CVE-2014-0774
Schneider Electric OPC Factory Server OFS Client Stack Buffer Overflow Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file.
Desbordamiento de buffer basado en pila en el cliente C++ de ejemplo en Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35 y TLXCDLFOFS33 - 3.35 permite a usuarios locales ganar privilegios a través de vectores involucrando un archivo de configuración malformado.
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Schneider Electric OFS Client. User interaction is required to exploit this vulnerability in that the target must load a malicious file.
The specific flaw exists within the parsing of the configuration file. A crafted configuration file will result in an exploitable stack buffer overflow. An attacker can use this to execute arbitrary code in the context of the OFS Client.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-01-02 CVE Reserved
- 2014-02-28 CVE Published
- 2024-08-06 CVE Updated
- 2024-09-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://ics-cert.us-cert.gov/advisories/ICSA-14-058-02 | Third Party Advisory | |
| http://www.securityfocus.com/bid/65871 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01 | 2015-10-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Schneider-electric Search vendor "Schneider-electric" | Ofs Test Client Tlxcdlfofs33 Search vendor "Schneider-electric" for product "Ofs Test Client Tlxcdlfofs33" | 3.35 Search vendor "Schneider-electric" for product "Ofs Test Client Tlxcdlfofs33" and version "3.35" | - |
Affected
| ||||||
| Schneider-electric Search vendor "Schneider-electric" | Ofs Test Client Tlxcdltofs33 Search vendor "Schneider-electric" for product "Ofs Test Client Tlxcdltofs33" | 3.35 Search vendor "Schneider-electric" for product "Ofs Test Client Tlxcdltofs33" and version "3.35" | - |
Affected
| ||||||
| Schneider-electric Search vendor "Schneider-electric" | Ofs Test Client Tlxcdluofs33 Search vendor "Schneider-electric" for product "Ofs Test Client Tlxcdluofs33" | 3.35 Search vendor "Schneider-electric" for product "Ofs Test Client Tlxcdluofs33" and version "3.35" | - |
Affected
| ||||||
| Schneider-electric Search vendor "Schneider-electric" | Ofs Test Client Tlxcdstofs33 Search vendor "Schneider-electric" for product "Ofs Test Client Tlxcdstofs33" | 3.35 Search vendor "Schneider-electric" for product "Ofs Test Client Tlxcdstofs33" and version "3.35" | - |
Affected
| ||||||
| Schneider-electric Search vendor "Schneider-electric" | Ofs Test Client Tlxcdsuofs33 Search vendor "Schneider-electric" for product "Ofs Test Client Tlxcdsuofs33" | 3.35 Search vendor "Schneider-electric" for product "Ofs Test Client Tlxcdsuofs33" and version "3.35" | - |
Affected
| ||||||
| Schneider-electric Search vendor "Schneider-electric" | Opc Factory Server Search vendor "Schneider-electric" for product "Opc Factory Server" | 3.35 Search vendor "Schneider-electric" for product "Opc Factory Server" and version "3.35" | - |
Affected
| ||||||