CVE-2015-3940 - Multistory Tropicbird

Description

Untrusted search path vulnerability in Schneider Electric Wonderware System Platform before 2014 R2 Patch 01 allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.

Reference

https://ics-cert.us-cert.gov/advisories/ICSA-15-169-02 http://iom.invensys.com/EN/pdfLibrary/Security_Bulletin_LFSEC00000106.pdf http://www.securityfocus.com/bid/75297 http://www.securitytracker.com/id/1033180 http://www.securitytracker.com/id/1033179