Vulnerability-Lookup

Search criteria ⓘ Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

Full-Text Search

Vendor

Product

Assigner

Sources

Sort by

Order

Apply ordering (override relevance)

CVE-2017-5157 (GCVE-0-2017-5157)

Vulnerability from nvd – Published: 2017-02-13 21:00 – Updated: 2024-08-05 14:55

Summary

An issue was discovered in Schneider Electric homeLYnk Controller, LSS100100, all versions prior to V1.5.0. The homeLYnk controller is susceptible to a cross-site scripting attack. User inputs can be manipulated to cause execution of JavaScript code.

Severity

No CVSS data available.

CWE

Schneider Electric homeLYnk Controller XSS

Assigner

icscert

References

2 references

URL	Tags
http://www.securityfocus.com/bid/95665	vdb-entryx_refsource_BID
https://ics-cert.us-cert.gov/advisories/ICSA-17-019-01	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
n/a	Schneider Electric homeLYnk Controller prior to V1.5.0	Affected: Schneider Electric homeLYnk Controller prior to V1.5.0

Date Public

2017-02-13 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:55:35.495Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "95665",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95665"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-019-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Schneider Electric homeLYnk Controller prior to V1.5.0",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Schneider Electric homeLYnk Controller prior to V1.5.0"
            }
          ]
        }
      ],
      "datePublic": "2017-02-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Schneider Electric homeLYnk Controller, LSS100100, all versions prior to V1.5.0. The homeLYnk controller is susceptible to a cross-site scripting attack. User inputs can be manipulated to cause execution of JavaScript code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Schneider Electric homeLYnk Controller XSS",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-02-14T10:57:01.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "name": "95665",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95665"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-019-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2017-5157",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Schneider Electric homeLYnk Controller prior to V1.5.0",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Schneider Electric homeLYnk Controller prior to V1.5.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Schneider Electric homeLYnk Controller, LSS100100, all versions prior to V1.5.0. The homeLYnk controller is susceptible to a cross-site scripting attack. User inputs can be manipulated to cause execution of JavaScript code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Schneider Electric homeLYnk Controller XSS"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "95665",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95665"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-019-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-019-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2017-5157",
    "datePublished": "2017-02-13T21:00:00.000Z",
    "dateReserved": "2017-01-03T00:00:00.000Z",
    "dateUpdated": "2024-08-05T14:55:35.495Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-9188 (GCVE-0-2014-9188)

Vulnerability from nvd – Published: 2014-12-27 15:00 – Updated: 2025-07-24 22:39

Title

Schneider Electric ProClima Command Injection

Summary

Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514. NOTE: this may be clarified later based on details provided by researchers.

Severity

No CVSS data available.

CWE

CWE-77

Assigner

icscert

References

3 references

URL	Tags
http://download.schneider-electric.com/files?p_Do…	x_refsource_CONFIRM
https://www.cisa.gov/news-events/ics-advisories/i…
https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01	x_refsource_MISCx_transferred

Impacted products

1 product

Vendor	Product	Version
Schneider Electric	ProClima	Affected: 0 , ≤ 6.0.1 (custom)

Date Public

2014-12-10 07:00

Credits

This vulnerability was reported to ZDI by security researchers Ariele Caltabiano, Andrea Micalizzi, and Brian Gorenc.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:40:23.200Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ProClima",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "lessThanOrEqual": "6.0.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "This vulnerability was reported to ZDI by security researchers Ariele Caltabiano, Andrea Micalizzi, and Brian Gorenc."
        }
      ],
      "datePublic": "2014-12-10T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eBuffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514.  NOTE: this may be clarified later based on details provided by researchers.\u003c/p\u003e"
            }
          ],
          "value": "Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514.  NOTE: this may be clarified later based on details provided by researchers."
        }
      ],
      "metrics": [
        {
          "cvssV2_0": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-24T22:39:42.287Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01"
        },
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-350-01"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eSchneider Electric has released an updated version of the ProClima \nsoftware, Version 6.1.7, which mitigates these vulnerabilities. \nCustomers are encouraged to download the new version and update their \ninstallations. It is important that customers first uninstall the \ncurrent version. The new version can be downloaded from Schneider \nElectric\u2019s web site at the following location:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.schneider-electric.com/ww/en/download/document/ProClima_software\"\u003ehttp://www.schneider-electric.com/ww/en/download/document/ProClima_software\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eFor further information on these vulnerabilities, please see \nSchneider Electric\u2019s security notification (SEVD 2014-344-01) at \nSchneider Electric\u2019s cybersecurity web page:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cyber-security-vulnerabilities-sorted.page%20\"\u003ehttp://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cyber-security-vulnerabilities-sorted.page\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Schneider Electric has released an updated version of the ProClima \nsoftware, Version 6.1.7, which mitigates these vulnerabilities. \nCustomers are encouraged to download the new version and update their \ninstallations. It is important that customers first uninstall the \ncurrent version. The new version can be downloaded from Schneider \nElectric\u2019s web site at the following location:\n\n\n http://www.schneider-electric.com/ww/en/download/document/ProClima_software \n\n\nFor further information on these vulnerabilities, please see \nSchneider Electric\u2019s security notification (SEVD 2014-344-01) at \nSchneider Electric\u2019s cybersecurity web page:\n\n\n http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cyber-security-vulnerabilities-sorted.page http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cyber-security-vulnerabilities-sorted.page%20"
        }
      ],
      "source": {
        "advisory": "ICSA-14-350-01",
        "discovery": "EXTERNAL"
      },
      "title": "Schneider Electric ProClima Command Injection",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2014-9188",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514.  NOTE: this may be clarified later based on details provided by researchers."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01",
              "refsource": "CONFIRM",
              "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2014-9188",
    "datePublished": "2014-12-27T15:00:00.000Z",
    "dateReserved": "2014-12-02T00:00:00.000Z",
    "dateUpdated": "2025-07-24T22:39:42.287Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-8514 (GCVE-0-2014-8514)

Vulnerability from nvd – Published: 2014-12-27 15:00 – Updated: 2024-08-06 13:18

Summary

Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-9188. NOTE: this may be clarified later based on details provided by researchers.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

3 references

URL	Tags
http://download.schneider-electric.com/files?p_Do…	x_refsource_CONFIRM
http://www.securityfocus.com/bid/71710	vdb-entryx_refsource_BID
https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01	x_refsource_MISC

Date Public

2014-12-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:18:48.327Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01"
          },
          {
            "name": "71710",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/71710"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-12-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-9188.  NOTE: this may be clarified later based on details provided by researchers."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-29T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01"
        },
        {
          "name": "71710",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/71710"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-8514",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-9188.  NOTE: this may be clarified later based on details provided by researchers."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01",
              "refsource": "CONFIRM",
              "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01"
            },
            {
              "name": "71710",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/71710"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-8514",
    "datePublished": "2014-12-27T15:00:00.000Z",
    "dateReserved": "2014-10-28T00:00:00.000Z",
    "dateUpdated": "2024-08-06T13:18:48.327Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-8513 (GCVE-0-2014-8513)

Vulnerability from nvd – Published: 2014-12-27 15:00 – Updated: 2024-08-06 13:18

Summary

Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8514 and CVE-2014-9188. NOTE: this may be clarified later based on details provided by researchers.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

2 references

URL	Tags
http://download.schneider-electric.com/files?p_Do…	x_refsource_CONFIRM
https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01	x_refsource_MISC

Date Public

2014-12-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:18:48.357Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-12-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8514 and CVE-2014-9188.  NOTE: this may be clarified later based on details provided by researchers."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-12-27T14:57:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-8513",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8514 and CVE-2014-9188.  NOTE: this may be clarified later based on details provided by researchers."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01",
              "refsource": "CONFIRM",
              "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-8513",
    "datePublished": "2014-12-27T15:00:00.000Z",
    "dateReserved": "2014-10-28T00:00:00.000Z",
    "dateUpdated": "2024-08-06T13:18:48.357Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-8512 (GCVE-0-2014-8512)

Vulnerability from nvd – Published: 2014-12-27 15:00 – Updated: 2024-08-06 13:18

Summary

Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8511. NOTE: this may be clarified later based on details provided by researchers.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

2 references

URL	Tags
http://download.schneider-electric.com/files?p_Do…	x_refsource_CONFIRM
https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01	x_refsource_MISC

Date Public

2014-12-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:18:48.538Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-12-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8511.  NOTE: this may be clarified later based on details provided by researchers."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-12-27T14:57:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-8512",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8511.  NOTE: this may be clarified later based on details provided by researchers."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01",
              "refsource": "CONFIRM",
              "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-8512",
    "datePublished": "2014-12-27T15:00:00.000Z",
    "dateReserved": "2014-10-28T00:00:00.000Z",
    "dateUpdated": "2024-08-06T13:18:48.538Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-0662 (GCVE-0-2013-0662)

Vulnerability from nvd – Published: 2014-03-28 19:00 – Updated: 2024-08-06 14:33

Summary

Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header.

Severity

No CVSS data available.

CWE

n/a

Assigner

icscert

References

5 references

URL	Tags
http://download.schneider-electric.com/files?p_Do…	x_refsource_CONFIRM
https://www.exploit-db.com/exploits/45219/	exploitx_refsource_EXPLOIT-DB
http://ics-cert.us-cert.gov/advisories/ICSA-14-086-01	x_refsource_MISC
http://www.securityfocus.com/bid/66500	vdb-entryx_refsource_BID
https://www.exploit-db.com/exploits/45220/	exploitx_refsource_EXPLOIT-DB

Date Public

2014-03-27 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:33:05.415Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202013-070-01"
          },
          {
            "name": "45219",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/45219/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-086-01"
          },
          {
            "name": "66500",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/66500"
          },
          {
            "name": "45220",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/45220/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-03-27T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-22T09:57:01.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202013-070-01"
        },
        {
          "name": "45219",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/45219/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-086-01"
        },
        {
          "name": "66500",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/66500"
        },
        {
          "name": "45220",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/45220/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2013-0662",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202013-070-01",
              "refsource": "CONFIRM",
              "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202013-070-01"
            },
            {
              "name": "45219",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/45219/"
            },
            {
              "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-086-01",
              "refsource": "MISC",
              "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-086-01"
            },
            {
              "name": "66500",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/66500"
            },
            {
              "name": "45220",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/45220/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2013-0662",
    "datePublished": "2014-03-28T19:00:00.000Z",
    "dateReserved": "2012-12-19T00:00:00.000Z",
    "dateUpdated": "2024-08-06T14:33:05.415Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-5157 (GCVE-0-2017-5157)

Vulnerability from cvelistv5 – Published: 2017-02-13 21:00 – Updated: 2024-08-05 14:55

Summary

An issue was discovered in Schneider Electric homeLYnk Controller, LSS100100, all versions prior to V1.5.0. The homeLYnk controller is susceptible to a cross-site scripting attack. User inputs can be manipulated to cause execution of JavaScript code.

Severity

No CVSS data available.

CWE

Schneider Electric homeLYnk Controller XSS

Assigner

icscert

References

2 references

URL	Tags
http://www.securityfocus.com/bid/95665	vdb-entryx_refsource_BID
https://ics-cert.us-cert.gov/advisories/ICSA-17-019-01	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
n/a	Schneider Electric homeLYnk Controller prior to V1.5.0	Affected: Schneider Electric homeLYnk Controller prior to V1.5.0

Date Public

2017-02-13 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:55:35.495Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "95665",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95665"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-019-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Schneider Electric homeLYnk Controller prior to V1.5.0",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Schneider Electric homeLYnk Controller prior to V1.5.0"
            }
          ]
        }
      ],
      "datePublic": "2017-02-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Schneider Electric homeLYnk Controller, LSS100100, all versions prior to V1.5.0. The homeLYnk controller is susceptible to a cross-site scripting attack. User inputs can be manipulated to cause execution of JavaScript code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Schneider Electric homeLYnk Controller XSS",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-02-14T10:57:01.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "name": "95665",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95665"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-019-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2017-5157",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Schneider Electric homeLYnk Controller prior to V1.5.0",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Schneider Electric homeLYnk Controller prior to V1.5.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Schneider Electric homeLYnk Controller, LSS100100, all versions prior to V1.5.0. The homeLYnk controller is susceptible to a cross-site scripting attack. User inputs can be manipulated to cause execution of JavaScript code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Schneider Electric homeLYnk Controller XSS"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "95665",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95665"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-019-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-019-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2017-5157",
    "datePublished": "2017-02-13T21:00:00.000Z",
    "dateReserved": "2017-01-03T00:00:00.000Z",
    "dateUpdated": "2024-08-05T14:55:35.495Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-8512 (GCVE-0-2014-8512)

Vulnerability from cvelistv5 – Published: 2014-12-27 15:00 – Updated: 2024-08-06 13:18

Summary

Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8511. NOTE: this may be clarified later based on details provided by researchers.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

2 references

URL	Tags
http://download.schneider-electric.com/files?p_Do…	x_refsource_CONFIRM
https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01	x_refsource_MISC

Date Public

2014-12-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:18:48.538Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-12-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8511.  NOTE: this may be clarified later based on details provided by researchers."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-12-27T14:57:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-8512",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8511.  NOTE: this may be clarified later based on details provided by researchers."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01",
              "refsource": "CONFIRM",
              "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-8512",
    "datePublished": "2014-12-27T15:00:00.000Z",
    "dateReserved": "2014-10-28T00:00:00.000Z",
    "dateUpdated": "2024-08-06T13:18:48.538Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-8514 (GCVE-0-2014-8514)

Vulnerability from cvelistv5 – Published: 2014-12-27 15:00 – Updated: 2024-08-06 13:18

Summary

Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-9188. NOTE: this may be clarified later based on details provided by researchers.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

3 references

URL	Tags
http://download.schneider-electric.com/files?p_Do…	x_refsource_CONFIRM
http://www.securityfocus.com/bid/71710	vdb-entryx_refsource_BID
https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01	x_refsource_MISC

Date Public

2014-12-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:18:48.327Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01"
          },
          {
            "name": "71710",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/71710"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-12-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-9188.  NOTE: this may be clarified later based on details provided by researchers."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-29T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01"
        },
        {
          "name": "71710",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/71710"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-8514",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-9188.  NOTE: this may be clarified later based on details provided by researchers."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01",
              "refsource": "CONFIRM",
              "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01"
            },
            {
              "name": "71710",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/71710"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-8514",
    "datePublished": "2014-12-27T15:00:00.000Z",
    "dateReserved": "2014-10-28T00:00:00.000Z",
    "dateUpdated": "2024-08-06T13:18:48.327Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-8513 (GCVE-0-2014-8513)

Vulnerability from cvelistv5 – Published: 2014-12-27 15:00 – Updated: 2024-08-06 13:18

Summary

Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8514 and CVE-2014-9188. NOTE: this may be clarified later based on details provided by researchers.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

2 references

URL	Tags
http://download.schneider-electric.com/files?p_Do…	x_refsource_CONFIRM
https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01	x_refsource_MISC

Date Public

2014-12-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:18:48.357Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-12-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8514 and CVE-2014-9188.  NOTE: this may be clarified later based on details provided by researchers."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-12-27T14:57:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-8513",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8514 and CVE-2014-9188.  NOTE: this may be clarified later based on details provided by researchers."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01",
              "refsource": "CONFIRM",
              "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-8513",
    "datePublished": "2014-12-27T15:00:00.000Z",
    "dateReserved": "2014-10-28T00:00:00.000Z",
    "dateUpdated": "2024-08-06T13:18:48.357Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-9188 (GCVE-0-2014-9188)

Vulnerability from cvelistv5 – Published: 2014-12-27 15:00 – Updated: 2025-07-24 22:39

Title

Schneider Electric ProClima Command Injection

Summary

Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514. NOTE: this may be clarified later based on details provided by researchers.

Severity

No CVSS data available.

CWE

CWE-77

Assigner

icscert

References

3 references

URL	Tags
http://download.schneider-electric.com/files?p_Do…	x_refsource_CONFIRM
https://www.cisa.gov/news-events/ics-advisories/i…
https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01	x_refsource_MISCx_transferred

Impacted products

1 product

Vendor	Product	Version
Schneider Electric	ProClima	Affected: 0 , ≤ 6.0.1 (custom)

Date Public

2014-12-10 07:00

Credits

This vulnerability was reported to ZDI by security researchers Ariele Caltabiano, Andrea Micalizzi, and Brian Gorenc.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:40:23.200Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ProClima",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "lessThanOrEqual": "6.0.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "This vulnerability was reported to ZDI by security researchers Ariele Caltabiano, Andrea Micalizzi, and Brian Gorenc."
        }
      ],
      "datePublic": "2014-12-10T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eBuffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514.  NOTE: this may be clarified later based on details provided by researchers.\u003c/p\u003e"
            }
          ],
          "value": "Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514.  NOTE: this may be clarified later based on details provided by researchers."
        }
      ],
      "metrics": [
        {
          "cvssV2_0": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-24T22:39:42.287Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01"
        },
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-350-01"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eSchneider Electric has released an updated version of the ProClima \nsoftware, Version 6.1.7, which mitigates these vulnerabilities. \nCustomers are encouraged to download the new version and update their \ninstallations. It is important that customers first uninstall the \ncurrent version. The new version can be downloaded from Schneider \nElectric\u2019s web site at the following location:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.schneider-electric.com/ww/en/download/document/ProClima_software\"\u003ehttp://www.schneider-electric.com/ww/en/download/document/ProClima_software\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eFor further information on these vulnerabilities, please see \nSchneider Electric\u2019s security notification (SEVD 2014-344-01) at \nSchneider Electric\u2019s cybersecurity web page:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cyber-security-vulnerabilities-sorted.page%20\"\u003ehttp://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cyber-security-vulnerabilities-sorted.page\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Schneider Electric has released an updated version of the ProClima \nsoftware, Version 6.1.7, which mitigates these vulnerabilities. \nCustomers are encouraged to download the new version and update their \ninstallations. It is important that customers first uninstall the \ncurrent version. The new version can be downloaded from Schneider \nElectric\u2019s web site at the following location:\n\n\n http://www.schneider-electric.com/ww/en/download/document/ProClima_software \n\n\nFor further information on these vulnerabilities, please see \nSchneider Electric\u2019s security notification (SEVD 2014-344-01) at \nSchneider Electric\u2019s cybersecurity web page:\n\n\n http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cyber-security-vulnerabilities-sorted.page http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cyber-security-vulnerabilities-sorted.page%20"
        }
      ],
      "source": {
        "advisory": "ICSA-14-350-01",
        "discovery": "EXTERNAL"
      },
      "title": "Schneider Electric ProClima Command Injection",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2014-9188",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514.  NOTE: this may be clarified later based on details provided by researchers."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01",
              "refsource": "CONFIRM",
              "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2014-9188",
    "datePublished": "2014-12-27T15:00:00.000Z",
    "dateReserved": "2014-12-02T00:00:00.000Z",
    "dateUpdated": "2025-07-24T22:39:42.287Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-0662 (GCVE-0-2013-0662)

Vulnerability from cvelistv5 – Published: 2014-03-28 19:00 – Updated: 2024-08-06 14:33

Summary

Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header.

Severity

No CVSS data available.

CWE

n/a

Assigner

icscert

References

5 references

URL	Tags
http://download.schneider-electric.com/files?p_Do…	x_refsource_CONFIRM
https://www.exploit-db.com/exploits/45219/	exploitx_refsource_EXPLOIT-DB
http://ics-cert.us-cert.gov/advisories/ICSA-14-086-01	x_refsource_MISC
http://www.securityfocus.com/bid/66500	vdb-entryx_refsource_BID
https://www.exploit-db.com/exploits/45220/	exploitx_refsource_EXPLOIT-DB

Date Public

2014-03-27 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:33:05.415Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202013-070-01"
          },
          {
            "name": "45219",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/45219/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-086-01"
          },
          {
            "name": "66500",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/66500"
          },
          {
            "name": "45220",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/45220/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-03-27T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-22T09:57:01.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202013-070-01"
        },
        {
          "name": "45219",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/45219/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-086-01"
        },
        {
          "name": "66500",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/66500"
        },
        {
          "name": "45220",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/45220/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2013-0662",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202013-070-01",
              "refsource": "CONFIRM",
              "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202013-070-01"
            },
            {
              "name": "45219",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/45219/"
            },
            {
              "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-086-01",
              "refsource": "MISC",
              "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-086-01"
            },
            {
              "name": "66500",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/66500"
            },
            {
              "name": "45220",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/45220/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2013-0662",
    "datePublished": "2014-03-28T19:00:00.000Z",
    "dateReserved": "2012-12-19T00:00:00.000Z",
    "dateUpdated": "2024-08-06T14:33:05.415Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Find a vulnerability

Search criteria ⓘ Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

12 vulnerabilities by schneider_electric

CVE-2017-5157 (GCVE-0-2017-5157)

CVE-2014-9188 (GCVE-0-2014-9188)

CVE-2014-8514 (GCVE-0-2014-8514)

CVE-2014-8513 (GCVE-0-2014-8513)

CVE-2014-8512 (GCVE-0-2014-8512)

CVE-2013-0662 (GCVE-0-2013-0662)

CVE-2017-5157 (GCVE-0-2017-5157)

CVE-2014-8512 (GCVE-0-2014-8512)

CVE-2014-8514 (GCVE-0-2014-8514)

CVE-2014-8513 (GCVE-0-2014-8513)

CVE-2014-9188 (GCVE-0-2014-9188)

CVE-2013-0662 (GCVE-0-2013-0662)

Find a vulnerability

Search criteria ⓘ Use this form to refine search results. Full-text search supports keyword queries with ranking and filtering. You can combine vendor, product, and sources to narrow results. Enable “Apply ordering” to sort by date instead of relevance.

12 vulnerabilities by schneider_electric

CVE-2017-5157 (GCVE-0-2017-5157)

CVE-2014-9188 (GCVE-0-2014-9188)

CVE-2014-8514 (GCVE-0-2014-8514)

CVE-2014-8513 (GCVE-0-2014-8513)

CVE-2014-8512 (GCVE-0-2014-8512)

CVE-2013-0662 (GCVE-0-2013-0662)

CVE-2017-5157 (GCVE-0-2017-5157)

CVE-2014-8512 (GCVE-0-2014-8512)

CVE-2014-8514 (GCVE-0-2014-8514)

CVE-2014-8513 (GCVE-0-2014-8513)

CVE-2014-9188 (GCVE-0-2014-9188)

CVE-2013-0662 (GCVE-0-2013-0662)

Search criteria ⓘ Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.