Vulnerability CVE-2014-0789

Vulnerability CVE-2014-0789

Published: 2014-04-04

Description:

Multiple buffer overflows in the OPC Automation 2.0 Server Object ActiveX control in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 3.5 and earlier, TLXCDSTOFS33 3.5 and earlier, TLXCDLUOFS33 3.5 and earlier, TLXCDLTOFS33 3.5 and earlier, and TLXCDLFOFS33 3.5 and earlier allow remote attackers to cause a denial of service via long arguments to unspecified functions.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score	Impact Subscore	Exploitability Subscore
7.8/10	6.9/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
None	None	Complete

Affected software
Schneider-electric -> Opc factory server tlxcdlfofs
Schneider-electric -> Opc factory server tlxcdltofs
Schneider-electric -> Opc factory server tlxcdluofs
Schneider-electric -> Opc factory server tlxcdstofs
Schneider-electric -> Opc factory server tlxcdsuofs

References:

http://ics-cert.us-cert.gov/advisories/ICSA-14-093-01

http://www.schneider-electric.com/corporate/en/support/cybersecurity/viewer-news.page?c_filepath=/templatedata/Content/News/data/en/local/cybersecurity/general_information/2014/03/20140325_vulnerability_disclosure_opc_factory_server.xml

Vulnerability CVE-2014-0789

CWE-119

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

7.8/10

6.9/10

10/10

Remote

Low

No required

None

None

Complete

Affected software

References: