03451date:2015-05-29T00:00:00
db:VULHUBid:VHN-78974date:2019-03-25T00:00:00
db:BIDid:74772date:2015-05-21T00:00:00
db:JVNDBid:JVNDB-2015-008253date:2019-05-13T00:00:00
db:CNNVDid:CNNVD-201505-506date:2015-05-25T00:00:00
db:NVDid:CVE-2015-1014date:2019-03-25T19:29:00.337