Vulnerabilites related to Schneider Electric - TLXCDLTOFS33
var-201402-0350
Vulnerability from variot
Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Schneider Electric OFS Client. User interaction is required to exploit this vulnerability in that the target must load a malicious file.The specific flaw exists within the parsing of the configuration file. A crafted configuration file will result in an exploitable stack buffer overflow. An attacker can use this to execute arbitrary code in the context of the OFS Client. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. The SESU tool used by several of these products is used to update software on Windows PC systems. Failed exploit attempts will result in a denial-of-service condition. Schneider Electric OPC Factory Server (OFS) is a set of data communication editing software of French Schneider Electric (Schneider Electric). The software supports important information access, open page design, transparent architecture and interoperability, etc., enabling users to obtain good process and communication effects. The following versions are affected: Schneider Electric OFS TLXCDSUOFS33 - version 3.35, TLXCDSTOFS33 - version 3.35, TLXCDLUOFS33 - version 3.35, TLXCDLTOFS33 - version 3.35, TLXCDLFOFS33 - version 3.35
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "opc factory server",
"scope": "eq",
"trust": 2.4,
"vendor": "schneider electric",
"version": "3.35"
},
{
"_id": null,
"model": "ofs test client tlxcdsuofs33",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "3.35"
},
{
"_id": null,
"model": "ofs test client tlxcdstofs33",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "3.35"
},
{
"_id": null,
"model": "ofs test client tlxcdlfofs33",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "3.35"
},
{
"_id": null,
"model": "ofs test client tlxcdltofs33",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "3.35"
},
{
"_id": null,
"model": "ofs test client tlxcdluofs33",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "3.35"
},
{
"_id": null,
"model": "tlxcdlfofs33",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "3.35"
},
{
"_id": null,
"model": "tlxcdltofs33",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "3.35"
},
{
"_id": null,
"model": "tlxcdluofs33",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "3.35"
},
{
"_id": null,
"model": "tlxcdstofs33",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "3.35"
},
{
"_id": null,
"model": "tlxcdsuofs33",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "3.35"
},
{
"_id": null,
"model": "opc factory server",
"scope": null,
"trust": 0.7,
"vendor": "schneider electric",
"version": null
},
{
"_id": null,
"model": "electric opc factory server",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "3.35"
},
{
"_id": null,
"model": "electric ofs test client tlxcdlfofs33",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "3.35"
},
{
"_id": null,
"model": "electric ofs test client tlxcdltofs33",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "3.35"
},
{
"_id": null,
"model": "electric ofs test client tlxcdluofs33",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "3.35"
},
{
"_id": null,
"model": "electric ofs test client tlxcdstofs33",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "3.35"
},
{
"_id": null,
"model": "electric ofs test client tlxcdsuofs33",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "3.35"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ofs test client tlxcdlfofs33",
"version": "3.35"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ofs test client tlxcdltofs33",
"version": "3.35"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ofs test client tlxcdluofs33",
"version": "3.35"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ofs test client tlxcdstofs33",
"version": "3.35"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ofs test client tlxcdsuofs33",
"version": "3.35"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "opc factory server",
"version": "3.35"
}
],
"sources": [
{
"db": "IVD",
"id": "301bda5e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-054"
},
{
"db": "CNVD",
"id": "CNVD-2014-01433"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001524"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-480"
},
{
"db": "NVD",
"id": "CVE-2014-0774"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:opc_factory_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:ofs_test_client_tlxcdlfofs33",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:ofs_test_client_tlxcdltofs33",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:ofs_test_client_tlxcdluofs33",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:ofs_test_client_tlxcdstofs33",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:ofs_test_client_tlxcdsuofs33",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001524"
}
]
},
"credits": {
"_id": null,
"data": "0x7A240E67",
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-054"
}
],
"trust": 0.7
},
"cve": "CVE-2014-0774",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CVE-2014-0774",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.1,
"id": "CVE-2014-0774",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CNVD-2014-01433",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "301bda5e-2352-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "VHN-68267",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-0774",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-0774",
"trust": 0.8,
"value": "Medium"
},
{
"author": "ZDI",
"id": "CVE-2014-0774",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-01433",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201402-480",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "301bda5e-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-68267",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "301bda5e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-054"
},
{
"db": "CNVD",
"id": "CNVD-2014-01433"
},
{
"db": "VULHUB",
"id": "VHN-68267"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001524"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-480"
},
{
"db": "NVD",
"id": "CVE-2014-0774"
}
]
},
"description": {
"_id": null,
"data": "Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Schneider Electric OFS Client. User interaction is required to exploit this vulnerability in that the target must load a malicious file.The specific flaw exists within the parsing of the configuration file. A crafted configuration file will result in an exploitable stack buffer overflow. An attacker can use this to execute arbitrary code in the context of the OFS Client. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. The SESU tool used by several of these products is used to update software on Windows PC systems. Failed exploit attempts will result in a denial-of-service condition. Schneider Electric OPC Factory Server (OFS) is a set of data communication editing software of French Schneider Electric (Schneider Electric). The software supports important information access, open page design, transparent architecture and interoperability, etc., enabling users to obtain good process and communication effects. The following versions are affected: Schneider Electric OFS TLXCDSUOFS33 - version 3.35, TLXCDSTOFS33 - version 3.35, TLXCDLUOFS33 - version 3.35, TLXCDLTOFS33 - version 3.35, TLXCDLFOFS33 - version 3.35",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0774"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001524"
},
{
"db": "ZDI",
"id": "ZDI-14-054"
},
{
"db": "CNVD",
"id": "CNVD-2014-01433"
},
{
"db": "BID",
"id": "65871"
},
{
"db": "IVD",
"id": "301bda5e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-68267"
}
],
"trust": 3.33
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2014-0774",
"trust": 4.3
},
{
"db": "ICS CERT",
"id": "ICSA-14-058-02",
"trust": 2.5
},
{
"db": "BID",
"id": "65871",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201402-480",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-01433",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001524",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1881",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-054",
"trust": 0.7
},
{
"db": "IVD",
"id": "301BDA5E-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-68267",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "301bda5e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-054"
},
{
"db": "CNVD",
"id": "CNVD-2014-01433"
},
{
"db": "VULHUB",
"id": "VHN-68267"
},
{
"db": "BID",
"id": "65871"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001524"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-480"
},
{
"db": "NVD",
"id": "CVE-2014-0774"
}
]
},
"id": "VAR-201402-0350",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "301bda5e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-01433"
},
{
"db": "VULHUB",
"id": "VHN-68267"
}
],
"trust": 1.7333333333333334
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "301bda5e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-01433"
}
]
},
"last_update_date": "2024-11-23T23:02:50.131000Z",
"patch": {
"_id": null,
"data": [
{
"title": "SEVD 2014-031-01",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01"
},
{
"title": "Schneider Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-058-02"
},
{
"title": "Patch for Schneider Electric OPC Factory Server Privilege Escalation Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/44015"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-054"
},
{
"db": "CNVD",
"id": "CNVD-2014-01433"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001524"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68267"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001524"
},
{
"db": "NVD",
"id": "CVE-2014-0774"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.2,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-058-02"
},
{
"trust": 1.7,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-031-01"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0774"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/65871"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0774"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-054"
},
{
"db": "CNVD",
"id": "CNVD-2014-01433"
},
{
"db": "VULHUB",
"id": "VHN-68267"
},
{
"db": "BID",
"id": "65871"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001524"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-480"
},
{
"db": "NVD",
"id": "CVE-2014-0774"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "301bda5e-2352-11e6-abef-000c29c66e3d",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-14-054",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2014-01433",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-68267",
"ident": null
},
{
"db": "BID",
"id": "65871",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001524",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201402-480",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2014-0774",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2014-03-05T00:00:00",
"db": "IVD",
"id": "301bda5e-2352-11e6-abef-000c29c66e3d",
"ident": null
},
{
"date": "2014-04-03T00:00:00",
"db": "ZDI",
"id": "ZDI-14-054",
"ident": null
},
{
"date": "2014-03-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01433",
"ident": null
},
{
"date": "2014-02-28T00:00:00",
"db": "VULHUB",
"id": "VHN-68267",
"ident": null
},
{
"date": "2014-02-27T00:00:00",
"db": "BID",
"id": "65871",
"ident": null
},
{
"date": "2014-03-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001524",
"ident": null
},
{
"date": "2014-02-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201402-480",
"ident": null
},
{
"date": "2014-02-28T06:18:54.277000",
"db": "NVD",
"id": "CVE-2014-0774",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2014-04-03T00:00:00",
"db": "ZDI",
"id": "ZDI-14-054",
"ident": null
},
{
"date": "2014-03-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01433",
"ident": null
},
{
"date": "2015-10-16T00:00:00",
"db": "VULHUB",
"id": "VHN-68267",
"ident": null
},
{
"date": "2014-08-01T00:02:00",
"db": "BID",
"id": "65871",
"ident": null
},
{
"date": "2014-03-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001524",
"ident": null
},
{
"date": "2014-03-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201402-480",
"ident": null
},
{
"date": "2024-11-21T02:02:47.127000",
"db": "NVD",
"id": "CVE-2014-0774",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "BID",
"id": "65871"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-480"
}
],
"trust": 0.9
},
"title": {
"_id": null,
"data": "Schneider Electric OPC Factory Server of C++ Sample client stack-based buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001524"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "301bda5e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-480"
}
],
"trust": 0.8
}
}
CVE-2014-0774 (GCVE-0-2014-0774)
Vulnerability from cvelistv5
Published
2014-02-28 02:00
Modified
2025-09-24 21:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/news-events/ics-advisories/icsa-14-058-02 | ||
| https://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/65871 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Schneider Electric | TLXCDSUOFS33 |
Version: V3.35 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-058-02"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01"
},
{
"name": "65871",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65871"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TLXCDSUOFS33",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "V3.35"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TLXCDSTOFS33",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "V3.35"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TLXCDLUOFS33",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "V3.35"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TLXCDLTOFS33",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "V3.35"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TLXCDLFOFS33",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "V3.35"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Schneider Electric"
}
],
"datePublic": "2014-02-27T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eStack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file.\u003c/p\u003e"
}
],
"value": "Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T21:10:10.144Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-058-02"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01"
},
{
"name": "65871",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65871"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSchneider Electric has a product upgrade as well as a workaround \nsolution \nthat mitigates this \nvulnerability.\u0026nbsp;\u003c/p\u003e\u003cp\u003eSchneider Electric Security Notification SEVD \n2014-031-01,\u201dVulnerability Disclosure \u2013 OPC Factory Server V3.35,\u201d \n\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.downloads.schneider-electric.com/?p_Conf=\u0026amp;p_localesFilter=\u0026amp;p_docTypeFilter=1555899,\u0026amp;p_docTypeGroupFilter=3541958\"\u003ehttp://www.downloads.schneider-electric.com/?p_Conf=\u0026amp;p_localesFilter=\u0026amp;p_docTypeFilter=155589...\u003c/a\u003e\u0026nbsp; \u0026nbsp;\u003c/p\u003e\n\u003cdiv\u003e\n\u003cp\u003eThe security announcements affecting the OPC Factory Server are available here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cybersecurity.page\"\u003ehttp://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cybersecurity.page\u003c/a\u003e\u003c/p\u003e\u003c/div\u003eSchneider\n Electric recommends customers to upgrade to OFS v3.4 or later (Version \nv3.5 is currently available). Customers that cannot upgrade are directed\n to remove the demonstration client from affected computers, provided it\n is not required for operations.\n\n\u003cbr\u003e"
}
],
"value": "Schneider Electric has a product upgrade as well as a workaround \nsolution \nthat mitigates this \nvulnerability.\u00a0\n\nSchneider Electric Security Notification SEVD \n2014-031-01,\u201dVulnerability Disclosure \u2013 OPC Factory Server V3.35,\u201d \n http://www.downloads.schneider-electric.com/?p_Conf=\u0026p_localesFilter=\u0026p_docTypeFilter=155589... http://www.downloads.schneider-electric.com/ \u00a0 \u00a0\n\n\n\nThe security announcements affecting the OPC Factory Server are available here:\n\n\n http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cybersecurity.page \n\n\n\nSchneider\n Electric recommends customers to upgrade to OFS v3.4 or later (Version \nv3.5 is currently available). Customers that cannot upgrade are directed\n to remove the demonstration client from affected computers, provided it\n is not required for operations."
}
],
"source": {
"advisory": "ICSA-14-058-02",
"discovery": "INTERNAL"
},
"title": "Schneider Electric OFS Stack Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-0774",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-058-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-058-02"
},
{
"name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01",
"refsource": "CONFIRM",
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01"
},
{
"name": "65871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65871"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-0774",
"datePublished": "2014-02-28T02:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2025-09-24T21:10:10.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}