CVE-2015-1007

EPSS 1.03%
Veröffentlicht 25.03.2019 19:29:00
Zuletzt bearbeitet 21.11.2024 02:24:28
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

A specially crafted configuration file could be used to cause a stack-based buffer overflow condition in the OPCTest.exe, which may allow remote code execution on Opto 22 PAC Project Professional versions prior to R9.4008, PAC Project Basic versions prior to R9.4008, PAC Display Basic versions prior to R9.4g, PAC Display Professional versions prior to R9.4g, OptoOPCServer version R9.4c and prior that were installed by PAC Project installer, versions prior to R9.4008, and OptoDataLink version R9.4d and prior that were installed by PAC Project installer, versions prior to R9.4008. Opto 22 suggests upgrading to the new product version as soon as possible.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Opto22 ≫ Optodatalink Version <= r9.4d

Opto22 ≫ Optoopcserver Version <= r9.4c

Opto22 ≫ Pac Display SwEditionbasic Version < r9.4g

Opto22 ≫ Pac Display SwEditionprofessional Version < r9.4g

Opto22 ≫ Pac Project SwEditionbasic Version < r9.4008

Opto22 ≫ Pac Project SwEditionprofessional Version < r9.4008

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.03%	0.765

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2015-1007

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-1007

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-1007

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2015-1007