CVE-2014-0789

Schneider Electric OPC Factory Server Buffer Overflow

CVSS 5 EPSS 2.5%CWE-122

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 5EPSS 2.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

04 abr 2014Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Multiple buffer overflows in the OPC Automation 2.0 Server Object ActiveX control in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 3.5 and earlier, TLXCDSTOFS33 3.5 and earlier, TLXCDLUOFS33 3.5 and earlier, TLXCDLTOFS33 3.5 and earlier, and TLXCDLFOFS33 3.5 and earlier allow remote attackers to cause a denial of service via long arguments to unspecified functions.

AV:N/AC:L/Au:N/C:N/I:N/A:P

Productos afectados

Schneider Electric · OPC Factory Server (OFS)

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://ics-cert.us-cert.gov/advisories/ICSA-14-093-01 https://www.cisa.gov/news-events/ics-advisories/icsa-14-093-01 http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cybersecurity.page http://www.schneider-electric.com/corporate/en/support/cybersecurity/viewer-news.page?c_filepath=/templatedata/Content/News/data/en/local/cybersecurity/general_information/2014/03/20140325_vulnerability_disclosure_opc_factory_server.xml