var-201508-0386
Vulnerability from variot
Untrusted search path vulnerability in Schneider Electric Wonderware System Platform before 2014 R2 Patch 01 allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. Wonderware System Platform is a system platform applied in multiple fields.
A fixed search path vulnerability exists in Schneider Electric's Wonderware InTouch, Application Server, Historian, and SuiteLink applications. Allows attackers to exploit this vulnerability to install and execute malicious code. Schneider Electric Wonderware System Platform is prone to a local arbitrary-code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application or cause the application to crash, resulting in a denial-of-service condition. Wonderware System Platform 2014 R2 and prior are vulnerable. The platform provides visual configuration and deployment, secure data connectivity and communication, data storage and management, and more
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0386",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wonderware system platform 2014",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "r2"
},
{
"model": "wonderware system platform 2014",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "r2 patch 01"
},
{
"model": "electric wonderware system platform r2",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "2014"
},
{
"model": "wonderware system platform r2",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2014"
},
{
"model": "wonderware system platform r2 patch",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "201401"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03940"
},
{
"db": "BID",
"id": "75297"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003986"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-319"
},
{
"db": "NVD",
"id": "CVE-2015-3940"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:wonderware_system_platform_2014",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003986"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ivan Sanchez of WiseSecurity Team",
"sources": [
{
"db": "BID",
"id": "75297"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-319"
}
],
"trust": 0.9
},
"cve": "CVE-2015-3940",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CVE-2015-3940",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2015-03940",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "VHN-81901",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-3940",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-3940",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-03940",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201507-319",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-81901",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03940"
},
{
"db": "VULHUB",
"id": "VHN-81901"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003986"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-319"
},
{
"db": "NVD",
"id": "CVE-2015-3940"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Untrusted search path vulnerability in Schneider Electric Wonderware System Platform before 2014 R2 Patch 01 allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. Wonderware System Platform is a system platform applied in multiple fields. \n\nA fixed search path vulnerability exists in Schneider Electric\u0027s Wonderware InTouch, Application Server, Historian, and SuiteLink applications. Allows attackers to exploit this vulnerability to install and execute malicious code. Schneider Electric Wonderware System Platform is prone to a local arbitrary-code-execution vulnerability. \nAn attacker can exploit this issue to execute arbitrary code within the context of the affected application or cause the application to crash, resulting in a denial-of-service condition. \nWonderware System Platform 2014 R2 and prior are vulnerable. The platform provides visual configuration and deployment, secure data connectivity and communication, data storage and management, and more",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3940"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003986"
},
{
"db": "CNVD",
"id": "CNVD-2015-03940"
},
{
"db": "BID",
"id": "75297"
},
{
"db": "VULHUB",
"id": "VHN-81901"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-15-169-02",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2015-3940",
"trust": 3.4
},
{
"db": "BID",
"id": "75297",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1033179",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1033180",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003986",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201507-319",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-03940",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-81901",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03940"
},
{
"db": "VULHUB",
"id": "VHN-81901"
},
{
"db": "BID",
"id": "75297"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003986"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-319"
},
{
"db": "NVD",
"id": "CVE-2015-3940"
}
]
},
"id": "VAR-201508-0386",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03940"
},
{
"db": "VULHUB",
"id": "VHN-81901"
}
],
"trust": 1.40833333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03940"
}
]
},
"last_update_date": "2024-11-23T22:01:43.176000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LFSEC00000106",
"trust": 0.8,
"url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000106/"
},
{
"title": "Patch for Schneider Electric Wonderware System Platform has an unknown vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/60021"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03940"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003986"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81901"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003986"
},
{
"db": "NVD",
"id": "CVE-2015-3940"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-169-02"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/75297"
},
{
"trust": 1.7,
"url": "http://iom.invensys.com/en/pdflibrary/security_bulletin_lfsec00000106.pdf"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033179"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033180"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3940"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3940"
},
{
"trust": 0.6,
"url": "https://gcsresource.invensys.com/tracking/confirmdownload.aspx?id=21913"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
},
{
"trust": 0.3,
"url": "http://software.schneider-electric.com/products/wonderware/hmi-and-supervisory-control/system-platform/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03940"
},
{
"db": "VULHUB",
"id": "VHN-81901"
},
{
"db": "BID",
"id": "75297"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003986"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-319"
},
{
"db": "NVD",
"id": "CVE-2015-3940"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-03940"
},
{
"db": "VULHUB",
"id": "VHN-81901"
},
{
"db": "BID",
"id": "75297"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003986"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-319"
},
{
"db": "NVD",
"id": "CVE-2015-3940"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-03940"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULHUB",
"id": "VHN-81901"
},
{
"date": "2015-06-19T00:00:00",
"db": "BID",
"id": "75297"
},
{
"date": "2015-08-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003986"
},
{
"date": "2015-06-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-319"
},
{
"date": "2015-08-04T01:59:00.107000",
"db": "NVD",
"id": "CVE-2015-3940"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-03940"
},
{
"date": "2016-12-24T00:00:00",
"db": "VULHUB",
"id": "VHN-81901"
},
{
"date": "2015-06-19T00:00:00",
"db": "BID",
"id": "75297"
},
{
"date": "2015-08-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003986"
},
{
"date": "2015-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-319"
},
{
"date": "2024-11-21T02:30:06.677000",
"db": "NVD",
"id": "CVE-2015-3940"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "75297"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-319"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Wonderware System Platform Vulnerability gained in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003986"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-319"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…