CVE-2014-0774

Schneider Electric OFS Stack Buffer Overflow

CVSS 6.8 EPSS 0.5%CWE-121

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 6.8EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

28 Feb 2014Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file.

AV:L/AC:L/Au:S/C:C/I:C/A:C

Affected products

Schneider Electric · TLXCDLFOFS33 Schneider Electric · TLXCDLTOFS33 Schneider Electric · TLXCDLUOFS33 Schneider Electric · TLXCDSTOFS33 Schneider Electric · TLXCDSUOFS33

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01 http://ics-cert.us-cert.gov/advisories/ICSA-14-058-02 https://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01 https://www.cisa.gov/news-events/ics-advisories/icsa-14-058-02 http://www.securityfocus.com/bid/65871