Vulnerabilites related to Schneider Electric - SoMachine
var-201502-0244
Vulnerability from variot
Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library 1.0.0 and earlier, EM X80 Gateway DTM (MB TCP/SL), Advantys DTM for OTB, Advantys DTM for STB, KINOS DTM, SOLO DTM, and Xantrex DTMs allows remote attackers to execute arbitrary code via unspecified vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric SoMove Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the IsObjectModel.ModelObject.1 ActiveX control in isObjectModel.dll. The control does not check the length of an attacker-supplied string in the RemoveParameter method before copying it into a fixed length buffer on the stack. This allows an attacker to execute arbitrary code in the context of the browser process. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Failed exploit attempts will result in a denial-of-service condition. Schneider Electric Unity Pro, etc. are all products of French Schneider Electric (Schneider Electric). Schneider Electric Unity Pro is a set of development software for testing, debugging and managing applications; SoMachine is a set of original equipment manufacturer (OEM) automation platform integrated with Vijeo-Designer (human machine interface HMI development software); SoMove is a Installation software for motor control equipment
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201502-0244",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "somachine",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "somove lite",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "unity pro",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "somove",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "somove lite",
"scope": null,
"trust": 1.5,
"vendor": "schneider electric",
"version": null
},
{
"model": "somachine",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "somove",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "unity pro",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric unity pro",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric somachine",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric somove lite",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric somove",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modbus communication library",
"scope": "lte",
"trust": 0.6,
"vendor": "schneider",
"version": "\u003c=2.2.6"
},
{
"model": "electric canopen communication library",
"scope": "lte",
"trust": 0.6,
"vendor": "schneider",
"version": "\u003c=1.0.2"
},
{
"model": "electric ethernet/ip communication librar",
"scope": "lte",
"trust": 0.6,
"vendor": "schneider",
"version": "\u003c=1.0.0"
},
{
"model": "electric xantrex dtms",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric solo dtm",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric advantys dtms",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric em gateway dtm",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "x80"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "somachine",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "somove",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "somove lite",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "unity pro",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "a52677d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-040"
},
{
"db": "CNVD",
"id": "CNVD-2015-00775"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007827"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-005"
},
{
"db": "NVD",
"id": "CVE-2014-9200"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:somachine",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:somove",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:somove_lite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:unity_pro",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007827"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ariele Caltabiano (kimiya)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-040"
},
{
"db": "BID",
"id": "72335"
}
],
"trust": 1.0
},
"cve": "CVE-2014-9200",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-9200",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 2.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-00775",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "a52677d8-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-77145",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-9200",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-9200",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2014-9200",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-00775",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201502-005",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "a52677d8-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-77145",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a52677d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-040"
},
{
"db": "CNVD",
"id": "CNVD-2015-00775"
},
{
"db": "VULHUB",
"id": "VHN-77145"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007827"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-005"
},
{
"db": "NVD",
"id": "CVE-2014-9200"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library 1.0.0 and earlier, EM X80 Gateway DTM (MB TCP/SL), Advantys DTM for OTB, Advantys DTM for STB, KINOS DTM, SOLO DTM, and Xantrex DTMs allows remote attackers to execute arbitrary code via unspecified vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric SoMove Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the IsObjectModel.ModelObject.1 ActiveX control in isObjectModel.dll. The control does not check the length of an attacker-supplied string in the RemoveParameter method before copying it into a fixed length buffer on the stack. This allows an attacker to execute arbitrary code in the context of the browser process. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Failed exploit attempts will result in a denial-of-service condition. Schneider Electric Unity Pro, etc. are all products of French Schneider Electric (Schneider Electric). Schneider Electric Unity Pro is a set of development software for testing, debugging and managing applications; SoMachine is a set of original equipment manufacturer (OEM) automation platform integrated with Vijeo-Designer (human machine interface HMI development software); SoMove is a Installation software for motor control equipment",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9200"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007827"
},
{
"db": "ZDI",
"id": "ZDI-15-040"
},
{
"db": "CNVD",
"id": "CNVD-2015-00775"
},
{
"db": "BID",
"id": "72335"
},
{
"db": "IVD",
"id": "a52677d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-77145"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-9200",
"trust": 4.3
},
{
"db": "ICS CERT",
"id": "ICSA-15-027-02",
"trust": 3.1
},
{
"db": "BID",
"id": "72335",
"trust": 2.0
},
{
"db": "SCHNEIDER",
"id": "SEVD-2015-009-01",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201502-005",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-00775",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007827",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2478",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-15-040",
"trust": 0.7
},
{
"db": "IVD",
"id": "A52677D8-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-77145",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "a52677d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-040"
},
{
"db": "CNVD",
"id": "CNVD-2015-00775"
},
{
"db": "VULHUB",
"id": "VHN-77145"
},
{
"db": "BID",
"id": "72335"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007827"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-005"
},
{
"db": "NVD",
"id": "CVE-2014-9200"
}
]
},
"id": "VAR-201502-0244",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a52677d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00775"
},
{
"db": "VULHUB",
"id": "VHN-77145"
}
],
"trust": 1.84333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "a52677d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00775"
}
]
},
"last_update_date": "2024-11-23T22:49:23.948000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2015-009-01",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-009-01"
},
{
"title": "Schneider Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-027-02"
},
{
"title": "Patch for multiple Schneider Electric product stack buffer overflow vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/54843"
},
{
"title": "FDT1 DLL Removal Patch",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53580"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-040"
},
{
"db": "CNVD",
"id": "CNVD-2015-00775"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007827"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-005"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77145"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007827"
},
{
"db": "NVD",
"id": "CVE-2014-9200"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-027-02"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/72335"
},
{
"trust": 1.7,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd-2015-009-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9200"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9200"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-040"
},
{
"db": "CNVD",
"id": "CNVD-2015-00775"
},
{
"db": "VULHUB",
"id": "VHN-77145"
},
{
"db": "BID",
"id": "72335"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007827"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-005"
},
{
"db": "NVD",
"id": "CVE-2014-9200"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a52677d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-040"
},
{
"db": "CNVD",
"id": "CNVD-2015-00775"
},
{
"db": "VULHUB",
"id": "VHN-77145"
},
{
"db": "BID",
"id": "72335"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007827"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-005"
},
{
"db": "NVD",
"id": "CVE-2014-9200"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-02T00:00:00",
"db": "IVD",
"id": "a52677d8-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-02-10T00:00:00",
"db": "ZDI",
"id": "ZDI-15-040"
},
{
"date": "2015-01-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00775"
},
{
"date": "2015-02-01T00:00:00",
"db": "VULHUB",
"id": "VHN-77145"
},
{
"date": "2015-01-09T00:00:00",
"db": "BID",
"id": "72335"
},
{
"date": "2015-02-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007827"
},
{
"date": "2015-02-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-005"
},
{
"date": "2015-02-01T15:59:06.197000",
"db": "NVD",
"id": "CVE-2014-9200"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-10T00:00:00",
"db": "ZDI",
"id": "ZDI-15-040"
},
{
"date": "2015-02-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00775"
},
{
"date": "2016-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-77145"
},
{
"date": "2015-07-15T00:14:00",
"db": "BID",
"id": "72335"
},
{
"date": "2015-02-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007827"
},
{
"date": "2015-02-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-005"
},
{
"date": "2024-11-21T02:20:23.350000",
"db": "NVD",
"id": "CVE-2014-9200"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-005"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Schneider Electric Product DTM Unspecified development kit DLL File stack-based buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007827"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "a52677d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-005"
}
],
"trust": 0.8
}
}
var-201704-1421
Vulnerability from variot
Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML file is AES-CBC encrypted; however, the key used for encryption (SoMachineBasicSoMachineBasicSoMa) cannot be changed. After decrypting the XML file with this key, the user password can be found in the decrypted data. After reading the user password, the project can be opened and modified with the Schneider product. Schneider Electric SoMachine Basic and Modicon Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. The former is a programming and debugging interface for all components on the control platform; the latter is a programmable controller. An attacker could exploit the vulnerability to open and modify protected project files with Schneider's products. A remote attacker may leverage this issue to gain root access to the affected system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-1421",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon tm221ce16r",
"scope": "eq",
"trust": 1.9,
"vendor": "schneider electric",
"version": "1.3.3.3"
},
{
"model": "somachine",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "1.4"
},
{
"model": "modicon tm221ce16r",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "somachine",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "basic software"
},
{
"model": "electric modicon tm221ce16r",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "1.3.3.3"
},
{
"model": "electric somachine basic sp1",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "1.4"
},
{
"model": "somachine basic",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.5"
},
{
"model": "somachine basic sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.4"
},
{
"model": "modicon m221",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.5.0.1"
},
{
"model": "modicon m221",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.5.0.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon tm221ce16r",
"version": "1.3.3.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "somachine",
"version": "1.4"
}
],
"sources": [
{
"db": "IVD",
"id": "baed19f0-f146-47b4-be70-37b627575985"
},
{
"db": "CNVD",
"id": "CNVD-2017-05014"
},
{
"db": "BID",
"id": "97518"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003056"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-273"
},
{
"db": "NVD",
"id": "CVE-2017-7574"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_tm221ce16r_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:somachine",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003056"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Simon Heming, Maik Br\u00fcggemann, Hendrik Schwartke, Ralf Spenneberg.",
"sources": [
{
"db": "BID",
"id": "97518"
}
],
"trust": 0.3
},
"cve": "CVE-2017-7574",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-7574",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-05014",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "baed19f0-f146-47b4-be70-37b627575985",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-115777",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-7574",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-7574",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-7574",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-7574",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-05014",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-273",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "baed19f0-f146-47b4-be70-37b627575985",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-115777",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-7574",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "baed19f0-f146-47b4-be70-37b627575985"
},
{
"db": "CNVD",
"id": "CNVD-2017-05014"
},
{
"db": "VULHUB",
"id": "VHN-115777"
},
{
"db": "VULMON",
"id": "CVE-2017-7574"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003056"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-273"
},
{
"db": "NVD",
"id": "CVE-2017-7574"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML file is AES-CBC encrypted; however, the key used for encryption (SoMachineBasicSoMachineBasicSoMa) cannot be changed. After decrypting the XML file with this key, the user password can be found in the decrypted data. After reading the user password, the project can be opened and modified with the Schneider product. Schneider Electric SoMachine Basic and Modicon Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. The former is a programming and debugging interface for all components on the control platform; the latter is a programmable controller. An attacker could exploit the vulnerability to open and modify protected project files with Schneider\u0027s products. \nA remote attacker may leverage this issue to gain root access to the affected system",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7574"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003056"
},
{
"db": "CNVD",
"id": "CNVD-2017-05014"
},
{
"db": "BID",
"id": "97518"
},
{
"db": "IVD",
"id": "baed19f0-f146-47b4-be70-37b627575985"
},
{
"db": "VULHUB",
"id": "VHN-115777"
},
{
"db": "VULMON",
"id": "CVE-2017-7574"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-7574",
"trust": 3.7
},
{
"db": "BID",
"id": "97518",
"trust": 3.5
},
{
"db": "SCHNEIDER",
"id": "SEVD-2017-097-01",
"trust": 1.8
},
{
"db": "ICS CERT",
"id": "ICSA-17-103-02",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201704-273",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-05014",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003056",
"trust": 0.8
},
{
"db": "IVD",
"id": "BAED19F0-F146-47B4-BE70-37B627575985",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-115777",
"trust": 0.1
},
{
"db": "ICS CERT",
"id": "ICSA-17-103-02A",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-7574",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "baed19f0-f146-47b4-be70-37b627575985"
},
{
"db": "CNVD",
"id": "CNVD-2017-05014"
},
{
"db": "VULHUB",
"id": "VHN-115777"
},
{
"db": "VULMON",
"id": "CVE-2017-7574"
},
{
"db": "BID",
"id": "97518"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003056"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-273"
},
{
"db": "NVD",
"id": "CVE-2017-7574"
}
]
},
"id": "VAR-201704-1421",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "baed19f0-f146-47b4-be70-37b627575985"
},
{
"db": "CNVD",
"id": "CNVD-2017-05014"
},
{
"db": "VULHUB",
"id": "VHN-115777"
}
],
"trust": 1.8444444333333334
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "baed19f0-f146-47b4-be70-37b627575985"
},
{
"db": "CNVD",
"id": "CNVD-2017-05014"
}
]
},
"last_update_date": "2024-11-23T22:01:10.532000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2017-097-01",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-097-01"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003056"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115777"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003056"
},
{
"db": "NVD",
"id": "CVE-2017-7574"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://os-s.net/advisories/oss-2017-02.pdf"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/97518"
},
{
"trust": 1.8,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd-2017-097-01"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-103-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7574"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7574"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/97518/info"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-103-02a"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05014"
},
{
"db": "VULHUB",
"id": "VHN-115777"
},
{
"db": "VULMON",
"id": "CVE-2017-7574"
},
{
"db": "BID",
"id": "97518"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003056"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-273"
},
{
"db": "NVD",
"id": "CVE-2017-7574"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "baed19f0-f146-47b4-be70-37b627575985"
},
{
"db": "CNVD",
"id": "CNVD-2017-05014"
},
{
"db": "VULHUB",
"id": "VHN-115777"
},
{
"db": "VULMON",
"id": "CVE-2017-7574"
},
{
"db": "BID",
"id": "97518"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003056"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-273"
},
{
"db": "NVD",
"id": "CVE-2017-7574"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-22T00:00:00",
"db": "IVD",
"id": "baed19f0-f146-47b4-be70-37b627575985"
},
{
"date": "2017-04-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-05014"
},
{
"date": "2017-04-06T00:00:00",
"db": "VULHUB",
"id": "VHN-115777"
},
{
"date": "2017-04-06T00:00:00",
"db": "VULMON",
"id": "CVE-2017-7574"
},
{
"date": "2017-04-06T00:00:00",
"db": "BID",
"id": "97518"
},
{
"date": "2017-05-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003056"
},
{
"date": "2017-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-273"
},
{
"date": "2017-04-06T21:59:00.307000",
"db": "NVD",
"id": "CVE-2017-7574"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-05014"
},
{
"date": "2017-04-15T00:00:00",
"db": "VULHUB",
"id": "VHN-115777"
},
{
"date": "2021-08-23T00:00:00",
"db": "VULMON",
"id": "CVE-2017-7574"
},
{
"date": "2017-04-18T01:06:00",
"db": "BID",
"id": "97518"
},
{
"date": "2017-05-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003056"
},
{
"date": "2021-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-273"
},
{
"date": "2024-11-21T03:32:11.727000",
"db": "NVD",
"id": "CVE-2017-7574"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-273"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric SoMachine Basic and Modicon Vulnerabilities related to the use of hard-coded credentials",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003056"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-273"
}
],
"trust": 0.6
}
}
var-202004-1858
Vulnerability from variot
A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which could leak sensitive information transmitted between the software and the Modicon M218, M241, M251, and M258 controllers. Schneider Electric Modicon M218 Logic Controller, etc. are all programmable logic controllers of French Schneider Electric (Schneider Electric) company.
There are security vulnerabilities in many Schneider Electric products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1858",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "somachine",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "somachine motion",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "ecostruxure machine expert",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m251",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m258",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m218",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m241",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "ecostruxure machine expert",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m218",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m241",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m251",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m258",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "somachine",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "somachine motion",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m218",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m251",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m241",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m258",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25704"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004650"
},
{
"db": "NVD",
"id": "CVE-2020-7488"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:ecostruxure_machine_expert",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_M218_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m241_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m251_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m258_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:somachine",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:somachine_motion",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004650"
}
]
},
"cve": "CVE-2020-7488",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-7488",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-004650",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-25704",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-185613",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-7488",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-004650",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-7488",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-004650",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-25704",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-1945",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-185613",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25704"
},
{
"db": "VULHUB",
"id": "VHN-185613"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004650"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1945"
},
{
"db": "NVD",
"id": "CVE-2020-7488"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which could leak sensitive information transmitted between the software and the Modicon M218, M241, M251, and M258 controllers. Schneider Electric Modicon M218 Logic Controller, etc. are all programmable logic controllers of French Schneider Electric (Schneider Electric) company. \n\r\n\r\nThere are security vulnerabilities in many Schneider Electric products",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-7488"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004650"
},
{
"db": "CNVD",
"id": "CNVD-2021-25704"
},
{
"db": "VULHUB",
"id": "VHN-185613"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-7488",
"trust": 3.1
},
{
"db": "SCHNEIDER",
"id": "SEVD-2020-105-02",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004650",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1945",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-25704",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-185613",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25704"
},
{
"db": "VULHUB",
"id": "VHN-185613"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004650"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1945"
},
{
"db": "NVD",
"id": "CVE-2020-7488"
}
]
},
"id": "VAR-202004-1858",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25704"
},
{
"db": "VULHUB",
"id": "VHN-185613"
}
],
"trust": 1.69675325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25704"
}
]
},
"last_update_date": "2024-11-23T22:21:12.174000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2020-105-02",
"trust": 0.8,
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-105-02/"
},
{
"title": "Patch for Unidentified vulnerabilities exist in many Schneider Electric products (CNVD-2021-25704)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/256501"
},
{
"title": "Multiple Schneider Electric Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117009"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25704"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004650"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1945"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-185613"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004650"
},
{
"db": "NVD",
"id": "CVE-2020-7488"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7488"
},
{
"trust": 1.7,
"url": "https://www.se.com/ww/en/download/document/sevd-2020-105-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7488"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25704"
},
{
"db": "VULHUB",
"id": "VHN-185613"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004650"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1945"
},
{
"db": "NVD",
"id": "CVE-2020-7488"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-25704"
},
{
"db": "VULHUB",
"id": "VHN-185613"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004650"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1945"
},
{
"db": "NVD",
"id": "CVE-2020-7488"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-25704"
},
{
"date": "2020-04-22T00:00:00",
"db": "VULHUB",
"id": "VHN-185613"
},
{
"date": "2020-05-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004650"
},
{
"date": "2020-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1945"
},
{
"date": "2020-04-22T19:15:11.717000",
"db": "NVD",
"id": "CVE-2020-7488"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-25704"
},
{
"date": "2022-02-03T00:00:00",
"db": "VULHUB",
"id": "VHN-185613"
},
{
"date": "2020-05-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004650"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1945"
},
{
"date": "2024-11-21T05:37:14.697000",
"db": "NVD",
"id": "CVE-2020-7488"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1945"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Modicon Vulnerability in plaintext transmission of critical information in controller",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004650"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1945"
}
],
"trust": 0.6
}
}
var-201404-0081
Vulnerability from variot
Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. The Modbus Serial driver used by many Schneider Electric products monitors the TCP 27700 port. Successful exploitation of vulnerabilities can execute arbitrary code in the context of an application. Multiple Schneider Electric Products are prone to a remote buffer-overflow vulnerability because it fails to properly validate user-supplied input. Failed exploit attempts will result in a denial-of-service condition. The following products are vulnerable: TwidoSuite 2.31.04 and prior PowerSuite 2.6 and prior SoMove 1.7 and prior SoMachine 2.0, 3.0, 3.1, and 3.0 XS Unity Pro 7.0 and prior UnityLoader 2.3 and prior Concept 2.6 SR7 and prior ModbusCommDTM sl 2.1.2 and prior PL7 4.5 SP5 and prior SFT2841 14, 13.1 and prior OPC Factory Server 3.50 and prior
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201404-0081",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "somachine",
"scope": "eq",
"trust": 2.8,
"vendor": "schneider electric",
"version": "3.0"
},
{
"model": "modbuscommdtm sl",
"scope": "lte",
"trust": 1.8,
"vendor": "schneider electric",
"version": "2.1.2"
},
{
"model": "powersuite",
"scope": "lte",
"trust": 1.8,
"vendor": "schneider electric",
"version": "2.6"
},
{
"model": "somachine",
"scope": "eq",
"trust": 1.8,
"vendor": "schneider electric",
"version": "2.0"
},
{
"model": "somove",
"scope": "lte",
"trust": 1.8,
"vendor": "schneider electric",
"version": "1.7"
},
{
"model": "twidosuite",
"scope": "lte",
"trust": 1.8,
"vendor": "schneider electric",
"version": "2.31.04"
},
{
"model": "unity pro",
"scope": "lte",
"trust": 1.8,
"vendor": "schneider electric",
"version": "7.0"
},
{
"model": "sft2841",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "13.1"
},
{
"model": "modbus serial driver",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "2.2"
},
{
"model": "opc factory server",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "3.35"
},
{
"model": "modbus serial driver",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "1.10"
},
{
"model": "modbus serial driver",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "3.2"
},
{
"model": "opc factory server",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "3.34"
},
{
"model": "concept",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.6"
},
{
"model": "somachine",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.1"
},
{
"model": "opc factory server",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.5.0"
},
{
"model": "sft2841",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "14.0"
},
{
"model": "pl7",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "4.5"
},
{
"model": "unityloader",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.3"
},
{
"model": "unity pro",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "6.0"
},
{
"model": "concept",
"scope": "lte",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2.6 sr7"
},
{
"model": "modbus serial driver",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "1.10 to 3.2"
},
{
"model": "opc factory server",
"scope": "lte",
"trust": 0.8,
"vendor": "schneider electric",
"version": "3.40"
},
{
"model": "pl7",
"scope": "lte",
"trust": 0.8,
"vendor": "schneider electric",
"version": "4.5 sp5"
},
{
"model": "sft2841",
"scope": "lte",
"trust": 0.8,
"vendor": "schneider electric",
"version": "13.1"
},
{
"model": "sft2841",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "14"
},
{
"model": "somachine",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "3.0 xs"
},
{
"model": "somachine",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "3.1"
},
{
"model": "unity loader",
"scope": "lte",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2.3"
},
{
"model": "electric opc factory server",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "3.5"
},
{
"model": "electric tlxcdsuofs33",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "3.5"
},
{
"model": "electric tlxcdstofs33",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "3.5"
},
{
"model": "electric tlxcdluofs33",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "3.5"
},
{
"model": "electric tlxcdlfofs33",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "3.5"
},
{
"model": "opc factory server",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "3.5.0"
},
{
"model": "modbuscommdtm sl",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2.1.2"
},
{
"model": "sft2841",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "14.0"
},
{
"model": "pl7",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "4.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "somachine",
"version": "3.0"
},
{
"model": "electric unity pro",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider",
"version": "6.0"
},
{
"model": "electric unity pro",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider",
"version": "6"
},
{
"model": "electric opc factory server",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider",
"version": "3.34"
},
{
"model": "electric opc factory driver",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider",
"version": "3.34"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "concept",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modbus serial driver",
"version": "1.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modbus serial driver",
"version": "2.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modbus serial driver",
"version": "3.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modbuscommdtm sl",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "opc factory server",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "opc factory server",
"version": "3.34"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "opc factory server",
"version": "3.35"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pl7",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "powersuite",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sft2841",
"version": "13.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sft2841",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "somachine",
"version": "2.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "somachine",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "somove",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "twidosuite",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "unity pro",
"version": "6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "unity pro",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "unityloader",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "1cbd5cbc-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-02043"
},
{
"db": "BID",
"id": "66500"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006276"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-005"
},
{
"db": "NVD",
"id": "CVE-2013-0662"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:concept",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:modbus_serial_driver",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:modbuscommdtm_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:opc_factory_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:pl7",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:powersuite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:sft2841",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:somachine",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:somove",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:twidosuite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:unityloader",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:unity_pro",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006276"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This issue is reported by vendor.",
"sources": [
{
"db": "BID",
"id": "66500"
}
],
"trust": 0.3
},
"cve": "CVE-2013-0662",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2013-0662",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-02043",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "1cbd5cbc-2352-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-60664",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-0662",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-0662",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-02043",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201404-005",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "1cbd5cbc-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-60664",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "1cbd5cbc-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-02043"
},
{
"db": "VULHUB",
"id": "VHN-60664"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006276"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-005"
},
{
"db": "NVD",
"id": "CVE-2013-0662"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. The Modbus Serial driver used by many Schneider Electric products monitors the TCP 27700 port. Successful exploitation of vulnerabilities can execute arbitrary code in the context of an application. Multiple Schneider Electric Products are prone to a remote buffer-overflow vulnerability because it fails to properly validate user-supplied input. Failed exploit attempts will result in a denial-of-service condition. \nThe following products are vulnerable:\nTwidoSuite 2.31.04 and prior\nPowerSuite 2.6 and prior\nSoMove 1.7 and prior\nSoMachine 2.0, 3.0, 3.1, and 3.0 XS\nUnity Pro 7.0 and prior\nUnityLoader 2.3 and prior\nConcept 2.6 SR7 and prior\nModbusCommDTM sl 2.1.2 and prior\nPL7 4.5 SP5 and prior\nSFT2841 14, 13.1 and prior\nOPC Factory Server 3.50 and prior",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0662"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006276"
},
{
"db": "CNVD",
"id": "CNVD-2014-02043"
},
{
"db": "BID",
"id": "66500"
},
{
"db": "IVD",
"id": "1cbd5cbc-2352-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-60664"
}
],
"trust": 2.7
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-60664",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-60664"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-0662",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-14-086-01",
"trust": 3.1
},
{
"db": "BID",
"id": "66500",
"trust": 2.6
},
{
"db": "EXPLOIT-DB",
"id": "45219",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "45220",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201404-005",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-02043",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-14-086-01A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006276",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "105035",
"trust": 0.6
},
{
"db": "IVD",
"id": "1CBD5CBC-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "149000",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148995",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-60664",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "1cbd5cbc-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-02043"
},
{
"db": "VULHUB",
"id": "VHN-60664"
},
{
"db": "BID",
"id": "66500"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006276"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-005"
},
{
"db": "NVD",
"id": "CVE-2013-0662"
}
]
},
"id": "VAR-201404-0081",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "1cbd5cbc-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-02043"
},
{
"db": "VULHUB",
"id": "VHN-60664"
}
],
"trust": 1.7371212090909092
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "1cbd5cbc-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-02043"
}
]
},
"last_update_date": "2024-08-14T14:27:54.398000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD 2013-070-01",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202013-070-01"
},
{
"title": "Patch for Schneider Electric heap buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/44568"
},
{
"title": "Schneider Electric Modbus Serial Driver Repair measures for stack-based buffer error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=160424"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02043"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006276"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-005"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-60664"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006276"
},
{
"db": "NVD",
"id": "CVE-2013-0662"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-086-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/66500"
},
{
"trust": 1.7,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202013-070-01"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/45219/"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/45220/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0662"
},
{
"trust": 0.8,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-086-01a"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0662"
},
{
"trust": 0.6,
"url": "http://osvdb.com/show/osvdb/105035"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02043"
},
{
"db": "VULHUB",
"id": "VHN-60664"
},
{
"db": "BID",
"id": "66500"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006276"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-005"
},
{
"db": "NVD",
"id": "CVE-2013-0662"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "1cbd5cbc-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-02043"
},
{
"db": "VULHUB",
"id": "VHN-60664"
},
{
"db": "BID",
"id": "66500"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006276"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-005"
},
{
"db": "NVD",
"id": "CVE-2013-0662"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-01T00:00:00",
"db": "IVD",
"id": "1cbd5cbc-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2014-04-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-02043"
},
{
"date": "2014-04-01T00:00:00",
"db": "VULHUB",
"id": "VHN-60664"
},
{
"date": "2014-03-27T00:00:00",
"db": "BID",
"id": "66500"
},
{
"date": "2014-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006276"
},
{
"date": "2014-04-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-005"
},
{
"date": "2014-04-01T06:17:08.240000",
"db": "NVD",
"id": "CVE-2013-0662"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-02043"
},
{
"date": "2018-08-22T00:00:00",
"db": "VULHUB",
"id": "VHN-60664"
},
{
"date": "2015-03-19T09:42:00",
"db": "BID",
"id": "66500"
},
{
"date": "2014-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006276"
},
{
"date": "2022-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-005"
},
{
"date": "2022-02-03T13:57:57.017000",
"db": "NVD",
"id": "CVE-2013-0662"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201404-005"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Heap Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "1cbd5cbc-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-02043"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201404-005"
}
],
"trust": 0.6
}
}
var-201706-0650
Vulnerability from variot
A buffer overflow vulnerability exists in Programming Software executable AlTracePrint.exe, in Schneider Electric's SoMachine HVAC v2.1.0 for Modicon M171/M172 Controller. SoMachine HVAC is a PLC programming software. This vulnerability stems from a security vulnerability in the call to AlTracePrint.exe, which can be exploited by an attacker to cause a buffer overflow. Schneider Electric SoMachine HVAC is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Successful exploits may allow attackers to execute arbitrary code in context of the application. Failed exploits may result in denial-of-service conditions. Schneider Electric SoMachine HVAC 2.1.0 is vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0650",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "somachine hvac",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.1.0"
},
{
"model": "somachine",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "v2.1.0"
},
{
"model": "electric somachine hvac",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "2.1.0"
},
{
"model": "somachine",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2.1.0"
},
{
"model": "somachine hvac",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2.1"
},
{
"model": "somachine hvac",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "somachine hvac",
"version": "2.1.0"
}
],
"sources": [
{
"db": "IVD",
"id": "11b1075a-684e-41ec-9aa9-c1b9110102d1"
},
{
"db": "CNVD",
"id": "CNVD-2017-10357"
},
{
"db": "BID",
"id": "98449"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004756"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-903"
},
{
"db": "NVD",
"id": "CVE-2017-7965"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:somachine",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004756"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zhou Yu",
"sources": [
{
"db": "BID",
"id": "98449"
}
],
"trust": 0.3
},
"cve": "CVE-2017-7965",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2017-7965",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-10357",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "11b1075a-684e-41ec-9aa9-c1b9110102d1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-116168",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.3,
"id": "CVE-2017-7965",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-7965",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-7965",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-7965",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-10357",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-903",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "11b1075a-684e-41ec-9aa9-c1b9110102d1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-116168",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "11b1075a-684e-41ec-9aa9-c1b9110102d1"
},
{
"db": "CNVD",
"id": "CNVD-2017-10357"
},
{
"db": "VULHUB",
"id": "VHN-116168"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004756"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-903"
},
{
"db": "NVD",
"id": "CVE-2017-7965"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A buffer overflow vulnerability exists in Programming Software executable AlTracePrint.exe, in Schneider Electric\u0027s SoMachine HVAC v2.1.0 for Modicon M171/M172 Controller. SoMachine HVAC is a PLC programming software. This vulnerability stems from a security vulnerability in the call to AlTracePrint.exe, which can be exploited by an attacker to cause a buffer overflow. Schneider Electric SoMachine HVAC is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. \nSuccessful exploits may allow attackers to execute arbitrary code in context of the application. Failed exploits may result in denial-of-service conditions. \nSchneider Electric SoMachine HVAC 2.1.0 is vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7965"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004756"
},
{
"db": "CNVD",
"id": "CNVD-2017-10357"
},
{
"db": "BID",
"id": "98449"
},
{
"db": "IVD",
"id": "11b1075a-684e-41ec-9aa9-c1b9110102d1"
},
{
"db": "VULHUB",
"id": "VHN-116168"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-7965",
"trust": 3.6
},
{
"db": "BID",
"id": "98449",
"trust": 2.6
},
{
"db": "SCHNEIDER",
"id": "SEVD-2017-125-01",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201704-903",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-10357",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004756",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-17-136-02",
"trust": 0.3
},
{
"db": "IVD",
"id": "11B1075A-684E-41EC-9AA9-C1B9110102D1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-116168",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "11b1075a-684e-41ec-9aa9-c1b9110102d1"
},
{
"db": "CNVD",
"id": "CNVD-2017-10357"
},
{
"db": "VULHUB",
"id": "VHN-116168"
},
{
"db": "BID",
"id": "98449"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004756"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-903"
},
{
"db": "NVD",
"id": "CVE-2017-7965"
}
]
},
"id": "VAR-201706-0650",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "11b1075a-684e-41ec-9aa9-c1b9110102d1"
},
{
"db": "CNVD",
"id": "CNVD-2017-10357"
},
{
"db": "VULHUB",
"id": "VHN-116168"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "11b1075a-684e-41ec-9aa9-c1b9110102d1"
},
{
"db": "CNVD",
"id": "CNVD-2017-10357"
}
]
},
"last_update_date": "2024-11-23T22:34:37.099000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2017-125-01",
"trust": 0.8,
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-125-01/"
},
{
"title": "Schneider Electric SoMachine HVAC Stack Buffer Overflow Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/95693"
},
{
"title": "Schneider Electric Modicon M171/M172 Controller SoMachine HVAC Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100390"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10357"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004756"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-903"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116168"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004756"
},
{
"db": "NVD",
"id": "CVE-2017-7965"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/98449"
},
{
"trust": 2.0,
"url": "http://www.schneider-electric.com/en/download/document/sevd-2017-125-01/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7965"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7965"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-136-02"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10357"
},
{
"db": "VULHUB",
"id": "VHN-116168"
},
{
"db": "BID",
"id": "98449"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004756"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-903"
},
{
"db": "NVD",
"id": "CVE-2017-7965"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "11b1075a-684e-41ec-9aa9-c1b9110102d1"
},
{
"db": "CNVD",
"id": "CNVD-2017-10357"
},
{
"db": "VULHUB",
"id": "VHN-116168"
},
{
"db": "BID",
"id": "98449"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004756"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-903"
},
{
"db": "NVD",
"id": "CVE-2017-7965"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-20T00:00:00",
"db": "IVD",
"id": "11b1075a-684e-41ec-9aa9-c1b9110102d1"
},
{
"date": "2017-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-10357"
},
{
"date": "2017-06-07T00:00:00",
"db": "VULHUB",
"id": "VHN-116168"
},
{
"date": "2017-05-05T00:00:00",
"db": "BID",
"id": "98449"
},
{
"date": "2017-07-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004756"
},
{
"date": "2017-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-903"
},
{
"date": "2017-06-07T19:29:00.197000",
"db": "NVD",
"id": "CVE-2017-7965"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-10357"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-116168"
},
{
"date": "2017-05-23T16:26:00",
"db": "BID",
"id": "98449"
},
{
"date": "2017-07-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004756"
},
{
"date": "2021-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-903"
},
{
"date": "2024-11-21T03:33:03.640000",
"db": "NVD",
"id": "CVE-2017-7965"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "98449"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-903"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric SoMachine HVAC Stack Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "11b1075a-684e-41ec-9aa9-c1b9110102d1"
},
{
"db": "CNVD",
"id": "CNVD-2017-10357"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "11b1075a-684e-41ec-9aa9-c1b9110102d1"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-903"
}
],
"trust": 0.8
}
}
var-202012-0820
Vulnerability from variot
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion software (All versions), that could cause a buffer overflow when the length of a file transferred to the webserver is not verified. Modicon M258 firmware, SoMachine , SoMachine Motion The software contains a buffer error vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Schneider Electric Modicon M258 is a programmable automation controller produced by Schneider Electric in France
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-0820",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "somachine",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "somachine motion",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m258",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "5.0.4.11"
},
{
"model": "somachine motion",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m258",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "somachine",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014347"
},
{
"db": "NVD",
"id": "CVE-2020-28220"
}
]
},
"cve": "CVE-2020-28220",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"id": "CVE-2020-28220",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"id": "VHN-372755",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2020-28220",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-28220",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-28220",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-28220",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202012-936",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-372755",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-28220",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-372755"
},
{
"db": "VULMON",
"id": "CVE-2020-28220"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014347"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-936"
},
{
"db": "NVD",
"id": "CVE-2020-28220"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion software (All versions), that could cause a buffer overflow when the length of a file transferred to the webserver is not verified. Modicon M258 firmware, SoMachine , SoMachine Motion The software contains a buffer error vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Schneider Electric Modicon M258 is a programmable automation controller produced by Schneider Electric in France",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-28220"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014347"
},
{
"db": "VULHUB",
"id": "VHN-372755"
},
{
"db": "VULMON",
"id": "CVE-2020-28220"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-28220",
"trust": 2.6
},
{
"db": "SCHNEIDER",
"id": "SEVD-2020-343-09",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014347",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202012-936",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-372755",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-28220",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-372755"
},
{
"db": "VULMON",
"id": "CVE-2020-28220"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014347"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-936"
},
{
"db": "NVD",
"id": "CVE-2020-28220"
}
]
},
"id": "VAR-202012-0820",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-372755"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:58:05.905000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2020-343-09",
"trust": 0.8,
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-09/"
},
{
"title": "Schneider Electric Modicon M258 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=136599"
},
{
"title": "CVE-2020-28220",
"trust": 0.1,
"url": "https://github.com/AlAIAL90/CVE-2020-28220 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-28220"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014347"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-936"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.1
},
{
"problemtype": "Buffer error (CWE-119) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-372755"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014347"
},
{
"db": "NVD",
"id": "CVE-2020-28220"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.se.com/ww/en/download/document/sevd-2020-343-09/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28220"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://github.com/alaial90/cve-2020-28220"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-372755"
},
{
"db": "VULMON",
"id": "CVE-2020-28220"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014347"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-936"
},
{
"db": "NVD",
"id": "CVE-2020-28220"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-372755"
},
{
"db": "VULMON",
"id": "CVE-2020-28220"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014347"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-936"
},
{
"db": "NVD",
"id": "CVE-2020-28220"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-12-11T00:00:00",
"db": "VULHUB",
"id": "VHN-372755"
},
{
"date": "2020-12-11T00:00:00",
"db": "VULMON",
"id": "CVE-2020-28220"
},
{
"date": "2021-08-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-014347"
},
{
"date": "2020-12-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-936"
},
{
"date": "2020-12-11T01:15:11.940000",
"db": "NVD",
"id": "CVE-2020-28220"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-03T00:00:00",
"db": "VULHUB",
"id": "VHN-372755"
},
{
"date": "2021-08-26T00:00:00",
"db": "VULMON",
"id": "CVE-2020-28220"
},
{
"date": "2021-08-13T09:04:00",
"db": "JVNDB",
"id": "JVNDB-2020-014347"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-936"
},
{
"date": "2024-11-21T05:22:29.963000",
"db": "NVD",
"id": "CVE-2020-28220"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-936"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Schneider\u00a0Electric\u00a0 Buffer error vulnerability in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014347"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-936"
}
],
"trust": 0.6
}
}
var-202004-1857
Vulnerability from variot
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker to execute malicious code on the Modicon M218, M241, M251, and M258 controllers. plural Modicon The product contains vulnerabilities to inadequate validation of data reliability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Schneider Electric Modicon M218 Logic Controller, etc. are all programmable logic controllers of French Schneider Electric (Schneider Electric) company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1857",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "electric modicon m241",
"scope": null,
"trust": 1.2,
"vendor": "schneider",
"version": null
},
{
"model": "somachine",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "somachine motion",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "ecostruxure machine expert",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m251",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m258",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m218",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m241",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "ecostruxure machine expert",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m218",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m241",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m251",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m258",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "somachine",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "somachine motion",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m218",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m258",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25703"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004731"
},
{
"db": "NVD",
"id": "CVE-2020-7487"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:ecostruxure_machine_expert",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_M218_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m241_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m251_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m258_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:somachine",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:somachine_motion",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004731"
}
]
},
"cve": "CVE-2020-7487",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-7487",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-004731",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-25703",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-185612",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-7487",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-004731",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-7487",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-004731",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2021-25703",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-1944",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-185612",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25703"
},
{
"db": "VULHUB",
"id": "VHN-185612"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004731"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1944"
},
{
"db": "NVD",
"id": "CVE-2020-7487"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker to execute malicious code on the Modicon M218, M241, M251, and M258 controllers. plural Modicon The product contains vulnerabilities to inadequate validation of data reliability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Schneider Electric Modicon M218 Logic Controller, etc. are all programmable logic controllers of French Schneider Electric (Schneider Electric) company",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-7487"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004731"
},
{
"db": "CNVD",
"id": "CNVD-2021-25703"
},
{
"db": "VULHUB",
"id": "VHN-185612"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-7487",
"trust": 3.1
},
{
"db": "SCHNEIDER",
"id": "SEVD-2020-105-02",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004731",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-25703",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1944",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-185612",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25703"
},
{
"db": "VULHUB",
"id": "VHN-185612"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004731"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1944"
},
{
"db": "NVD",
"id": "CVE-2020-7487"
}
]
},
"id": "VAR-202004-1857",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25703"
},
{
"db": "VULHUB",
"id": "VHN-185612"
}
],
"trust": 1.69675325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25703"
}
]
},
"last_update_date": "2024-11-23T22:21:12.206000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2020-105-02",
"trust": 0.8,
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-105-02/"
},
{
"title": "Patch for Data forgery vulnerabilities in multiple Schneider Electric products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/256506"
},
{
"title": "Multiple Schneider Electric Product data falsification issues",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117008"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25703"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004731"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1944"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-345",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-185612"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004731"
},
{
"db": "NVD",
"id": "CVE-2020-7487"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7487"
},
{
"trust": 1.7,
"url": "https://www.se.com/ww/en/download/document/sevd-2020-105-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7487"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25703"
},
{
"db": "VULHUB",
"id": "VHN-185612"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004731"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1944"
},
{
"db": "NVD",
"id": "CVE-2020-7487"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-25703"
},
{
"db": "VULHUB",
"id": "VHN-185612"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004731"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1944"
},
{
"db": "NVD",
"id": "CVE-2020-7487"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-25703"
},
{
"date": "2020-04-22T00:00:00",
"db": "VULHUB",
"id": "VHN-185612"
},
{
"date": "2020-05-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004731"
},
{
"date": "2020-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1944"
},
{
"date": "2020-04-22T19:15:11.653000",
"db": "NVD",
"id": "CVE-2020-7487"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-25703"
},
{
"date": "2022-02-03T00:00:00",
"db": "VULHUB",
"id": "VHN-185612"
},
{
"date": "2020-05-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004731"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1944"
},
{
"date": "2024-11-21T05:37:14.580000",
"db": "NVD",
"id": "CVE-2020-7487"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1944"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Modicon Inadequate validation vulnerabilities for data reliability in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004731"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "data forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1944"
}
],
"trust": 0.6
}
}
var-201706-0651
Vulnerability from variot
A DLL Hijacking vulnerability in the programming software in Schneider Electric's SoMachine HVAC v2.1.0 allows a remote attacker to execute arbitrary code on the targeted system. The vulnerability exists due to the improper loading of a DLL. SoMachine HVAC is a PLC programming software
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0651",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "somachine",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "2.1.0"
},
{
"model": "somachine",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "hvac 2.1.0"
},
{
"model": "electric somachine hvac",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "2.1.0"
},
{
"model": "somachine hvac",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2.1"
},
{
"model": "somachine hvac",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "somachine",
"version": "2.1.0"
}
],
"sources": [
{
"db": "IVD",
"id": "d24e5bf7-8f13-41cd-9ff1-9b9f830fd317"
},
{
"db": "CNVD",
"id": "CNVD-2017-10359"
},
{
"db": "BID",
"id": "98446"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004715"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-902"
},
{
"db": "NVD",
"id": "CVE-2017-7966"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:somachine",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004715"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Himanshu Mehta",
"sources": [
{
"db": "BID",
"id": "98446"
}
],
"trust": 0.3
},
"cve": "CVE-2017-7966",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-7966",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-10359",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "d24e5bf7-8f13-41cd-9ff1-9b9f830fd317",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-116169",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-7966",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-7966",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-7966",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-10359",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-902",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "d24e5bf7-8f13-41cd-9ff1-9b9f830fd317",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-116169",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "d24e5bf7-8f13-41cd-9ff1-9b9f830fd317"
},
{
"db": "CNVD",
"id": "CNVD-2017-10359"
},
{
"db": "VULHUB",
"id": "VHN-116169"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004715"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-902"
},
{
"db": "NVD",
"id": "CVE-2017-7966"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A DLL Hijacking vulnerability in the programming software in Schneider Electric\u0027s SoMachine HVAC v2.1.0 allows a remote attacker to execute arbitrary code on the targeted system. The vulnerability exists due to the improper loading of a DLL. SoMachine HVAC is a PLC programming software",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7966"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004715"
},
{
"db": "CNVD",
"id": "CNVD-2017-10359"
},
{
"db": "BID",
"id": "98446"
},
{
"db": "IVD",
"id": "d24e5bf7-8f13-41cd-9ff1-9b9f830fd317"
},
{
"db": "VULHUB",
"id": "VHN-116169"
}
],
"trust": 2.7
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-116169",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116169"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-7966",
"trust": 3.6
},
{
"db": "BID",
"id": "98446",
"trust": 2.6
},
{
"db": "SCHNEIDER",
"id": "SEVD-2017-125-02",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201704-902",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-10359",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004715",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-17-136-02",
"trust": 0.3
},
{
"db": "IVD",
"id": "D24E5BF7-8F13-41CD-9FF1-9B9F830FD317",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-116169",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "d24e5bf7-8f13-41cd-9ff1-9b9f830fd317"
},
{
"db": "CNVD",
"id": "CNVD-2017-10359"
},
{
"db": "VULHUB",
"id": "VHN-116169"
},
{
"db": "BID",
"id": "98446"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004715"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-902"
},
{
"db": "NVD",
"id": "CVE-2017-7966"
}
]
},
"id": "VAR-201706-0651",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "d24e5bf7-8f13-41cd-9ff1-9b9f830fd317"
},
{
"db": "CNVD",
"id": "CNVD-2017-10359"
},
{
"db": "VULHUB",
"id": "VHN-116169"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "d24e5bf7-8f13-41cd-9ff1-9b9f830fd317"
},
{
"db": "CNVD",
"id": "CNVD-2017-10359"
}
]
},
"last_update_date": "2024-11-23T22:34:37.060000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2017-125-02",
"trust": 0.8,
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-125-02/"
},
{
"title": "Schneider Electric SoMachine HVAC patch for arbitrary code execution vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/95695"
},
{
"title": "Schneider Electric SoMachine HVAC Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99739"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10359"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004715"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-902"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-427",
"trust": 1.1
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116169"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004715"
},
{
"db": "NVD",
"id": "CVE-2017-7966"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/98446"
},
{
"trust": 2.0,
"url": "http://www.schneider-electric.com/en/download/document/sevd-2017-125-02/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7966"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7966"
},
{
"trust": 0.3,
"url": "http://blog.rapid7.com/?p=5325"
},
{
"trust": 0.3,
"url": "http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html"
},
{
"trust": 0.3,
"url": "http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-136-02"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10359"
},
{
"db": "VULHUB",
"id": "VHN-116169"
},
{
"db": "BID",
"id": "98446"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004715"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-902"
},
{
"db": "NVD",
"id": "CVE-2017-7966"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "d24e5bf7-8f13-41cd-9ff1-9b9f830fd317"
},
{
"db": "CNVD",
"id": "CNVD-2017-10359"
},
{
"db": "VULHUB",
"id": "VHN-116169"
},
{
"db": "BID",
"id": "98446"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004715"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-902"
},
{
"db": "NVD",
"id": "CVE-2017-7966"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-20T00:00:00",
"db": "IVD",
"id": "d24e5bf7-8f13-41cd-9ff1-9b9f830fd317"
},
{
"date": "2017-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-10359"
},
{
"date": "2017-06-07T00:00:00",
"db": "VULHUB",
"id": "VHN-116169"
},
{
"date": "2017-05-05T00:00:00",
"db": "BID",
"id": "98446"
},
{
"date": "2017-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004715"
},
{
"date": "2017-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-902"
},
{
"date": "2017-06-07T19:29:00.227000",
"db": "NVD",
"id": "CVE-2017-7966"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-10359"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-116169"
},
{
"date": "2017-05-23T16:26:00",
"db": "BID",
"id": "98446"
},
{
"date": "2017-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004715"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-902"
},
{
"date": "2024-11-21T03:33:03.770000",
"db": "NVD",
"id": "CVE-2017-7966"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-902"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric SoMachine HVAC Arbitrary code execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "d24e5bf7-8f13-41cd-9ff1-9b9f830fd317"
},
{
"db": "CNVD",
"id": "CNVD-2017-10359"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "d24e5bf7-8f13-41cd-9ff1-9b9f830fd317"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-902"
}
],
"trust": 0.8
}
}
CVE-2014-9200 (GCVE-0-2014-9200)
Vulnerability from cvelistv5
Published
2015-02-01 15:00
Modified
2025-09-05 21:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library 1.0.0 and earlier, EM X80 Gateway DTM (MB TCP/SL), Advantys DTM for OTB, Advantys DTM for STB, KINOS DTM, SOLO DTM, and Xantrex DTMs allows remote attackers to execute arbitrary code via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-009-01 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/72335 | vdb-entry, x_refsource_BID | |
| https://www.cisa.gov/news-events/ics-advisories/icsa-15-027-02 |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Schneider Electric | Unity Pro |
Version: all versions |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:24.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-009-01"
},
{
"name": "72335",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72335"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-027-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Unity Pro",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SoMachine",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SoMove",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SoMove Lite",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Modbus Communication Library",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "Version 2.2.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CANopen Communication Library",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "Version 1.0.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EtherNet/IP Communication Library",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "Version 1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EM X80 Gateway DTM (MB TCP/SL)",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Advantys DTMs (OTB, STB)",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "KINOS DTM",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SOLO DTM",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Xantrex DTM",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ariele Caltabiano (kimiya) with HP\u2019s Zero Day Initiative (ZDI)"
}
],
"datePublic": "2015-01-27T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eStack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library 1.0.0 and earlier, EM X80 Gateway DTM (MB TCP/SL), Advantys DTM for OTB, Advantys DTM for STB, KINOS DTM, SOLO DTM, and Xantrex DTMs allows remote attackers to execute arbitrary code via unspecified vectors.\u003c/p\u003e"
}
],
"value": "Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library 1.0.0 and earlier, EM X80 Gateway DTM (MB TCP/SL), Advantys DTM for OTB, Advantys DTM for STB, KINOS DTM, SOLO DTM, and Xantrex DTMs allows remote attackers to execute arbitrary code via unspecified vectors."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-05T21:34:15.852Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-009-01"
},
{
"name": "72335",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72335"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-027-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSchneider Electric has released a patch that resolves the \nvulnerability by removing the vulnerable DLL. Schneider Electric\u2019s patch\n is available at the follow location:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://download.schneider-electric.com/files?p_Doc_Ref=FDT1\"\u003ehttp://download.schneider-electric.com/files?p_Doc_Ref=FDT1\u003c/a\u003e DLL Removal Kit.\u003c/p\u003e\n\u003cp\u003eSchneider Electric\u2019s security notice SEVD-2015-009-01 is available at the following location:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-009-01\"\u003ehttp://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-009-01\u003c/a\u003e\u003c/p\u003e.\n\n\u003cbr\u003e"
}
],
"value": "Schneider Electric has released a patch that resolves the \nvulnerability by removing the vulnerable DLL. Schneider Electric\u2019s patch\n is available at the follow location:\n\n\n http://download.schneider-electric.com/files?p_Doc_Ref=FDT1 DLL Removal Kit.\n\n\nSchneider Electric\u2019s security notice SEVD-2015-009-01 is available at the following location:\n\n\n http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-009-01 \n\n."
}
],
"source": {
"advisory": "ICSA-15-027-02",
"discovery": "UNKNOWN"
},
"title": "Schneider Electric Device Type Managers (DTMs) Stack-based Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-9200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library 1.0.0 and earlier, EM X80 Gateway DTM (MB TCP/SL), Advantys DTM for OTB, Advantys DTM for STB, KINOS DTM, SOLO DTM, and Xantrex DTMs allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-009-01",
"refsource": "CONFIRM",
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-009-01"
},
{
"name": "72335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72335"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-027-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-027-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-9200",
"datePublished": "2015-02-01T15:00:00",
"dateReserved": "2014-12-02T00:00:00",
"dateUpdated": "2025-09-05T21:34:15.852Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}