Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9206

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2014-9206
Last Modified 16 Mar 2015 10:01:18
Published 13 Mar 2015 09:59:06
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2014-9206

Summary

Stack-based buffer overflow in Device Type Manager (DTM) 3.1.6 and earlier for Schneider Electric Invensys SRD Control Valve Positioner devices 960 and 991 allows local users to gain privileges via a malformed DLL file.

Vulnerable Systems

Application

  • Schneider-electric Device Type Manager 3.1.6


References

MISC - https://ics-cert.us-cert.gov/advisories/ICSA-15-055-03

CONFIRM - http://download.schneider-electric.com/files?p_File_Id=740491624&p_File_Name=SEVD-2015-050-01.pdf

CONFIRM - http://download.schneider-electric.com/files?p_File_Id=745435959&p_File_Name=SEVD-2015-050-01.pdf


Last Updated: 27 May 2016 11:08:05