Sign-up

ID

VAR-201402-0349


CVE

CVE-2014-0759


TITLE

Schneider Electric Floating License Manager Privilege Escalation Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2014-01407 // BID: 65873

DESCRIPTION

Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character. Supplementary information : CWE Vulnerability type by CWE-428: Unquoted Search Path or Element ( Unquoted search path or element ) Has been identified. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. The SESU tool used by several of these products is used to update software on Windows PC systems. Attackers can leverage this issue to gain escalated privileges

Trust: 2.79

sources: NVD: CVE-2014-0759 // JVNDB: JVNDB-2014-001523 // CNVD: CNVD-2014-01407 // BID: 65873 // IVD: 302331f0-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-68252 // VULMON: CVE-2014-0759

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 302331f0-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01407

AFFECTED PRODUCTS

vendor:schneider electricmodel:floating license managerscope:eqversion:1.0.0

Trust: 1.6

vendor:schneider electricmodel:floating license managerscope:eqversion:1.4.0

Trust: 1.6

vendor:schneider electricmodel:floating license managerscope:eqversion:1.0.0 to 1.4.0

Trust: 0.8

vendor:schneidermodel:electric floating license managerscope:eqversion:1.0.0-1.4.0

Trust: 0.6

vendor:schneider electricmodel:floating license managerscope:eqversion:1.4

Trust: 0.3

vendor:schneider electricmodel:floating license managerscope:eqversion:1.3

Trust: 0.3

vendor:schneider electricmodel:floating license managerscope:eqversion:1.2

Trust: 0.3

vendor:schneider electricmodel:floating license managerscope:eqversion:1.1

Trust: 0.3

vendor:schneider electricmodel:floating license managerscope:eqversion:1.0

Trust: 0.3

vendor:floating license managermodel: - scope:eqversion:1.0.0

Trust: 0.2

vendor:floating license managermodel: - scope:eqversion:1.4.0

Trust: 0.2

sources: IVD: 302331f0-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01407 // BID: 65873 // JVNDB: JVNDB-2014-001523 // CNNVD: CNNVD-201402-479 // NVD: CVE-2014-0759

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0759
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-0759
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-01407
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201402-479
value: MEDIUM

Trust: 0.6

IVD: 302331f0-2352-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-68252
value: MEDIUM

Trust: 0.1

VULMON: CVE-2014-0759
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-0759
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2014-01407
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 302331f0-2352-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-68252
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 302331f0-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01407 // VULHUB: VHN-68252 // VULMON: CVE-2014-0759 // JVNDB: JVNDB-2014-001523 // CNNVD: CNNVD-201402-479 // NVD: CVE-2014-0759

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2014-001523 // NVD: CVE-2014-0759

THREAT TYPE

local

Trust: 0.9

sources: BID: 65873 // CNNVD: CNNVD-201402-479

TYPE

other

Trust: 0.8

sources: IVD: 302331f0-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201402-479

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001523

PATCH
title:SEVD-2014-015-01url:http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-015-01
Trust: 0.8
title:Patch for Schneider Electric Floating License Manager Privilege Escalation Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/44006
Trust: 0.6
title: - url:https://github.com/Ontothecloud/cwe-428 
Trust: 0.1
title: - url:https://github.com/Ontothecloud/CWE-428 
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-01407 // 
            
            
            
            VULMON: CVE-2014-0759 // 
            
            
            
            JVNDB: JVNDB-2014-001523

EXTERNAL IDS
db:NVDid:CVE-2014-0759
Trust: 3.7
db:ICS CERTid:ICSA-14-058-01
Trust: 3.5
db:BIDid:65873
Trust: 1.0
db:CNNVDid:CNNVD-201402-479
Trust: 0.9
db:CNVDid:CNVD-2014-01407
Trust: 0.8
db:JVNDBid:JVNDB-2014-001523
Trust: 0.8
db:IVDid:302331F0-2352-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-68252
Trust: 0.1
db:VULMONid:CVE-2014-0759
Trust: 0.1
sources:
            
            
            IVD: 302331f0-2352-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2014-01407 // 
            
            
            
            VULHUB: VHN-68252 // 
            
            
            
            VULMON: CVE-2014-0759 // 
            
            
            
            BID: 65873 // 
            
            
            
            JVNDB: JVNDB-2014-001523 // 
            
            
            
            CNNVD: CNNVD-201402-479 // 
            
            
            
            NVD: CVE-2014-0759

REFERENCES
url:http://ics-cert.us-cert.gov/advisories/icsa-14-058-01
Trust: 3.6
url:http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-015-01
Trust: 1.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0759
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0759
Trust: 0.8
url:www.controlmicrosystems.com
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://github.com/ontothecloud/cwe-428
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-01407 // 
            
            
            
            VULHUB: VHN-68252 // 
            
            
            
            VULMON: CVE-2014-0759 // 
            
            
            
            BID: 65873 // 
            
            
            
            JVNDB: JVNDB-2014-001523 // 
            
            
            
            CNNVD: CNNVD-201402-479 // 
            
            
            
            NVD: CVE-2014-0759

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 65873

SOURCES
db:IVDid:302331f0-2352-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2014-01407
db:VULHUBid:VHN-68252
db:VULMONid:CVE-2014-0759
db:BIDid:65873
db:JVNDBid:JVNDB-2014-001523
db:CNNVDid:CNNVD-201402-479
db:NVDid:CVE-2014-0759

LAST UPDATE DATE
2025-04-13T23:05:16.460000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-01407date:2014-03-04T00:00:00
db:VULHUBid:VHN-68252date:2014-02-28T00:00:00
db:VULMONid:CVE-2014-0759date:2014-02-28T00:00:00
db:BIDid:65873date:2014-02-27T00:00:00
db:JVNDBid:JVNDB-2014-001523date:2014-03-03T00:00:00
db:CNNVDid:CNNVD-201402-479date:2014-03-03T00:00:00
db:NVDid:CVE-2014-0759date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:IVDid:302331f0-2352-11e6-abef-000c29c66e3ddate:2014-03-04T00:00:00
db:CNVDid:CNVD-2014-01407date:2014-03-04T00:00:00
db:VULHUBid:VHN-68252date:2014-02-28T00:00:00
db:VULMONid:CVE-2014-0759date:2014-02-28T00:00:00
db:BIDid:65873date:2014-02-27T00:00:00
db:JVNDBid:JVNDB-2014-001523date:2014-03-03T00:00:00
db:CNNVDid:CNNVD-201402-479date:2014-02-28T00:00:00
db:NVDid:CVE-2014-0759date:2014-02-28T06:18:54.260