Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0779

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2014-0779
Last Modified 14 Mar 2014 01:37:49
Published 14 Mar 2014 06:55:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-0779

Summary

The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file).

Vulnerable Systems

Application

  • Schneider-electric Clearscada 2010

  • Schneider-electric Scada Expert Clearscada 2013


References

MISC - http://ics-cert.us-cert.gov/advisories/ICSA-14-072-01

CONFIRM - http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01


Last Updated: 27 May 2016 11:04:40