CVE-2014-0774

Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
icscertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
VendorProductVersion
schneider-electricofs_test_client_tlxcdlfofs33
3.35
schneider-electricofs_test_client_tlxcdltofs33
3.35
schneider-electricofs_test_client_tlxcdluofs33
3.35
schneider-electricofs_test_client_tlxcdstofs33
3.35
schneider-electricofs_test_client_tlxcdsuofs33
3.35
schneider-electricopc_factory_server
3.35
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01
http://ics-cert.us-cert.gov/advisories/ICSA-14-058-02
http://www.securityfocus.com/bid/65871
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01
http://ics-cert.us-cert.gov/advisories/ICSA-14-058-02
http://www.securityfocus.com/bid/65871