Lucene search

[email protected]CVE-2015-3940

HistoryAug 04, 2015 - 1:59 a.m.

CVE-2015-3940

2015-08-0401:59:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2015-3940

schneider electric

wonderware system platform

vulnerability

privilege escalation

nvd

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.6%

JSON

Untrusted search path vulnerability in Schneider Electric Wonderware System Platform before 2014 R2 Patch 01 allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.

Affected configurations

NVD

Node

schneider-electricwonderware_system_platform_2014Matchr2

CPENameOperatorVersion
schneider-electric:wonderware_system_platform_2014schneider-electric wonderware system platform 2014eqr2

CPE	Name	Operator	Version
schneider-electric:wonderware_system_platform_2014	schneider-electric wonderware system platform 2014	eq	r2

References

iom.invensys.com/EN/pdfLibrary/Security_Bulletin_LFSEC00000106.pdf

www.securityfocus.com/bid/75297

www.securitytracker.com/id/1033179

www.securitytracker.com/id/1033180

ics-cert.us-cert.gov/advisories/ICSA-15-169-02

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.6%

JSON

Related for CVE-2015-3940

prion1 ics1 cvelist1 nvd1