Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0774

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2014-0774
Last Modified 03 Jun 2015 09:59:46
Published 28 Feb 2014 01:18:54
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2014-0774

Summary

Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file.

Vulnerable Systems

Application

  • Schneider-electric Ofs Test Client Tlxcdlfofs33 3.35

  • Schneider-electric Ofs Test Client Tlxcdltofs33 3.35

  • Schneider-electric Ofs Test Client Tlxcdluofs33 3.35

  • Schneider-electric Ofs Test Client Tlxcdstofs33 3.35

  • Schneider-electric Ofs Test Client Tlxcdsuofs33 3.35

  • Schneider-electric Opc Factory Server 3.35


References

MISC - http://ics-cert.us-cert.gov/advisories/ICSA-14-058-02

CONFIRM - http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01

BID - 65871


Last Updated: 27 May 2016 10:56:46