CVE-2014-9200

01.02.2015, 15:59

Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library 1.0.0 and earlier, EM X80 Gateway DTM (MB TCP/SL), Advantys DTM for OTB, Advantys DTM for STB, KINOS DTM, SOLO DTM, and Xantrex DTMs allows remote attackers to execute arbitrary code via unspecified vectors.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	7.5 UNKNOWN	NETWORK	LOW	AV:N/AC:L/Au:N/C:P/I:P/A:P
icscert	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 79%

Vendor	Product	Version
schneider-electric	somachine	-
schneider-electric	somove	-
schneider-electric	somove_lite	-
schneider-electric	unity_pro	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-009-01

http://www.securityfocus.com/bid/72335

https://ics-cert.us-cert.gov/advisories/ICSA-15-027-02

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-009-01

http://www.securityfocus.com/bid/72335

https://ics-cert.us-cert.gov/advisories/ICSA-15-027-02