Search Results (Refine Search)
- Keyword (text search): OPC
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-5158 |
Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAP_SYS_RAWIO permissions to cause a denial of service (instance crash) via an invalid opcode in a SCSI command descriptor block. Published: April 11, 2016; 9:59:20 PM -0400 |
V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2016-0994 |
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code by using the actionCallMethod opcode with crafted arguments, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. Published: March 12, 2016; 10:59:14 AM -0500 |
V3.1: 8.8 HIGH V2.0: 9.3 HIGH |
CVE-2015-8277 |
Multiple buffer overflows in (1) lmgrd and (2) Vendor Daemon in Flexera FlexNet Publisher before 11.13.1.2 Security Update 1 allow remote attackers to execute arbitrary code via a crafted packet with opcode (a) 0x107 or (b) 0x10a. Published: February 23, 2016; 10:59:00 PM -0500 |
V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2015-7917 |
Untrusted search path vulnerability in Open Automation OPC Systems.NET 8.00.0023 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. Published: December 22, 2015; 10:59:04 PM -0500 |
V3.0: 7.2 HIGH V2.0: 6.9 MEDIUM |
CVE-2015-6460 |
Multiple heap-based buffer overflows in 3S-Smart CODESYS Gateway Server before 2.3.9.34 allow remote attackers to execute arbitrary code via opcode (1) 0x3ef or (2) 0x3f0. Published: September 18, 2015; 6:59:08 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-3239 |
Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes. Published: August 26, 2015; 3:59:04 PM -0400 |
V3.x:(not available) V2.0: 3.3 LOW |
CVE-2014-9204 |
Stack-based buffer overflow in OPCTest.exe in Rockwell Automation RSLinx Classic before 3.73.00 allows remote attackers to execute arbitrary code via a crafted CSV file. Published: May 16, 2015; 9:59:00 PM -0400 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2015-0992 |
Inductive Automation Ignition 7.7.2 stores cleartext OPC Server credentials, which allows local users to obtain sensitive information via unspecified vectors. Published: April 03, 2015; 6:59:14 AM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2015-1351 |
Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Published: March 30, 2015; 6:59:07 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-0999 |
Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 store cleartext OPC User credentials in a configuration file, which allows local users to obtain sensitive information by reading this file. Published: March 29, 2015; 6:59:08 AM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2015-0981 |
The SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to bypass authentication and read or write to arbitrary database fields via unspecified vectors. Published: March 13, 2015; 9:59:13 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-0980 |
Format string vulnerability in BACnOPCServer.exe in the SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to execute arbitrary code via format string specifiers in a request. Published: March 13, 2015; 9:59:12 PM -0400 |
V3.x:(not available) V2.0: 9.0 HIGH |
CVE-2015-0979 |
Heap-based buffer overflow in the SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to execute arbitrary code via a crafted packet. Published: March 13, 2015; 9:59:11 PM -0400 |
V3.x:(not available) V2.0: 9.0 HIGH |
CVE-2014-100014 |
Multiple stack-based buffer overflows in pdmwService.exe in SolidWorks Workgroup PDM 2014 SP2 allow remote attackers to execute arbitrary code via a long string in a (1) 2001, (2) 2002, or (3) 2003 opcode to port 3000. Published: January 13, 2015; 10:59:03 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-5426 |
MatrikonOPC OPC Server for DNP3 1.2.3 and earlier allows remote attackers to cause a denial of service (unhandled exception and DNP3 process crash) via a crafted message. Published: November 27, 2014; 10:59:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-5503 |
SQL injection vulnerability in the Guest Login Portal in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary SQL commands via the add_guest_user opcode. Published: October 07, 2014; 10:55:06 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2014-5502 |
The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote authenticated users to inject arbitrary commands via a (1) checkcert_key, (2) webclient_portal_settings, (3) sslvpn_liveuser_delete, or (4) ccc_flush_sql_file opcode. Published: October 07, 2014; 10:55:06 AM -0400 |
V3.x:(not available) V2.0: 9.0 HIGH |
CVE-2014-3529 |
The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Published: September 04, 2014; 1:55:05 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-5160 |
Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this behavior is "by design. Published: August 01, 2014; 7:13:09 AM -0400 |
V3.x:(not available) V2.0: 6.4 MEDIUM |
CVE-2014-0777 |
The Modbus slave/outstation driver in the OPC Drivers 1.0.20 and earlier in IOServer OPC Server allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted packet. Published: April 11, 2014; 12:55:03 PM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |