CVE-2014-0789 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:N/I:N/A:P
icscert	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 76%

Vendor	Product	Version
schneider-electric	opc_factory_server_tlxcdlfofs	𝑥 ≤ 3.35
schneider-electric	opc_factory_server_tlxcdltofs	𝑥 ≤ 3.35
schneider-electric	opc_factory_server_tlxcdluofs	𝑥 ≤ 3.35
schneider-electric	opc_factory_server_tlxcdstofs	𝑥 ≤ 3.35
schneider-electric	opc_factory_server_tlxcdsuofs	𝑥 ≤ 3.35

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-122 - Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://www.schneider-electric.com/corporate/en/support/cybersecurity/viewer-news.page?c_filepath=/templatedata/Content/News/data/en/local/cybersecurity/general_information/2014/03/20140325_vulnerability_disclosure_opc_factory_server.xml

http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cybersecurity.page

https://www.cisa.gov/news-events/ics-advisories/icsa-14-093-01

http://ics-cert.us-cert.gov/advisories/ICSA-14-093-01

http://www.schneider-electric.com/corporate/en/support/cybersecurity/viewer-news.page?c_filepath=/templatedata/Content/News/data/en/local/cybersecurity/general_information/2014/03/20140325_vulnerability_disclosure_opc_factory_server.xml