Vulnerability CVE-2014-9209


Published: 2015-03-30   Modified: 2015-03-31

Description:
Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.

CVSS2 => (AV:L/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.9/10
10/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Rockwellautomation -> Factorytalk services platform 
Rockwellautomation -> Factorytalk view studio 

 References:
https://ics-cert.us-cert.gov/advisories/ICSA-15-062-02
https://rockwellautomation.custhelp.com/app/answers/detail/a_id/646323

Copyright 2024, cxsecurity.com

 

Back to Top