{"api_version":"1","generated_at":"2026-04-23T18:34:39+00:00","cve":"CVE-2014-9209","urls":{"html":"https://cve.report/CVE-2014-9209","api":"https://cve.report/api/cve/CVE-2014-9209.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2014-9209","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2014-9209"},"summary":{"title":"CVE-2014-9209","description":"Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.","state":"PUBLIC","assigner":"ics-cert@hq.dhs.gov","published_at":"2015-03-31 01:59:00","updated_at":"2015-03-31 17:02:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"https://rockwellautomation.custhelp.com/app/answers/detail/a_id/646323","name":"https://rockwellautomation.custhelp.com/app/answers/detail/a_id/646323","refsource":"MISC","tags":[],"title":"This is the Legacy Answer page, redirecting you to the new page.","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-15-062-02","name":"https://ics-cert.us-cert.gov/advisories/ICSA-15-062-02","refsource":"MISC","tags":["Third Party Advisory","US Government Resource"],"title":"Rockwell Automation FactoryTalk DLL Hijacking Vulnerabilities | ICS-CERT","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2014-9209","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-9209","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2014","cve_id":"9209","vulnerable":"1","versionEndIncluding":"2.70.00","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"rockwellautomation","cpe5":"factorytalk_services_platform","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"9209","vulnerable":"1","versionEndIncluding":"8.00.00","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"rockwellautomation","cpe5":"factorytalk_view_studio","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"ics-cert@hq.dhs.gov","ID":"CVE-2014-9209","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://rockwellautomation.custhelp.com/app/answers/detail/a_id/646323","refsource":"MISC","url":"https://rockwellautomation.custhelp.com/app/answers/detail/a_id/646323"},{"name":"https://ics-cert.us-cert.gov/advisories/ICSA-15-062-02","refsource":"MISC","url":"https://ics-cert.us-cert.gov/advisories/ICSA-15-062-02"}]}},"nvd":{"publishedDate":"2015-03-31 01:59:00","lastModifiedDate":"2015-03-31 17:02:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":6.9},"severity":"MEDIUM","exploitabilityScore":3.4,"impactScore":10,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:rockwellautomation:factorytalk_view_studio:*:*:*:*:*:*:*:*","versionEndIncluding":"8.00.00","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:rockwellautomation:factorytalk_services_platform:*:*:*:*:*:*:*:*","versionEndIncluding":"2.70.00","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2014","CveId":"9209","Ordinal":"76628","Title":"CVE-2014-9209","CVE":"CVE-2014-9209","Year":"2014"},"notes":[{"CveYear":"2014","CveId":"9209","Ordinal":"1","NoteData":"Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.","Type":"Description","Title":null},{"CveYear":"2014","CveId":"9209","Ordinal":"2","NoteData":"2015-03-30","Type":"Other","Title":"Published"},{"CveYear":"2014","CveId":"9209","Ordinal":"3","NoteData":"2015-03-30","Type":"Other","Title":"Modified"}]}}}