Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-0980

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2015-0980
Last Modified 16 Mar 2015 02:35:17
Published 13 Mar 2015 09:59:12
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-0980

Summary

Format string vulnerability in BACnOPCServer.exe in the SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to execute arbitrary code via format string specifiers in a request.

Vulnerable Systems

Application

  • Scadaengine Bacnet Opc Server 2.1.359.22


References

MISC - https://ics-cert.us-cert.gov/advisories/ICSA-15-069-03


Last Updated: 27 May 2016 11:08:06