Details of VAR-201403-0444

ID

VAR-201403-0444

CVE

CVE-2014-0779

TITLE

Schneider Electric StruxureWare SCADA Expert ClearSCADA of Kepware KepServerEX 4 Component ServerMain.exe Inside PLC Service disruption in drivers (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-001653

DESCRIPTION

The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider-Electric ClearSCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of OPF files. The issue lies in a failure to validate a length specifier before using it as an index into an array. An attacker can leverage this vulnerability to execute code under the context of the current process. Schneider Electric ClearSCADA is an open software platform that enables remote management of critical architectures. Schneider ClearSCADA has security holes in the implementation of parsing project files. To exploit this vulnerability you need to install the \"PLC Driver\". Schneider Electric ClearSCADA is prone to a remote code-execution vulnerability. Failed exploit attempts may result in a denial-of-service condition. 1a build 73.4903, 2013 R1.2 build 73.4955, 2013 R2 build 74.5094

Trust: 3.33

sources: NVD: CVE-2014-0779 // JVNDB: JVNDB-2014-001653 // ZDI: ZDI-14-059 // CNVD: CNVD-2014-01024 // BID: 65476 // IVD: 285fdc02-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-68272

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 285fdc02-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01024

AFFECTED PRODUCTS

vendor:	aveva	model:	clearscada	scope:	eq	version:	2013	Trust: 1.6
vendor:	clearscada	model:	-	scope:	eq	version:	2013	Trust: 1.0
vendor:	aveva	model:	clearscada	scope:	eq	version:	2010	Trust: 1.0
vendor:	clearscada	model:	-	scope:	eq	version:	2010	Trust: 0.8
vendor:	schneider electric	model:	clearscada	scope:	eq	version:	2010 r2 (build 71.4165)	Trust: 0.8
vendor:	schneider electric	model:	clearscada	scope:	eq	version:	2010 r2.1 (build 71.4325)	Trust: 0.8
vendor:	schneider electric	model:	clearscada	scope:	eq	version:	2010 r3 (build 72.4560)	Trust: 0.8
vendor:	schneider electric	model:	clearscada	scope:	eq	version:	2010 r3.1 (build 72.4644)	Trust: 0.8
vendor:	schneider electric	model:	scada expert clearscada	scope:	eq	version:	2013 r1 (build 73.4729)	Trust: 0.8
vendor:	schneider electric	model:	scada expert clearscada	scope:	eq	version:	2013 r1.1 (build 73.4832)	Trust: 0.8
vendor:	schneider electric	model:	scada expert clearscada	scope:	eq	version:	2013 r1.1a (build 73.4903)	Trust: 0.8
vendor:	schneider electric	model:	scada expert clearscada	scope:	eq	version:	2013 r1.2 (build 73.4955)	Trust: 0.8
vendor:	schneider electric	model:	scada expert clearscada	scope:	eq	version:	2013 r2 (build 74.5094)	Trust: 0.8
vendor:	schneider electric	model:	clearscada	scope:	-	version:	-	Trust: 0.7
vendor:	schneider	model:	electric clearscada	scope:	eq	version:	2013	Trust: 0.6
vendor:	schneider	model:	electric clearscada	scope:	eq	version:	2010	Trust: 0.6
vendor:	schneider electric	model:	clearscada	scope:	eq	version:	2010	Trust: 0.6
vendor:	schneider electric	model:	scada expert clearscada	scope:	eq	version:	2013	Trust: 0.6

sources: IVD: 285fdc02-2352-11e6-abef-000c29c66e3d // ZDI: ZDI-14-059 // CNVD: CNVD-2014-01024 // CNNVD: CNNVD-201403-250 // JVNDB: JVNDB-2014-001653 // NVD: CVE-2014-0779

CVSS

SEVERITY

CVSSV2

CVSSV3

ics-cert@hq.dhs.gov:	CVE-2014-0779
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2014-0779
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-0779
value:	MEDIUM
Trust: 0.8
ZDI:	CVE-2014-0779
value:	MEDIUM
Trust: 0.7
CNVD:	CNVD-2014-01024
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201403-250
value:	MEDIUM
Trust: 0.6
IVD:	285fdc02-2352-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-68272
value:	MEDIUM
Trust: 0.1

ics-cert@hq.dhs.gov:	CVE-2014-0779
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 3.5
CNVD:	CNVD-2014-01024
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	285fdc02-2352-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-68272
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 285fdc02-2352-11e6-abef-000c29c66e3d // ZDI: ZDI-14-059 // CNVD: CNVD-2014-01024 // VULHUB: VHN-68272 // CNNVD: CNNVD-201403-250 // JVNDB: JVNDB-2014-001653 // NVD: CVE-2014-0779 // NVD: CVE-2014-0779

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-68272 // JVNDB: JVNDB-2014-001653 // NVD: CVE-2014-0779

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201403-250

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: 285fdc02-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201403-250

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001653

PATCH

title:	SEVD 2014-024-01	url:	http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01	Trust: 0.8
title:	Schneider Electric has issued an update to correct this vulnerability.	url:	http://ics-cert.us-cert.gov/advisories/ICSA-14-072-01	Trust: 0.7

sources: ZDI: ZDI-14-059 // JVNDB: JVNDB-2014-001653

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0779	Trust: 4.3
db:	ICS CERT	id:	ICSA-14-072-01	Trust: 2.5
db:	BID	id:	65476	Trust: 1.0
db:	CNNVD	id:	CNNVD-201403-250	Trust: 0.9
db:	CNVD	id:	CNVD-2014-01024	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-001653	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-1876	Trust: 0.7
db:	ZDI	id:	ZDI-14-059	Trust: 0.7
db:	IVD	id:	285FDC02-2352-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-68272	Trust: 0.1

sources: IVD: 285fdc02-2352-11e6-abef-000c29c66e3d // ZDI: ZDI-14-059 // CNVD: CNVD-2014-01024 // VULHUB: VHN-68272 // BID: 65476 // CNNVD: CNNVD-201403-250 // JVNDB: JVNDB-2014-001653 // NVD: CVE-2014-0779

REFERENCES

url:	http://ics-cert.us-cert.gov/advisories/icsa-14-072-01	Trust: 3.2
url:	http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-024-01	Trust: 1.7
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-14-072-01	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0779	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0779	Trust: 0.8
url:	http://www.securityfocus.com/bid/65476	Trust: 0.6
url:	http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true	Trust: 0.3

sources: ZDI: ZDI-14-059 // CNVD: CNVD-2014-01024 // VULHUB: VHN-68272 // BID: 65476 // CNNVD: CNNVD-201403-250 // JVNDB: JVNDB-2014-001653 // NVD: CVE-2014-0779

CREDITS

Andrew Brooks

Trust: 1.0

sources: ZDI: ZDI-14-059 // BID: 65476

SOURCES

db:	IVD	id:	285fdc02-2352-11e6-abef-000c29c66e3d
db:	ZDI	id:	ZDI-14-059
db:	CNVD	id:	CNVD-2014-01024
db:	VULHUB	id:	VHN-68272
db:	BID	id:	65476
db:	CNNVD	id:	CNNVD-201403-250
db:	JVNDB	id:	JVNDB-2014-001653
db:	NVD	id:	CVE-2014-0779

LAST UPDATE DATE

2025-09-25T23:18:43.147000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-14-059	date:	2014-04-03T00:00:00
db:	CNVD	id:	CNVD-2014-01024	date:	2014-02-18T00:00:00
db:	VULHUB	id:	VHN-68272	date:	2018-12-31T00:00:00
db:	BID	id:	65476	date:	2015-03-19T09:33:00
db:	CNNVD	id:	CNNVD-201403-250	date:	2014-03-18T00:00:00
db:	JVNDB	id:	JVNDB-2014-001653	date:	2014-03-17T00:00:00
db:	NVD	id:	CVE-2014-0779	date:	2025-09-24T22:15:35.147

SOURCES RELEASE DATE

db:	IVD	id:	285fdc02-2352-11e6-abef-000c29c66e3d	date:	2014-02-18T00:00:00
db:	ZDI	id:	ZDI-14-059	date:	2014-04-03T00:00:00
db:	CNVD	id:	CNVD-2014-01024	date:	2014-02-18T00:00:00
db:	VULHUB	id:	VHN-68272	date:	2014-03-14T00:00:00
db:	BID	id:	65476	date:	2014-01-24T00:00:00
db:	CNNVD	id:	CNNVD-201403-250	date:	2014-03-18T00:00:00
db:	JVNDB	id:	JVNDB-2014-001653	date:	2014-03-17T00:00:00
db:	NVD	id:	CVE-2014-0779	date:	2014-03-14T10:55:05.803