PT-2019-7165 · Schneider Electric · Vijeo Citect/Citectscada+1
Publicado
2019-03-25
·
Atualizado
2019-10-09
·
CVE-2015-1014
CVSS v2.0
4.4
Média
| Vetor | AV:L/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA
Schneider Electric OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA
Schneider Electric OFS v3.5 with version v7.20 of Vijeo Citect/CitectSCADA
Description
A local user can exploit this issue by loading a crafted DLL file in the system directory on affected servers. If the application attempts to open the crafted file, it could crash or allow the attacker to execute arbitrary code.
Recommendations
For Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, upgrade the OFS to V3.5 and install the latest service pack (SP 6 or newer).
For Schneider Electric OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, upgrade the OFS to V3.5 and install the latest service pack (SP 6 or newer).
For Schneider Electric OFS v3.5 with version v7.20 of Vijeo Citect/CitectSCADA, upgrade the OFS to V3.5 and install the latest service pack (SP 6 or newer).
Correção
Uncontrolled Search Path Element
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Schneider Electric
Vijeo Citect/Citectscada