CVE-2015-1006

moderate-risk
Published 2019-05-10

A vulnerable file in Opto 22 PAC Project Professional versions prior to R9.4006, PAC Project Basic versions prior to R9.4006, PAC Display Basic versions prior to R9.4f, PAC Display Professional versions prior to R9.4f, OptoOPCServer versions prior to R9.4c, and OptoDataLink version R9.4d and prior versions that were installed by PAC Project installer, versions prior to R9.4006, is susceptible to a heap-based buffer overflow condition that may allow remote code execution on the target system. Opto 22 suggests upgrading to the new product version as soon as possible.

Do I need to act?

-
0.86% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (6)

Optodatalink
Optoopcserver
Pac Display
Pac Display
Pac Project
Pac Project

Affected Vendors

Opto22

References (2)

Mitigation https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01
Mitigation https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01
48
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 3/34 · Minimal
Exposure 13/34 · Low