Details of VAR-201502-0244

ID

VAR-201502-0244

CVE

CVE-2014-9200

TITLE

plural Schneider Electric Product DTM Unspecified development kit DLL File stack-based buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-007827

DESCRIPTION

Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library 1.0.0 and earlier, EM X80 Gateway DTM (MB TCP/SL), Advantys DTM for OTB, Advantys DTM for STB, KINOS DTM, SOLO DTM, and Xantrex DTMs allows remote attackers to execute arbitrary code via unspecified vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric SoMove Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the IsObjectModel.ModelObject.1 ActiveX control in isObjectModel.dll. The control does not check the length of an attacker-supplied string in the RemoveParameter method before copying it into a fixed length buffer on the stack. This allows an attacker to execute arbitrary code in the context of the browser process. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Failed exploit attempts will result in a denial-of-service condition. Schneider Electric Unity Pro, etc. are all products of French Schneider Electric (Schneider Electric). Schneider Electric Unity Pro is a set of development software for testing, debugging and managing applications; SoMachine is a set of original equipment manufacturer (OEM) automation platform integrated with Vijeo-Designer (human machine interface HMI development software); SoMove is a Installation software for motor control equipment

Trust: 3.33

sources: NVD: CVE-2014-9200 // JVNDB: JVNDB-2014-007827 // ZDI: ZDI-15-040 // CNVD: CNVD-2015-00775 // BID: 72335 // IVD: a52677d8-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-77145

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: a52677d8-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-00775

AFFECTED PRODUCTS

vendor:	schneider electric	model:	somachine	scope:	eq	version:	-	Trust: 1.6
vendor:	schneider electric	model:	somove lite	scope:	eq	version:	-	Trust: 1.6
vendor:	schneider electric	model:	unity pro	scope:	eq	version:	-	Trust: 1.6
vendor:	schneider electric	model:	somove	scope:	eq	version:	-	Trust: 1.6
vendor:	schneider electric	model:	somove lite	scope:	-	version:	-	Trust: 1.5
vendor:	schneider electric	model:	somachine	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	somove	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	unity pro	scope:	-	version:	-	Trust: 0.8
vendor:	schneider	model:	electric unity pro	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric somachine	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric somove lite	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric somove	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric modbus communication library	scope:	lte	version:	<=2.2.6	Trust: 0.6
vendor:	schneider	model:	electric canopen communication library	scope:	lte	version:	<=1.0.2	Trust: 0.6
vendor:	schneider	model:	electric ethernet/ip communication librar	scope:	lte	version:	<=1.0.0	Trust: 0.6
vendor:	schneider	model:	electric xantrex dtms	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric solo dtm	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric advantys dtms	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric em gateway dtm	scope:	eq	version:	x80	Trust: 0.6
vendor:	somachine	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	somove	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	somove lite	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	unity pro	model:	-	scope:	eq	version:	-	Trust: 0.2

sources: IVD: a52677d8-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-15-040 // CNVD: CNVD-2015-00775 // JVNDB: JVNDB-2014-007827 // CNNVD: CNNVD-201502-005 // NVD: CVE-2014-9200

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-9200
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-9200
value:	HIGH
Trust: 0.8
ZDI:	CVE-2014-9200
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2015-00775
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201502-005
value:	HIGH
Trust: 0.6
IVD:	a52677d8-2351-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2
VULHUB:	VHN-77145
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-9200
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 2.5
CNVD:	CNVD-2015-00775
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	a52677d8-2351-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-77145
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: a52677d8-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-15-040 // CNVD: CNVD-2015-00775 // VULHUB: VHN-77145 // JVNDB: JVNDB-2014-007827 // CNNVD: CNNVD-201502-005 // NVD: CVE-2014-9200

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-77145 // JVNDB: JVNDB-2014-007827 // NVD: CVE-2014-9200

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201502-005

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: a52677d8-2351-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201502-005

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-007827

PATCH

title:	SEVD-2015-009-01	url:	http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-009-01	Trust: 0.8
title:	Schneider Electric has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-15-027-02	Trust: 0.7
title:	Patch for multiple Schneider Electric product stack buffer overflow vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/54843	Trust: 0.6
title:	FDT1 DLL Removal Patch	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53580	Trust: 0.6

sources: ZDI: ZDI-15-040 // CNVD: CNVD-2015-00775 // JVNDB: JVNDB-2014-007827 // CNNVD: CNNVD-201502-005

EXTERNAL IDS

db:	NVD	id:	CVE-2014-9200	Trust: 4.3
db:	ICS CERT	id:	ICSA-15-027-02	Trust: 3.1
db:	BID	id:	72335	Trust: 2.0
db:	SCHNEIDER	id:	SEVD-2015-009-01	Trust: 1.7
db:	CNNVD	id:	CNNVD-201502-005	Trust: 0.9
db:	CNVD	id:	CNVD-2015-00775	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-007827	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-2478	Trust: 0.7
db:	ZDI	id:	ZDI-15-040	Trust: 0.7
db:	IVD	id:	A52677D8-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-77145	Trust: 0.1

sources: IVD: a52677d8-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-15-040 // CNVD: CNVD-2015-00775 // VULHUB: VHN-77145 // BID: 72335 // JVNDB: JVNDB-2014-007827 // CNNVD: CNNVD-201502-005 // NVD: CVE-2014-9200

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-15-027-02	Trust: 3.8
url:	http://www.securityfocus.com/bid/72335	Trust: 1.7
url:	http://download.schneider-electric.com/files?p_doc_ref=sevd-2015-009-01	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9200	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9200	Trust: 0.8
url:	http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true	Trust: 0.3

sources: ZDI: ZDI-15-040 // CNVD: CNVD-2015-00775 // VULHUB: VHN-77145 // BID: 72335 // JVNDB: JVNDB-2014-007827 // CNNVD: CNNVD-201502-005 // NVD: CVE-2014-9200

CREDITS

Ariele Caltabiano (kimiya)

Trust: 1.0

sources: ZDI: ZDI-15-040 // BID: 72335

SOURCES

db:	IVD	id:	a52677d8-2351-11e6-abef-000c29c66e3d
db:	ZDI	id:	ZDI-15-040
db:	CNVD	id:	CNVD-2015-00775
db:	VULHUB	id:	VHN-77145
db:	BID	id:	72335
db:	JVNDB	id:	JVNDB-2014-007827
db:	CNNVD	id:	CNNVD-201502-005
db:	NVD	id:	CVE-2014-9200

LAST UPDATE DATE

2024-11-23T22:49:23.948000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-15-040	date:	2015-02-10T00:00:00
db:	CNVD	id:	CNVD-2015-00775	date:	2015-02-02T00:00:00
db:	VULHUB	id:	VHN-77145	date:	2016-12-31T00:00:00
db:	BID	id:	72335	date:	2015-07-15T00:14:00
db:	JVNDB	id:	JVNDB-2014-007827	date:	2015-02-13T00:00:00
db:	CNNVD	id:	CNNVD-201502-005	date:	2015-02-02T00:00:00
db:	NVD	id:	CVE-2014-9200	date:	2024-11-21T02:20:23.350

SOURCES RELEASE DATE

db:	IVD	id:	a52677d8-2351-11e6-abef-000c29c66e3d	date:	2015-02-02T00:00:00
db:	ZDI	id:	ZDI-15-040	date:	2015-02-10T00:00:00
db:	CNVD	id:	CNVD-2015-00775	date:	2015-01-30T00:00:00
db:	VULHUB	id:	VHN-77145	date:	2015-02-01T00:00:00
db:	BID	id:	72335	date:	2015-01-09T00:00:00
db:	JVNDB	id:	JVNDB-2014-007827	date:	2015-02-13T00:00:00
db:	CNNVD	id:	CNNVD-201502-005	date:	2015-02-02T00:00:00
db:	NVD	id:	CVE-2014-9200	date:	2015-02-01T15:59:06.197