PT-2019-7165 · Schneider Electric · Vijeo Citect/Citectscada+1
Published
2019-03-25
·
Updated
2019-10-09
·
CVE-2015-1014
CVSS v2.0
4.4
Medium
| Vector | AV:L/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA
Schneider Electric OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA
Schneider Electric OFS v3.5 with version v7.20 of Vijeo Citect/CitectSCADA
Description
A local user can exploit this issue by loading a crafted DLL file in the system directory on affected servers. If the application attempts to open the crafted file, it could crash or allow the attacker to execute arbitrary code.
Recommendations
For Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, upgrade the OFS to V3.5 and install the latest service pack (SP 6 or newer).
For Schneider Electric OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, upgrade the OFS to V3.5 and install the latest service pack (SP 6 or newer).
For Schneider Electric OFS v3.5 with version v7.20 of Vijeo Citect/CitectSCADA, upgrade the OFS to V3.5 and install the latest service pack (SP 6 or newer).
Fix
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Schneider Electric
Vijeo Citect/Citectscada