CVE-2015-0980

Format string vulnerability in BACnOPCServer.exe in the SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to execute arbitrary code via format string specifiers in a request.

CVSS v2.0 9.0 HIGH

9.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:C

Exploitability : 10.0 / Impact : 8.5

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact COMPLETE

References

Link	Resource
https://ics-cert.us-cert.gov/advisories/ICSA-15-069-03	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:scadaengine:bacnet_opc_server:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2015-03-14 01:59

Updated : 2024-02-28 12:20

NVD link : CVE-2015-0980

Mitre link : CVE-2015-0980

CVE.ORG link : CVE-2015-0980

JSON object : View

Products Affected

scadaengine

bacnet_opc_server

CWE

CWE-20

Improper Input Validation

9.0 /10