Details of VAR-201503-0335

ID

VAR-201503-0335

CVE

CVE-2014-9209

TITLE

Rockwell Automation FactoryTalk Services Platform and FactoryTalk View Studio of Clean Utility Application vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-008004

DESCRIPTION

Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. Supplementary information : CWE Vulnerability type by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified. http://cwe.mitre.org/data/definitions/426.htmlLocal users can detect Trojans in unspecified directories DLL You may get permission through. The FactoryTalk Services Platform provides routine services (such as diagnostics, health monitoring services, and real-time data access) for products and applications in the FactoryTalk system. FactoryTalk View Studio is a configuration software for developing or testing machine-level or monitoring management-level Human Machine Interface (HMI) applications. Multiple native code execution vulnerabilities exist in multiple Rockwell Automation product DLL loads. An attacker can exploit arbitrary exploits and system privileges to execute arbitrary code. Failed attempts may lead to denial-of-service conditions. The following products are affected: FactoryTalk Services Platform prior to 2.71.00 FactoryTalk View Studio versions 8.00.00 and prior. A local attacker can use the Trojan horse DLL file to exploit this vulnerability to gain permissions

Trust: 2.7

sources: NVD: CVE-2014-9209 // JVNDB: JVNDB-2014-008004 // CNVD: CNVD-2015-02027 // BID: 73247 // IVD: 99eb7bca-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-77154

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 99eb7bca-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-02027

AFFECTED PRODUCTS

vendor:	rockwellautomation	model:	factorytalk view studio	scope:	lte	version:	8.00.00	Trust: 1.0
vendor:	rockwellautomation	model:	factorytalk services platform	scope:	lte	version:	2.70.00	Trust: 1.0
vendor:	rockwell automation	model:	factorytalk services platform	scope:	lt	version:	2.71.00	Trust: 0.8
vendor:	rockwell automation	model:	factorytalk view studio	scope:	lte	version:	8.00.00	Trust: 0.8
vendor:	rockwell	model:	automation factorytalk services platform	scope:	lt	version:	2.71.00	Trust: 0.6
vendor:	rockwell	model:	automation factorytalk view studio	scope:	lte	version:	<=8.00.00	Trust: 0.6
vendor:	rockwellautomation	model:	factorytalk services platform	scope:	eq	version:	2.70.00	Trust: 0.6
vendor:	rockwellautomation	model:	factorytalk view studio	scope:	eq	version:	8.00.00	Trust: 0.6
vendor:	rockwell	model:	automation factorytalk view studio	scope:	eq	version:	8.00.00	Trust: 0.3
vendor:	rockwell	model:	automation factorytalk services platform	scope:	eq	version:	0	Trust: 0.3
vendor:	rockwell	model:	automation factorytalk services platform	scope:	ne	version:	2.71.00	Trust: 0.3
vendor:	factorytalk services platform	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	factorytalk view studio	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 99eb7bca-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-02027 // BID: 73247 // JVNDB: JVNDB-2014-008004 // CNNVD: CNNVD-201503-437 // NVD: CVE-2014-9209

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-9209
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-9209
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-02027
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201503-437
value:	MEDIUM
Trust: 0.6
IVD:	99eb7bca-2351-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-77154
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-9209
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-02027
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	99eb7bca-2351-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-77154
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 99eb7bca-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-02027 // VULHUB: VHN-77154 // JVNDB: JVNDB-2014-008004 // CNNVD: CNNVD-201503-437 // NVD: CVE-2014-9209

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2014-008004 // NVD: CVE-2014-9209

THREAT TYPE

local

Trust: 0.9

sources: BID: 73247 // CNNVD: CNNVD-201503-437

TYPE

Input validation

Trust: 0.8

sources: IVD: 99eb7bca-2351-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201503-437

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-008004

PATCH

title:	Rockwell Software	url:	http://www.rockwellautomation.com/rockwellsoftware/overview.page?	Trust: 0.8
title:	Multiple Rockwell Automation product DLLs load patches with multiple native code execution vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/56682	Trust: 0.6

sources: CNVD: CNVD-2015-02027 // JVNDB: JVNDB-2014-008004

EXTERNAL IDS

db:	NVD	id:	CVE-2014-9209	Trust: 3.6
db:	ICS CERT	id:	ICSA-15-062-02	Trust: 2.8
db:	BID	id:	73247	Trust: 1.6
db:	CNNVD	id:	CNNVD-201503-437	Trust: 0.9
db:	CNVD	id:	CNVD-2015-02027	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-008004	Trust: 0.8
db:	IVD	id:	99EB7BCA-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-77154	Trust: 0.1

sources: IVD: 99eb7bca-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-02027 // VULHUB: VHN-77154 // BID: 73247 // JVNDB: JVNDB-2014-008004 // CNNVD: CNNVD-201503-437 // NVD: CVE-2014-9209

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-15-062-02	Trust: 2.8
url:	https://rockwellautomation.custhelp.com/app/answers/detail/a_id/646323	Trust: 1.7
url:	http://www.securityfocus.com/bid/73247	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9209	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9209	Trust: 0.8
url:	http://www.rockwellautomation.com/	Trust: 0.3

sources: CNVD: CNVD-2015-02027 // VULHUB: VHN-77154 // BID: 73247 // JVNDB: JVNDB-2014-008004 // CNNVD: CNNVD-201503-437 // NVD: CVE-2014-9209

CREDITS

Ivan Sanchez of NullCode, and Evilcode Team.

Trust: 0.9

sources: BID: 73247 // CNNVD: CNNVD-201503-437

SOURCES

db:	IVD	id:	99eb7bca-2351-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2015-02027
db:	VULHUB	id:	VHN-77154
db:	BID	id:	73247
db:	JVNDB	id:	JVNDB-2014-008004
db:	CNNVD	id:	CNNVD-201503-437
db:	NVD	id:	CVE-2014-9209

LAST UPDATE DATE

2025-04-13T23:09:56.119000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-02027	date:	2015-03-28T00:00:00
db:	VULHUB	id:	VHN-77154	date:	2015-03-31T00:00:00
db:	BID	id:	73247	date:	2015-03-20T00:00:00
db:	JVNDB	id:	JVNDB-2014-008004	date:	2015-04-02T00:00:00
db:	CNNVD	id:	CNNVD-201503-437	date:	2015-03-31T00:00:00
db:	NVD	id:	CVE-2014-9209	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	IVD	id:	99eb7bca-2351-11e6-abef-000c29c66e3d	date:	2015-03-28T00:00:00
db:	CNVD	id:	CNVD-2015-02027	date:	2015-03-27T00:00:00
db:	VULHUB	id:	VHN-77154	date:	2015-03-31T00:00:00
db:	BID	id:	73247	date:	2015-03-20T00:00:00
db:	JVNDB	id:	JVNDB-2014-008004	date:	2015-04-02T00:00:00
db:	CNNVD	id:	CNNVD-201503-437	date:	2015-03-24T00:00:00
db:	NVD	id:	CVE-2014-9209	date:	2015-03-31T01:59:19.783