How severe is CVE-2015-1014?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.3 out of 10.

What type of vulnerability is CVE-2015-1014?

This is classified as CWE-427, which is a common weakness in software security.

CVE-2015-1014 - HIGH Severity | CVSS 7.3

Vulnerability Description

A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3.5 with version v7.20 of Vijeo Citect/CitectSCADA.. If the application attempts to open that file, the application could crash or allow the attacker to execute arbitrary code. Schneider Electric recommends vulnerable users upgrade the OFS to V3.5 and install the latest service pack (SP 6 or newer) for their associated version.

Related Vulnerabilities

CVE-2017-4987

HIGH

CVSS:7.3(High)

In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user can load a maliciously crafted file in the search path which may potenti...

CWE-4272017

CVE-2018-11049

HIGH

CVSS:7.3(High)

RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unin...

CWE-4272018

CVE-2019-16407

HIGH

CVSS:7.3(High)

JetBrains ReSharper installers for versions before 2019.2 had a DLL Hijacking vulnerability.

CWE-4272019

CVE-2019-19954

HIGH

CVSS:7.3(High)

Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\node_modules\.bin\wmic.exe file.

CWE-4272019

CVE-2019-3613

HIGH

CVSS:7.3(High)

DLL Search Order Hijacking vulnerability in McAfee Agent (MA) prior to 5.6.4 allows attackers with local access to execute arbitrary code via execution from a compromised folder.

CWE-4272019

CVE-2020-24451

HIGH

CVSS:7.3(High)

Uncontrolled search path in the Intel(R) Optane(TM) DC Persistent Memory installer for Windows* before version 1.00.00.3506 may allow an authenticated user to potentially enable escalation of privileg...

CWE-4272020