|CVSS SCORE||6.8, (AV:N/AC:M/Au:N/C:P/I:P/A:P)|
VisiLogic OPLC IDE
The specific flaw exists within processing of the PostDataB and FirewallDataB properties of the IPWorksSSL.HTTPS.1 ActiveX control. Both properties take a value from the script and treat it as the address of a SafeArray and then process information from the SafeArray structure. An attacker can leverage this type confusion to execute arbitrary code under the context of the process.
Unitronics has issued an update to correct this vulnerability. More details can be found at:
https://ics-cert.us-cert.gov/advisories/ICSA-15-274-02 Unitronics has issued an update to correct this vulnerability. More details can be found at:
|CREDIT||Andrea Micalizzi (rgod)