Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9190

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2014-9190
Last Modified 12 Jan 2015 04:34:14
Published 09 Jan 2015 09:59:33
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-9190

Summary

Stack-based buffer overflow in Schneider Electric Wonderware InTouch Access Anywhere Server 10.6 and 11.0 allows remote attackers to execute arbitrary code via a request for a filename that does not exist.

Vulnerable Systems

Application

  • Schneider-electric Wonderware Intouch Access Anywhere Server 10.6

  • Schneider-electric Wonderware Intouch Access Anywhere Server 11.0


References

MISC - https://ics-cert.us-cert.gov/advisories/ICSA-15-008-02

CONFIRM - https://wdnresource.wonderware.com/support/docs/_SecurityBulletins/Security_Bulletin_LFSEC00000104.pdf


Last Updated: 27 May 2016 11:07:29