CVE-2015-0980

SCADA Engine BACnet OPC Server < 2.1.359.22 - Remote Code Execution via Format String Specifiers

Title source: llm
STIX 2.1

Description

Format string vulnerability in BACnOPCServer.exe in the SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to execute arbitrary code via format string specifiers in a request.

References (1)

Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-15-069-03

Scores

EPSS 0.0362
EPSS Percentile 88.1%

Details

CWE
CWE-20
Status published
Products (1)
scadaengine/bacnet_opc_server < 2.1.359.22
Published Mar 14, 2015
Tracked Since Feb 18, 2026