CVE-2015-0980
SCADA Engine BACnet OPC Server < 2.1.359.22 - Remote Code Execution via Format String Specifiers
Title source: llmDescription
Format string vulnerability in BACnOPCServer.exe in the SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to execute arbitrary code via format string specifiers in a request.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-15-069-03
Scores
EPSS
0.0362
EPSS Percentile
88.1%
Details
CWE
CWE-20
Status
published
Products (1)
scadaengine/bacnet_opc_server
< 2.1.359.22
Published
Mar 14, 2015
Tracked Since
Feb 18, 2026