cvelistv5 - cve-2014-9209

CVE-2014-9209 (GCVE-0-2014-9209)

Vulnerability from cvelistv5 – Published: 2015-03-31 01:00 – Updated: 2024-08-06 13:40

Summary

Severity ?

No CVSS data available.

CWE

Assigner

icscert

References

URL

VAR-201503-0335

Vulnerability from variot - Updated: 2023-12-18 13:34

Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. Supplementary information : CWE Vulnerability type by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified. http://cwe.mitre.org/data/definitions/426.htmlLocal users can detect Trojans in unspecified directories DLL You may get permission through. The FactoryTalk Services Platform provides routine services (such as diagnostics, health monitoring services, and real-time data access) for products and applications in the FactoryTalk system. FactoryTalk View Studio is a configuration software for developing or testing machine-level or monitoring management-level Human Machine Interface (HMI) applications. Multiple native code execution vulnerabilities exist in multiple Rockwell Automation product DLL loads. An attacker can exploit arbitrary exploits and system privileges to execute arbitrary code. Failed attempts may lead to denial-of-service conditions. The following products are affected: FactoryTalk Services Platform prior to 2.71.00 FactoryTalk View Studio versions 8.00.00 and prior. A local attacker can use the Trojan horse DLL file to exploit this vulnerability to gain permissions

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201503-0335",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "factorytalk view studio",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "8.00.00"
      },
      {
        "model": "factorytalk services platform",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "2.70.00"
      },
      {
        "model": "factorytalk services platform",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "rockwell automation",
        "version": "2.71.00"
      },
      {
        "model": "factorytalk view studio",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "rockwell automation",
        "version": "8.00.00"
      },
      {
        "model": "automation factorytalk services platform",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "rockwell",
        "version": "2.71.00"
      },
      {
        "model": "automation factorytalk view studio",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "rockwell",
        "version": "\u003c=8.00.00"
      },
      {
        "model": "factorytalk services platform",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "rockwellautomation",
        "version": "2.70.00"
      },
      {
        "model": "factorytalk view studio",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "rockwellautomation",
        "version": "8.00.00"
      },
      {
        "model": "automation factorytalk view studio",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rockwell",
        "version": "8.00.00"
      },
      {
        "model": "automation factorytalk services platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rockwell",
        "version": "0"
      },
      {
        "model": "automation factorytalk services platform",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "rockwell",
        "version": "2.71.00"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "factorytalk services platform",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "factorytalk view studio",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "99eb7bca-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-02027"
      },
      {
        "db": "BID",
        "id": "73247"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008004"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-9209"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-437"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:rockwellautomation:factorytalk_services_platform:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.70.00",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rockwellautomation:factorytalk_view_studio:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.00.00",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-9209"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ivan Sanchez of NullCode, and Evilcode Team.",
    "sources": [
      {
        "db": "BID",
        "id": "73247"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-437"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2014-9209",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.4,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 6.9,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2014-9209",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2015-02027",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "99eb7bca-2351-11e6-abef-000c29c66e3d",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.4,
            "id": "VHN-77154",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-9209",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2015-02027",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201503-437",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "99eb7bca-2351-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-77154",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "99eb7bca-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-02027"
      },
      {
        "db": "VULHUB",
        "id": "VHN-77154"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008004"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-9209"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-437"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. Supplementary information : CWE Vulnerability type by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified. http://cwe.mitre.org/data/definitions/426.htmlLocal users can detect Trojans in unspecified directories DLL You may get permission through. The FactoryTalk Services Platform provides routine services (such as diagnostics, health monitoring services, and real-time data access) for products and applications in the FactoryTalk system. FactoryTalk View Studio is a configuration software for developing or testing machine-level or monitoring management-level Human Machine Interface (HMI) applications. Multiple native code execution vulnerabilities exist in multiple Rockwell Automation product DLL loads. An attacker can exploit arbitrary exploits and system privileges to execute arbitrary code. Failed attempts may lead to denial-of-service conditions. \nThe following products are affected:\nFactoryTalk Services Platform prior to 2.71.00\nFactoryTalk View Studio versions 8.00.00 and prior. A local attacker can use the Trojan horse DLL file to exploit this vulnerability to gain permissions",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-9209"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008004"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-02027"
      },
      {
        "db": "BID",
        "id": "73247"
      },
      {
        "db": "IVD",
        "id": "99eb7bca-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "VULHUB",
        "id": "VHN-77154"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-9209",
        "trust": 3.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-15-062-02",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "73247",
        "trust": 1.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-437",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-02027",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008004",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "99EB7BCA-2351-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-77154",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "99eb7bca-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-02027"
      },
      {
        "db": "VULHUB",
        "id": "VHN-77154"
      },
      {
        "db": "BID",
        "id": "73247"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008004"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-9209"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-437"
      }
    ]
  },
  "id": "VAR-201503-0335",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "99eb7bca-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-02027"
      },
      {
        "db": "VULHUB",
        "id": "VHN-77154"
      }
    ],
    "trust": 1.43055555
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "99eb7bca-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-02027"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:34:30.095000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Rockwell Software",
        "trust": 0.8,
        "url": "http://www.rockwellautomation.com/rockwellsoftware/overview.page?"
      },
      {
        "title": "Multiple Rockwell Automation product DLLs load patches with multiple native code execution vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/56682"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-02027"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008004"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008004"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-9209"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-15-062-02"
      },
      {
        "trust": 1.7,
        "url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/646323"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/bid/73247"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9209"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9209"
      },
      {
        "trust": 0.3,
        "url": "http://www.rockwellautomation.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-02027"
      },
      {
        "db": "VULHUB",
        "id": "VHN-77154"
      },
      {
        "db": "BID",
        "id": "73247"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008004"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-9209"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-437"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "99eb7bca-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-02027"
      },
      {
        "db": "VULHUB",
        "id": "VHN-77154"
      },
      {
        "db": "BID",
        "id": "73247"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008004"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-9209"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-437"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-03-28T00:00:00",
        "db": "IVD",
        "id": "99eb7bca-2351-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2015-03-27T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-02027"
      },
      {
        "date": "2015-03-31T00:00:00",
        "db": "VULHUB",
        "id": "VHN-77154"
      },
      {
        "date": "2015-03-20T00:00:00",
        "db": "BID",
        "id": "73247"
      },
      {
        "date": "2015-04-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-008004"
      },
      {
        "date": "2015-03-31T01:59:19.783000",
        "db": "NVD",
        "id": "CVE-2014-9209"
      },
      {
        "date": "2015-03-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201503-437"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-03-28T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-02027"
      },
      {
        "date": "2015-03-31T00:00:00",
        "db": "VULHUB",
        "id": "VHN-77154"
      },
      {
        "date": "2015-03-20T00:00:00",
        "db": "BID",
        "id": "73247"
      },
      {
        "date": "2015-04-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-008004"
      },
      {
        "date": "2015-03-31T17:02:49.090000",
        "db": "NVD",
        "id": "CVE-2014-9209"
      },
      {
        "date": "2015-03-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201503-437"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "73247"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-437"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Rockwell Automation FactoryTalk Services Platform and  FactoryTalk View Studio of  Clean Utility Application vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008004"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Input validation",
    "sources": [
      {
        "db": "IVD",
        "id": "99eb7bca-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-437"
      }
    ],
    "trust": 0.8
  }
}

GHSA-C55R-PFVH-5V9W

Vulnerability from github – Published: 2022-05-17 04:14 – Updated: 2022-05-17 04:14

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-9209"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-03-31T01:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.",
  "id": "GHSA-c55r-pfvh-5v9w",
  "modified": "2022-05-17T04:14:15Z",
  "published": "2022-05-17T04:14:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9209"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-062-02"
    },
    {
      "type": "WEB",
      "url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/646323"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

ICSA-15-062-02

Vulnerability from csaf_cisa - Published: 2015-12-04 07:00 - Updated: 2025-06-25 22:54

Summary

Rockwell Automation FactoryTalk DLL Hijacking Vulnerabilities

Notes

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation.

Recommended Practices

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Recommended Practices

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

Recommended Practices

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Recommended Practices

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Recommended Practices

CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "central@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-15-062-02 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2015/icsa-15-062-02.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-15-062-02 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-062-02"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
      }
    ],
    "title": "Rockwell Automation FactoryTalk DLL Hijacking Vulnerabilities",
    "tracking": {
      "current_release_date": "2025-06-25T22:54:01.269590Z",
      "generator": {
        "date": "2025-06-25T22:54:01.269559Z",
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-15-062-02",
      "initial_release_date": "2015-12-04T07:00:00.000000Z",
      "revision_history": [
        {
          "date": "2015-12-04T07:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "Initial Publication"
        },
        {
          "date": "2025-06-25T22:54:01.269590Z",
          "legacy_version": "CSAF Conversion",
          "number": "2",
          "summary": "Advisory converted into a CSAF"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c2.71.00",
                "product": {
                  "name": "Rockwell Automation FactoryTalk Services Platform: \u003c2.71.00",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "FactoryTalk Services Platform"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=8.00.00",
                "product": {
                  "name": "Rockwell Automation FactoryTalk View Studio: \u003c=8.00.00",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "FactoryTalk View Studio"
          }
        ],
        "category": "vendor",
        "name": "Rockwell Automation"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2014-9209",
      "cwe": {
        "id": "CWE-427",
        "name": "Uncontrolled Search Path Element"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Rockwell Automation recommends users log into their web site, review their advisory notice, and apply patch software located at: (https://rockwellautomation.custhelp.com/app/answers/detail/a_id/646323)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/646323"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "baseScore": 6.9,
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    }
  ]
}

GSD-2014-9209

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2014-9209

Aliases

CVE-2014-9209

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-9209",
    "description": "Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.",
    "id": "GSD-2014-9209"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-9209"
      ],
      "details": "Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.",
      "id": "GSD-2014-9209",
      "modified": "2023-12-13T01:22:48.573621Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "ID": "CVE-2014-9209",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/646323",
            "refsource": "MISC",
            "url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/646323"
          },
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-062-02",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-062-02"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:rockwellautomation:factorytalk_services_platform:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.70.00",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rockwellautomation:factorytalk_view_studio:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.00.00",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2014-9209"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/646323",
              "refsource": "MISC",
              "tags": [],
              "url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/646323"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-062-02",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-062-02"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2015-03-31T17:02Z",
      "publishedDate": "2015-03-31T01:59Z"
    }
  }
}

FKIE_CVE-2014-9209

Vulnerability from fkie_nvd - Published: 2015-03-31 01:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
ics-cert@hq.dhs.gov	https://ics-cert.us-cert.gov/advisories/ICSA-15-062-02	Third Party Advisory, US Government Resource
ics-cert@hq.dhs.gov	https://rockwellautomation.custhelp.com/app/answers/detail/a_id/646323
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-15-062-02	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://rockwellautomation.custhelp.com/app/answers/detail/a_id/646323

Impacted products

	Vendor	Product	Version
	rockwellautomation	factorytalk_services_platform	*
	rockwellautomation	factorytalk_view_studio	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rockwellautomation:factorytalk_services_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E53CB65-3967-4640-B69B-43187AC28CE7",
              "versionEndIncluding": "2.70.00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rockwellautomation:factorytalk_view_studio:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A74F778A-7FED-45F5-8BF7-27A3B5DAED41",
              "versionEndIncluding": "8.00.00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en la aplicaci\u00f3n Clean Utility en Rockwell Automation FactoryTalk Services Platform anterior a 2.71.00 y FactoryTalk View Studio 8.00.00 y anteriores permite a usuarios locales ganar privilegios a trav\u00e9s de un DLL troyano en un directorio no especificado."
    }
  ],
  "evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/426.html\"\u003eCWE-426: Untrusted Search Path\u003c/a\u003e",
  "id": "CVE-2014-9209",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-03-31T01:59:19.783",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-062-02"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/646323"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-062-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/646323"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2015-02027

Vulnerability from cnvd - Published: 2015-03-27

Title

多个Rockwell Automation产品DLL加载存在多个本地代码执行漏洞

Description

FactoryTalk Services Platform为FactoryTalk系统中的产品和应用程序提供常规. 服务（如诊断信息、健康监视服务和实时数据访问）。FactoryTalk View Studio 是用于开发或测试机器级或者监控管理级人机交互界面(HMI)应用项目的组态软件。多个Rockwell Automation产品DLL加载存在多个本地代码执行漏洞。攻击者可以利用漏洞与系统特权执行任意代码。

Severity

中

Patch Name

多个Rockwell Automation产品DLL加载存在多个本地代码执行漏洞的补丁

Patch Description

Formal description

用户可联系供应商获得补丁信息： http://www.rockwellautomation.com/

Reference

http://www.securityfocus.com/bid/73247

Impacted products

Name
['Rockwell Automation FactoryTalk Services Platform < 2.71.00', 'Rockwell Automation FactoryTalk View Studio <= 8.00.00']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "73247"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2014-9209"
    }
  },
  "description": "FactoryTalk Services Platform\u4e3aFactoryTalk\u7cfb\u7edf\u4e2d\u7684\u4ea7\u54c1\u548c\u5e94\u7528\u7a0b\u5e8f\u63d0\u4f9b\u5e38\u89c4. \u670d\u52a1\uff08\u5982\u8bca\u65ad\u4fe1\u606f\u3001\u5065\u5eb7\u76d1\u89c6\u670d\u52a1\u548c\u5b9e\u65f6\u6570\u636e\u8bbf\u95ee\uff09\u3002FactoryTalk View Studio \u662f\u7528\u4e8e\u5f00\u53d1\u6216\u6d4b\u8bd5\u673a\u5668\u7ea7\u6216\u8005\u76d1\u63a7\u7ba1\u7406\u7ea7\u4eba\u673a\u4ea4\u4e92\u754c\u9762(HMI)\u5e94\u7528\u9879\u76ee\u7684\u7ec4\u6001\u8f6f\u4ef6\u3002\r\n\r\n\u591a\u4e2aRockwell Automation\u4ea7\u54c1DLL\u52a0\u8f7d\u5b58\u5728\u591a\u4e2a\u672c\u5730\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u4e0e\u7cfb\u7edf\u7279\u6743\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Ivan Sanchez of NullCode, and Evilcode Team",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://www.rockwellautomation.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-02027",
  "openTime": "2015-03-27",
  "patchDescription": "FactoryTalk Services Platform\u4e3aFactoryTalk\u7cfb\u7edf\u4e2d\u7684\u4ea7\u54c1\u548c\u5e94\u7528\u7a0b\u5e8f\u63d0\u4f9b\u5e38\u89c4. \u670d\u52a1\uff08\u5982\u8bca\u65ad\u4fe1\u606f\u3001\u5065\u5eb7\u76d1\u89c6\u670d\u52a1\u548c\u5b9e\u65f6\u6570\u636e\u8bbf\u95ee\uff09\u3002FactoryTalk View Studio \u662f\u7528\u4e8e\u5f00\u53d1\u6216\u6d4b\u8bd5\u673a\u5668\u7ea7\u6216\u8005\u76d1\u63a7\u7ba1\u7406\u7ea7\u4eba\u673a\u4ea4\u4e92\u754c\u9762(HMI)\u5e94\u7528\u9879\u76ee\u7684\u7ec4\u6001\u8f6f\u4ef6\u3002 \r\n\r\n\u591a\u4e2aRockwell Automation\u4ea7\u54c1DLL\u52a0\u8f7d\u5b58\u5728\u591a\u4e2a\u672c\u5730\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u4e0e\u7cfb\u7edf\u7279\u6743\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u4e2aRockwell Automation\u4ea7\u54c1DLL\u52a0\u8f7d\u5b58\u5728\u591a\u4e2a\u672c\u5730\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Rockwell Automation FactoryTalk Services Platform \u003c 2.71.00",
      "Rockwell Automation FactoryTalk View Studio \u003c= 8.00.00"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/73247",
  "serverity": "\u4e2d",
  "submitTime": "2015-03-26",
  "title": "\u591a\u4e2aRockwell Automation\u4ea7\u54c1DLL\u52a0\u8f7d\u5b58\u5728\u591a\u4e2a\u672c\u5730\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-9209 (GCVE-0-2014-9209)

VAR-201503-0335

GHSA-C55R-PFVH-5V9W

ICSA-15-062-02

GSD-2014-9209

FKIE_CVE-2014-9209

CNVD-2015-02027

Tags

Sightings

Nomenclature