VAR-201503-0335
Vulnerability from variot - Updated: 2023-12-18 13:34Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. Supplementary information : CWE Vulnerability type by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified. http://cwe.mitre.org/data/definitions/426.htmlLocal users can detect Trojans in unspecified directories DLL You may get permission through. The FactoryTalk Services Platform provides routine services (such as diagnostics, health monitoring services, and real-time data access) for products and applications in the FactoryTalk system. FactoryTalk View Studio is a configuration software for developing or testing machine-level or monitoring management-level Human Machine Interface (HMI) applications. Multiple native code execution vulnerabilities exist in multiple Rockwell Automation product DLL loads. An attacker can exploit arbitrary exploits and system privileges to execute arbitrary code. Failed attempts may lead to denial-of-service conditions. The following products are affected: FactoryTalk Services Platform prior to 2.71.00 FactoryTalk View Studio versions 8.00.00 and prior. A local attacker can use the Trojan horse DLL file to exploit this vulnerability to gain permissions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201503-0335",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "factorytalk view studio",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "8.00.00"
},
{
"model": "factorytalk services platform",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "2.70.00"
},
{
"model": "factorytalk services platform",
"scope": "lt",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "2.71.00"
},
{
"model": "factorytalk view studio",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "8.00.00"
},
{
"model": "automation factorytalk services platform",
"scope": "lt",
"trust": 0.6,
"vendor": "rockwell",
"version": "2.71.00"
},
{
"model": "automation factorytalk view studio",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=8.00.00"
},
{
"model": "factorytalk services platform",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "2.70.00"
},
{
"model": "factorytalk view studio",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "8.00.00"
},
{
"model": "automation factorytalk view studio",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "8.00.00"
},
{
"model": "automation factorytalk services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation factorytalk services platform",
"scope": "ne",
"trust": 0.3,
"vendor": "rockwell",
"version": "2.71.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "factorytalk services platform",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "factorytalk view studio",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "99eb7bca-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02027"
},
{
"db": "BID",
"id": "73247"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008004"
},
{
"db": "NVD",
"id": "CVE-2014-9209"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-437"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:rockwellautomation:factorytalk_services_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.70.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rockwellautomation:factorytalk_view_studio:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.00.00",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9209"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ivan Sanchez of NullCode, and Evilcode Team.",
"sources": [
{
"db": "BID",
"id": "73247"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-437"
}
],
"trust": 0.9
},
"cve": "CVE-2014-9209",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.9,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2014-9209",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2015-02027",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "99eb7bca-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "VHN-77154",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-9209",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-02027",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201503-437",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "99eb7bca-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-77154",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "99eb7bca-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02027"
},
{
"db": "VULHUB",
"id": "VHN-77154"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008004"
},
{
"db": "NVD",
"id": "CVE-2014-9209"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-437"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. Supplementary information : CWE Vulnerability type by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified. http://cwe.mitre.org/data/definitions/426.htmlLocal users can detect Trojans in unspecified directories DLL You may get permission through. The FactoryTalk Services Platform provides routine services (such as diagnostics, health monitoring services, and real-time data access) for products and applications in the FactoryTalk system. FactoryTalk View Studio is a configuration software for developing or testing machine-level or monitoring management-level Human Machine Interface (HMI) applications. Multiple native code execution vulnerabilities exist in multiple Rockwell Automation product DLL loads. An attacker can exploit arbitrary exploits and system privileges to execute arbitrary code. Failed attempts may lead to denial-of-service conditions. \nThe following products are affected:\nFactoryTalk Services Platform prior to 2.71.00\nFactoryTalk View Studio versions 8.00.00 and prior. A local attacker can use the Trojan horse DLL file to exploit this vulnerability to gain permissions",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9209"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008004"
},
{
"db": "CNVD",
"id": "CNVD-2015-02027"
},
{
"db": "BID",
"id": "73247"
},
{
"db": "IVD",
"id": "99eb7bca-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-77154"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-9209",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-062-02",
"trust": 2.8
},
{
"db": "BID",
"id": "73247",
"trust": 1.6
},
{
"db": "CNNVD",
"id": "CNNVD-201503-437",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-02027",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008004",
"trust": 0.8
},
{
"db": "IVD",
"id": "99EB7BCA-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-77154",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "99eb7bca-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02027"
},
{
"db": "VULHUB",
"id": "VHN-77154"
},
{
"db": "BID",
"id": "73247"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008004"
},
{
"db": "NVD",
"id": "CVE-2014-9209"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-437"
}
]
},
"id": "VAR-201503-0335",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "99eb7bca-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02027"
},
{
"db": "VULHUB",
"id": "VHN-77154"
}
],
"trust": 1.43055555
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "99eb7bca-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02027"
}
]
},
"last_update_date": "2023-12-18T13:34:30.095000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Rockwell Software",
"trust": 0.8,
"url": "http://www.rockwellautomation.com/rockwellsoftware/overview.page?"
},
{
"title": "Multiple Rockwell Automation product DLLs load patches with multiple native code execution vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/56682"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02027"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008004"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008004"
},
{
"db": "NVD",
"id": "CVE-2014-9209"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-062-02"
},
{
"trust": 1.7,
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/646323"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/73247"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9209"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9209"
},
{
"trust": 0.3,
"url": "http://www.rockwellautomation.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02027"
},
{
"db": "VULHUB",
"id": "VHN-77154"
},
{
"db": "BID",
"id": "73247"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008004"
},
{
"db": "NVD",
"id": "CVE-2014-9209"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-437"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "99eb7bca-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02027"
},
{
"db": "VULHUB",
"id": "VHN-77154"
},
{
"db": "BID",
"id": "73247"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008004"
},
{
"db": "NVD",
"id": "CVE-2014-9209"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-437"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-28T00:00:00",
"db": "IVD",
"id": "99eb7bca-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-03-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02027"
},
{
"date": "2015-03-31T00:00:00",
"db": "VULHUB",
"id": "VHN-77154"
},
{
"date": "2015-03-20T00:00:00",
"db": "BID",
"id": "73247"
},
{
"date": "2015-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008004"
},
{
"date": "2015-03-31T01:59:19.783000",
"db": "NVD",
"id": "CVE-2014-9209"
},
{
"date": "2015-03-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201503-437"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02027"
},
{
"date": "2015-03-31T00:00:00",
"db": "VULHUB",
"id": "VHN-77154"
},
{
"date": "2015-03-20T00:00:00",
"db": "BID",
"id": "73247"
},
{
"date": "2015-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008004"
},
{
"date": "2015-03-31T17:02:49.090000",
"db": "NVD",
"id": "CVE-2014-9209"
},
{
"date": "2015-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201503-437"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "73247"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-437"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell Automation FactoryTalk Services Platform and FactoryTalk View Studio of Clean Utility Application vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008004"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "99eb7bca-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-437"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…