var-201402-0350
Vulnerability from variot
Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Schneider Electric OFS Client. User interaction is required to exploit this vulnerability in that the target must load a malicious file.The specific flaw exists within the parsing of the configuration file. A crafted configuration file will result in an exploitable stack buffer overflow. An attacker can use this to execute arbitrary code in the context of the OFS Client. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. The SESU tool used by several of these products is used to update software on Windows PC systems. Failed exploit attempts will result in a denial-of-service condition. Schneider Electric OPC Factory Server (OFS) is a set of data communication editing software of French Schneider Electric (Schneider Electric). The software supports important information access, open page design, transparent architecture and interoperability, etc., enabling users to obtain good process and communication effects. The following versions are affected: Schneider Electric OFS TLXCDSUOFS33 - version 3.35, TLXCDSTOFS33 - version 3.35, TLXCDLUOFS33 - version 3.35, TLXCDLTOFS33 - version 3.35, TLXCDLFOFS33 - version 3.35
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "opc factory server",
"scope": "eq",
"trust": 2.4,
"vendor": "schneider electric",
"version": "3.35"
},
{
"_id": null,
"model": "ofs test client tlxcdsuofs33",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "3.35"
},
{
"_id": null,
"model": "ofs test client tlxcdstofs33",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "3.35"
},
{
"_id": null,
"model": "ofs test client tlxcdlfofs33",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "3.35"
},
{
"_id": null,
"model": "ofs test client tlxcdltofs33",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "3.35"
},
{
"_id": null,
"model": "ofs test client tlxcdluofs33",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "3.35"
},
{
"_id": null,
"model": "tlxcdlfofs33",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "3.35"
},
{
"_id": null,
"model": "tlxcdltofs33",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "3.35"
},
{
"_id": null,
"model": "tlxcdluofs33",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "3.35"
},
{
"_id": null,
"model": "tlxcdstofs33",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "3.35"
},
{
"_id": null,
"model": "tlxcdsuofs33",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "3.35"
},
{
"_id": null,
"model": "opc factory server",
"scope": null,
"trust": 0.7,
"vendor": "schneider electric",
"version": null
},
{
"_id": null,
"model": "electric opc factory server",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "3.35"
},
{
"_id": null,
"model": "electric ofs test client tlxcdlfofs33",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "3.35"
},
{
"_id": null,
"model": "electric ofs test client tlxcdltofs33",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "3.35"
},
{
"_id": null,
"model": "electric ofs test client tlxcdluofs33",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "3.35"
},
{
"_id": null,
"model": "electric ofs test client tlxcdstofs33",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "3.35"
},
{
"_id": null,
"model": "electric ofs test client tlxcdsuofs33",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "3.35"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ofs test client tlxcdlfofs33",
"version": "3.35"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ofs test client tlxcdltofs33",
"version": "3.35"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ofs test client tlxcdluofs33",
"version": "3.35"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ofs test client tlxcdstofs33",
"version": "3.35"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ofs test client tlxcdsuofs33",
"version": "3.35"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "opc factory server",
"version": "3.35"
}
],
"sources": [
{
"db": "IVD",
"id": "301bda5e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-054"
},
{
"db": "CNVD",
"id": "CNVD-2014-01433"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001524"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-480"
},
{
"db": "NVD",
"id": "CVE-2014-0774"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:opc_factory_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:ofs_test_client_tlxcdlfofs33",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:ofs_test_client_tlxcdltofs33",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:ofs_test_client_tlxcdluofs33",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:ofs_test_client_tlxcdstofs33",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:ofs_test_client_tlxcdsuofs33",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001524"
}
]
},
"credits": {
"_id": null,
"data": "0x7A240E67",
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-054"
}
],
"trust": 0.7
},
"cve": "CVE-2014-0774",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CVE-2014-0774",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.1,
"id": "CVE-2014-0774",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CNVD-2014-01433",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "301bda5e-2352-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "VHN-68267",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-0774",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-0774",
"trust": 0.8,
"value": "Medium"
},
{
"author": "ZDI",
"id": "CVE-2014-0774",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-01433",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201402-480",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "301bda5e-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-68267",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "301bda5e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-054"
},
{
"db": "CNVD",
"id": "CNVD-2014-01433"
},
{
"db": "VULHUB",
"id": "VHN-68267"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001524"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-480"
},
{
"db": "NVD",
"id": "CVE-2014-0774"
}
]
},
"description": {
"_id": null,
"data": "Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Schneider Electric OFS Client. User interaction is required to exploit this vulnerability in that the target must load a malicious file.The specific flaw exists within the parsing of the configuration file. A crafted configuration file will result in an exploitable stack buffer overflow. An attacker can use this to execute arbitrary code in the context of the OFS Client. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. The SESU tool used by several of these products is used to update software on Windows PC systems. Failed exploit attempts will result in a denial-of-service condition. Schneider Electric OPC Factory Server (OFS) is a set of data communication editing software of French Schneider Electric (Schneider Electric). The software supports important information access, open page design, transparent architecture and interoperability, etc., enabling users to obtain good process and communication effects. The following versions are affected: Schneider Electric OFS TLXCDSUOFS33 - version 3.35, TLXCDSTOFS33 - version 3.35, TLXCDLUOFS33 - version 3.35, TLXCDLTOFS33 - version 3.35, TLXCDLFOFS33 - version 3.35",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0774"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001524"
},
{
"db": "ZDI",
"id": "ZDI-14-054"
},
{
"db": "CNVD",
"id": "CNVD-2014-01433"
},
{
"db": "BID",
"id": "65871"
},
{
"db": "IVD",
"id": "301bda5e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-68267"
}
],
"trust": 3.33
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2014-0774",
"trust": 4.3
},
{
"db": "ICS CERT",
"id": "ICSA-14-058-02",
"trust": 2.5
},
{
"db": "BID",
"id": "65871",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201402-480",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-01433",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001524",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1881",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-054",
"trust": 0.7
},
{
"db": "IVD",
"id": "301BDA5E-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-68267",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "301bda5e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-054"
},
{
"db": "CNVD",
"id": "CNVD-2014-01433"
},
{
"db": "VULHUB",
"id": "VHN-68267"
},
{
"db": "BID",
"id": "65871"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001524"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-480"
},
{
"db": "NVD",
"id": "CVE-2014-0774"
}
]
},
"id": "VAR-201402-0350",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "301bda5e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-01433"
},
{
"db": "VULHUB",
"id": "VHN-68267"
}
],
"trust": 1.7333333333333334
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "301bda5e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-01433"
}
]
},
"last_update_date": "2024-11-23T23:02:50.131000Z",
"patch": {
"_id": null,
"data": [
{
"title": "SEVD 2014-031-01",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01"
},
{
"title": "Schneider Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-058-02"
},
{
"title": "Patch for Schneider Electric OPC Factory Server Privilege Escalation Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/44015"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-054"
},
{
"db": "CNVD",
"id": "CNVD-2014-01433"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001524"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68267"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001524"
},
{
"db": "NVD",
"id": "CVE-2014-0774"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.2,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-058-02"
},
{
"trust": 1.7,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-031-01"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0774"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/65871"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0774"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-054"
},
{
"db": "CNVD",
"id": "CNVD-2014-01433"
},
{
"db": "VULHUB",
"id": "VHN-68267"
},
{
"db": "BID",
"id": "65871"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001524"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-480"
},
{
"db": "NVD",
"id": "CVE-2014-0774"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "301bda5e-2352-11e6-abef-000c29c66e3d",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-14-054",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2014-01433",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-68267",
"ident": null
},
{
"db": "BID",
"id": "65871",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001524",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201402-480",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2014-0774",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2014-03-05T00:00:00",
"db": "IVD",
"id": "301bda5e-2352-11e6-abef-000c29c66e3d",
"ident": null
},
{
"date": "2014-04-03T00:00:00",
"db": "ZDI",
"id": "ZDI-14-054",
"ident": null
},
{
"date": "2014-03-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01433",
"ident": null
},
{
"date": "2014-02-28T00:00:00",
"db": "VULHUB",
"id": "VHN-68267",
"ident": null
},
{
"date": "2014-02-27T00:00:00",
"db": "BID",
"id": "65871",
"ident": null
},
{
"date": "2014-03-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001524",
"ident": null
},
{
"date": "2014-02-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201402-480",
"ident": null
},
{
"date": "2014-02-28T06:18:54.277000",
"db": "NVD",
"id": "CVE-2014-0774",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2014-04-03T00:00:00",
"db": "ZDI",
"id": "ZDI-14-054",
"ident": null
},
{
"date": "2014-03-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01433",
"ident": null
},
{
"date": "2015-10-16T00:00:00",
"db": "VULHUB",
"id": "VHN-68267",
"ident": null
},
{
"date": "2014-08-01T00:02:00",
"db": "BID",
"id": "65871",
"ident": null
},
{
"date": "2014-03-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001524",
"ident": null
},
{
"date": "2014-03-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201402-480",
"ident": null
},
{
"date": "2024-11-21T02:02:47.127000",
"db": "NVD",
"id": "CVE-2014-0774",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "BID",
"id": "65871"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-480"
}
],
"trust": 0.9
},
"title": {
"_id": null,
"data": "Schneider Electric OPC Factory Server of C++ Sample client stack-based buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001524"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "301bda5e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-480"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.