Sign-up

ID

VAR-201402-0350


CVE

CVE-2014-0774


TITLE

Schneider Electric OPC Factory Server of C++ Sample client stack-based buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-001524

DESCRIPTION

Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Schneider Electric OFS Client. User interaction is required to exploit this vulnerability in that the target must load a malicious file.The specific flaw exists within the parsing of the configuration file. A crafted configuration file will result in an exploitable stack buffer overflow. An attacker can use this to execute arbitrary code in the context of the OFS Client. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. The SESU tool used by several of these products is used to update software on Windows PC systems. Failed exploit attempts will result in a denial-of-service condition. Schneider Electric OPC Factory Server (OFS) is a set of data communication editing software of French Schneider Electric (Schneider Electric). The software supports important information access, open page design, transparent architecture and interoperability, etc., enabling users to obtain good process and communication effects. The following versions are affected: Schneider Electric OFS TLXCDSUOFS33 - version 3.35, TLXCDSTOFS33 - version 3.35, TLXCDLUOFS33 - version 3.35, TLXCDLTOFS33 - version 3.35, TLXCDLFOFS33 - version 3.35

Trust: 3.33

sources: NVD: CVE-2014-0774 // JVNDB: JVNDB-2014-001524 // ZDI: ZDI-14-054 // CNVD: CNVD-2014-01433 // BID: 65871 // IVD: 301bda5e-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-68267

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 301bda5e-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01433

AFFECTED PRODUCTS

vendor:schneider electricmodel:opc factory serverscope:eqversion:3.35

Trust: 2.4

vendor:schneider electricmodel:ofs test client tlxcdsuofs33scope:eqversion:3.35

Trust: 1.6

vendor:schneider electricmodel:ofs test client tlxcdstofs33scope:eqversion:3.35

Trust: 1.6

vendor:schneider electricmodel:ofs test client tlxcdlfofs33scope:eqversion:3.35

Trust: 1.6

vendor:schneider electricmodel:ofs test client tlxcdltofs33scope:eqversion:3.35

Trust: 1.6

vendor:schneider electricmodel:ofs test client tlxcdluofs33scope:eqversion:3.35

Trust: 1.6

vendor:schneider electricmodel:tlxcdlfofs33scope:eqversion:3.35

Trust: 0.8

vendor:schneider electricmodel:tlxcdltofs33scope:eqversion:3.35

Trust: 0.8

vendor:schneider electricmodel:tlxcdluofs33scope:eqversion:3.35

Trust: 0.8

vendor:schneider electricmodel:tlxcdstofs33scope:eqversion:3.35

Trust: 0.8

vendor:schneider electricmodel:tlxcdsuofs33scope:eqversion:3.35

Trust: 0.8

vendor:schneider electricmodel:opc factory serverscope: - version: -

Trust: 0.7

vendor:schneidermodel:electric opc factory serverscope:eqversion:3.35

Trust: 0.6

vendor:schneidermodel:electric ofs test client tlxcdlfofs33scope:eqversion:3.35

Trust: 0.6

vendor:schneidermodel:electric ofs test client tlxcdltofs33scope:eqversion:3.35

Trust: 0.6

vendor:schneidermodel:electric ofs test client tlxcdluofs33scope:eqversion:3.35

Trust: 0.6

vendor:schneidermodel:electric ofs test client tlxcdstofs33scope:eqversion:3.35

Trust: 0.6

vendor:schneidermodel:electric ofs test client tlxcdsuofs33scope:eqversion:3.35

Trust: 0.6

vendor:ofs test client tlxcdlfofs33model: - scope:eqversion:3.35

Trust: 0.2

vendor:ofs test client tlxcdltofs33model: - scope:eqversion:3.35

Trust: 0.2

vendor:ofs test client tlxcdluofs33model: - scope:eqversion:3.35

Trust: 0.2

vendor:ofs test client tlxcdstofs33model: - scope:eqversion:3.35

Trust: 0.2

vendor:ofs test client tlxcdsuofs33model: - scope:eqversion:3.35

Trust: 0.2

vendor:opc factory servermodel: - scope:eqversion:3.35

Trust: 0.2

sources: IVD: 301bda5e-2352-11e6-abef-000c29c66e3d // ZDI: ZDI-14-054 // CNVD: CNVD-2014-01433 // JVNDB: JVNDB-2014-001524 // CNNVD: CNNVD-201402-480 // NVD: CVE-2014-0774

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0774
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-0774
value: MEDIUM

Trust: 0.8

ZDI: CVE-2014-0774
value: MEDIUM

Trust: 0.7

CNVD: CNVD-2014-01433
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201402-480
value: MEDIUM

Trust: 0.6

IVD: 301bda5e-2352-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-68267
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-0774
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2014-0774
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

CNVD: CNVD-2014-01433
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 301bda5e-2352-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-68267
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 301bda5e-2352-11e6-abef-000c29c66e3d // ZDI: ZDI-14-054 // CNVD: CNVD-2014-01433 // VULHUB: VHN-68267 // JVNDB: JVNDB-2014-001524 // CNNVD: CNNVD-201402-480 // NVD: CVE-2014-0774

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-68267 // JVNDB: JVNDB-2014-001524 // NVD: CVE-2014-0774

THREAT TYPE

local

Trust: 0.9

sources: BID: 65871 // CNNVD: CNNVD-201402-480

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: 301bda5e-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201402-480

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001524

PATCH
title:SEVD 2014-031-01url:http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01
Trust: 0.8
title:Schneider Electric has issued an update to correct this vulnerability.url:http://ics-cert.us-cert.gov/advisories/ICSA-14-058-02
Trust: 0.7
title:Patch for Schneider Electric OPC Factory Server Privilege Escalation Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/44015
Trust: 0.6
sources:
            
            
            ZDI: ZDI-14-054 // 
            
            
            
            CNVD: CNVD-2014-01433 // 
            
            
            
            JVNDB: JVNDB-2014-001524

EXTERNAL IDS
db:NVDid:CVE-2014-0774
Trust: 4.3
db:ICS CERTid:ICSA-14-058-02
Trust: 2.5
db:BIDid:65871
Trust: 1.4
db:CNNVDid:CNNVD-201402-480
Trust: 0.9
db:CNVDid:CNVD-2014-01433
Trust: 0.8
db:JVNDBid:JVNDB-2014-001524
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-1881
Trust: 0.7
db:ZDIid:ZDI-14-054
Trust: 0.7
db:IVDid:301BDA5E-2352-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-68267
Trust: 0.1
sources:
            
            
            IVD: 301bda5e-2352-11e6-abef-000c29c66e3d // 
            
            
            
            ZDI: ZDI-14-054 // 
            
            
            
            CNVD: CNVD-2014-01433 // 
            
            
            
            VULHUB: VHN-68267 // 
            
            
            
            BID: 65871 // 
            
            
            
            JVNDB: JVNDB-2014-001524 // 
            
            
            
            CNNVD: CNNVD-201402-480 // 
            
            
            
            NVD: CVE-2014-0774

REFERENCES
url:http://ics-cert.us-cert.gov/advisories/icsa-14-058-02
Trust: 3.2
url:http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-031-01
Trust: 1.7
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0774
Trust: 1.4
url:http://www.securityfocus.com/bid/65871
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0774
Trust: 0.8
url:http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true
Trust: 0.3
sources:
            
            
            ZDI: ZDI-14-054 // 
            
            
            
            CNVD: CNVD-2014-01433 // 
            
            
            
            VULHUB: VHN-68267 // 
            
            
            
            BID: 65871 // 
            
            
            
            JVNDB: JVNDB-2014-001524 // 
            
            
            
            CNNVD: CNNVD-201402-480 // 
            
            
            
            NVD: CVE-2014-0774

CREDITS
0x7A240E67
Trust: 0.7
sources:
            
            
            ZDI: ZDI-14-054

SOURCES
db:IVDid:301bda5e-2352-11e6-abef-000c29c66e3d
db:ZDIid:ZDI-14-054
db:CNVDid:CNVD-2014-01433
db:VULHUBid:VHN-68267
db:BIDid:65871
db:JVNDBid:JVNDB-2014-001524
db:CNNVDid:CNNVD-201402-480
db:NVDid:CVE-2014-0774

LAST UPDATE DATE
2024-11-23T23:02:50.131000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-14-054date:2014-04-03T00:00:00
db:CNVDid:CNVD-2014-01433date:2014-03-05T00:00:00
db:VULHUBid:VHN-68267date:2015-10-16T00:00:00
db:BIDid:65871date:2014-08-01T00:02:00
db:JVNDBid:JVNDB-2014-001524date:2014-03-03T00:00:00
db:CNNVDid:CNNVD-201402-480date:2014-03-03T00:00:00
db:NVDid:CVE-2014-0774date:2024-11-21T02:02:47.127

SOURCES RELEASE DATE
db:IVDid:301bda5e-2352-11e6-abef-000c29c66e3ddate:2014-03-05T00:00:00
db:ZDIid:ZDI-14-054date:2014-04-03T00:00:00
db:CNVDid:CNVD-2014-01433date:2014-03-05T00:00:00
db:VULHUBid:VHN-68267date:2014-02-28T00:00:00
db:BIDid:65871date:2014-02-27T00:00:00
db:JVNDBid:JVNDB-2014-001524date:2014-03-03T00:00:00
db:CNNVDid:CNNVD-201402-480date:2014-02-28T00:00:00
db:NVDid:CVE-2014-0774date:2014-02-28T06:18:54.277