Sign-up

ID

VAR-201404-0553


CVE

CVE-2014-0789


TITLE

plural Schneider Electric OPC Factory Server Product buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-001905

DESCRIPTION

Multiple buffer overflows in the OPC Automation 2.0 Server Object ActiveX control in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 3.5 and earlier, TLXCDSTOFS33 3.5 and earlier, TLXCDLUOFS33 3.5 and earlier, TLXCDLTOFS33 3.5 and earlier, and TLXCDLFOFS33 3.5 and earlier allow remote attackers to cause a denial of service via long arguments to unspecified functions. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Zone overflow vulnerability. Allowing a remote attacker to cause a denial of service through the \342\200\230long\342\200\231 parameter. Multiple Schneider Electric Products are prone to a remote buffer-overflow vulnerability because it fails to properly validate user-supplied input. Attackers can exploit this issue to cause a denial-of-service condition. The following products are vulnerable: TLXCDSUOFS33 3.5 and prior TLXCDSTOFS33 3.5 and prior TLXCDLUOFS33 3.5 and prior TLXCDLTOFS33 3.5 and prior TLXCDLFOFS33 3.5 and prior. The application features easy integration, custom interface and more

Trust: 2.7

sources: NVD: CVE-2014-0789 // JVNDB: JVNDB-2014-001905 // CNVD: CNVD-2014-02181 // BID: 66643 // IVD: 1ab16a62-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-68282

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 1ab16a62-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02181

AFFECTED PRODUCTS

vendor:schneider electricmodel:opc factory server tlxcdstofsscope:lteversion:3.35

Trust: 1.0

vendor:schneider electricmodel:opc factory server tlxcdluofsscope:lteversion:3.35

Trust: 1.0

vendor:schneider electricmodel:opc factory server tlxcdlfofsscope:lteversion:3.35

Trust: 1.0

vendor:schneider electricmodel:opc factory server tlxcdltofsscope:lteversion:3.35

Trust: 1.0

vendor:schneider electricmodel:opc factory server tlxcdsuofsscope:lteversion:3.35

Trust: 1.0

vendor:schneider electricmodel:tlxcdlfofsscope:lteversion:33 - v3.5

Trust: 0.8

vendor:schneider electricmodel:tlxcdltofsscope:lteversion:33 - v3.5

Trust: 0.8

vendor:schneider electricmodel:tlxcdluofsscope:lteversion:33 - v3.5

Trust: 0.8

vendor:schneider electricmodel:tlxcdstofsscope:lteversion:33 - v3.5

Trust: 0.8

vendor:schneider electricmodel:tlxcdsuofsscope:lteversion:33 - v3.5

Trust: 0.8

vendor:schneidermodel:electric tlxcdsuofs33scope:eqversion:3.5

Trust: 0.6

vendor:schneidermodel:electric tlxcdstofs33scope:eqversion:3.5

Trust: 0.6

vendor:schneidermodel:electric tlxcdluofs33scope:eqversion:3.5

Trust: 0.6

vendor:schneidermodel:electric tlxcdlfofs33scope:eqversion:3.5

Trust: 0.6

vendor:schneider electricmodel:opc factory server tlxcdluofsscope:eqversion:3.35

Trust: 0.6

vendor:schneider electricmodel:opc factory server tlxcdstofsscope:eqversion:3.35

Trust: 0.6

vendor:schneider electricmodel:opc factory server tlxcdlfofsscope:eqversion:3.35

Trust: 0.6

vendor:schneider electricmodel:opc factory server tlxcdsuofsscope:eqversion:3.35

Trust: 0.6

vendor:schneider electricmodel:opc factory server tlxcdltofsscope:eqversion:3.35

Trust: 0.6

vendor:schneider electricmodel:opc factory server tlxcdsuofs33scope:eqversion:3.5

Trust: 0.3

vendor:schneider electricmodel:opc factory server tlxcdstofs33scope:eqversion:3.5

Trust: 0.3

vendor:schneider electricmodel:opc factory server tlxcdluofs33scope:eqversion:3.5

Trust: 0.3

vendor:schneider electricmodel:opc factory server tlxcdltofs33scope:eqversion:3.5

Trust: 0.3

vendor:schneider electricmodel:opc factory server tlxcdlfofs33scope:eqversion:3.5

Trust: 0.3

vendor:schneider electricmodel:opc factory server sp1scope:neversion:3.5

Trust: 0.3

vendor:opc factory server tlxcdlfofsmodel: - scope:eqversion:*

Trust: 0.2

vendor:opc factory server tlxcdltofsmodel: - scope:eqversion:*

Trust: 0.2

vendor:opc factory server tlxcdluofsmodel: - scope:eqversion:*

Trust: 0.2

vendor:opc factory server tlxcdstofsmodel: - scope:eqversion:*

Trust: 0.2

vendor:opc factory server tlxcdsuofsmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 1ab16a62-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02181 // BID: 66643 // CNNVD: CNNVD-201404-058 // JVNDB: JVNDB-2014-001905 // NVD: CVE-2014-0789

CVSS

SEVERITY

CVSSV2

CVSSV3

ics-cert@hq.dhs.gov: CVE-2014-0789
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2014-0789
value: HIGH

Trust: 1.0

NVD: CVE-2014-0789
value: HIGH

Trust: 0.8

CNVD: CNVD-2014-02181
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201404-058
value: HIGH

Trust: 0.6

IVD: 1ab16a62-2352-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

VULHUB: VHN-68282
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-0789
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ics-cert@hq.dhs.gov: CVE-2014-0789
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2014-02181
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 1ab16a62-2352-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-68282
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 1ab16a62-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02181 // VULHUB: VHN-68282 // CNNVD: CNNVD-201404-058 // JVNDB: JVNDB-2014-001905 // NVD: CVE-2014-0789 // NVD: CVE-2014-0789

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

problemtype:CWE-122

Trust: 1.0

sources: VULHUB: VHN-68282 // JVNDB: JVNDB-2014-001905 // NVD: CVE-2014-0789

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-058

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: 1ab16a62-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201404-058

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001905

PATCH
title:Vulnerability Disclosure - OPC Factory Server Buffer Overflow (SEVD 2014-084-01)url:http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-084-01
Trust: 0.8
title:Cybersecurity Newsurl:http://www.schneider-electric.com/corporate/en/support/cybersecurity/viewer-news.page?c_filepath=/templatedata/Content/News/data/en/local/cybersecurity/general_information/2014/03/20140325_vulnerability_disclosure_opc_factory_server.xml
Trust: 0.8
title:Patch for multiple Schneider Electric product heap buffer overflow vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/44691
Trust: 0.6
title:OFS_CD2906_V350_SP1url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49093
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-02181 // 
            
            
            
            CNNVD: CNNVD-201404-058 // 
            
            
            
            JVNDB: JVNDB-2014-001905

EXTERNAL IDS
db:NVDid:CVE-2014-0789
Trust: 3.6
db:ICS CERTid:ICSA-14-093-01
Trust: 2.8
db:BIDid:66643
Trust: 1.0
db:CNNVDid:CNNVD-201404-058
Trust: 0.9
db:CNVDid:CNVD-2014-02181
Trust: 0.8
db:JVNDBid:JVNDB-2014-001905
Trust: 0.8
db:IVDid:1AB16A62-2352-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-68282
Trust: 0.1
sources:
            
            
            IVD: 1ab16a62-2352-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2014-02181 // 
            
            
            
            VULHUB: VHN-68282 // 
            
            
            
            BID: 66643 // 
            
            
            
            CNNVD: CNNVD-201404-058 // 
            
            
            
            JVNDB: JVNDB-2014-001905 // 
            
            
            
            NVD: CVE-2014-0789

REFERENCES
url:http://ics-cert.us-cert.gov/advisories/icsa-14-093-01
Trust: 2.8
url:http://www.schneider-electric.com/corporate/en/support/cybersecurity/viewer-news.page?c_filepath=/templatedata/content/news/data/en/local/cybersecurity/general_information/2014/03/20140325_vulnerability_disclosure_opc_factory_server.xml
Trust: 1.7
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0789
Trust: 1.4
url:https://www.cisa.gov/news-events/ics-advisories/icsa-14-093-01
Trust: 1.0
url:http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cybersecurity.page
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0789
Trust: 0.8
url:http://www.securityfocus.com/bid/66643
Trust: 0.6
url:http://chemical-facility-security-news.blogspot.com/2014/04/yet-another-schneider-advisory-from-ics.html
Trust: 0.3
url:http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true
Trust: 0.3
url:http://www2.schneider-electric.com/corporate/en/support/cybersecurity/viewer-news.page?c_filepath=/templatedata/content/news/data/en/local/cybersecurity/general_information/2014/03/20140325_vulnerabil
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-02181 // 
            
            
            
            VULHUB: VHN-68282 // 
            
            
            
            BID: 66643 // 
            
            
            
            CNNVD: CNNVD-201404-058 // 
            
            
            
            JVNDB: JVNDB-2014-001905 // 
            
            
            
            NVD: CVE-2014-0789

CREDITS
Wei Gao
Trust: 0.3
sources:
            
            
            BID: 66643

SOURCES
db:IVDid:1ab16a62-2352-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2014-02181
db:VULHUBid:VHN-68282
db:BIDid:66643
db:CNNVDid:CNNVD-201404-058
db:JVNDBid:JVNDB-2014-001905
db:NVDid:CVE-2014-0789

LAST UPDATE DATE
2025-09-26T23:41:12.986000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-02181date:2014-04-10T00:00:00
db:VULHUBid:VHN-68282date:2014-04-04T00:00:00
db:BIDid:66643date:2014-03-25T00:00:00
db:CNNVDid:CNNVD-201404-058date:2014-04-09T00:00:00
db:JVNDBid:JVNDB-2014-001905date:2014-04-07T00:00:00
db:NVDid:CVE-2014-0789date:2025-09-25T18:15:36.177

SOURCES RELEASE DATE
db:IVDid:1ab16a62-2352-11e6-abef-000c29c66e3ddate:2014-04-10T00:00:00
db:CNVDid:CNVD-2014-02181date:2014-04-09T00:00:00
db:VULHUBid:VHN-68282date:2014-04-04T00:00:00
db:BIDid:66643date:2014-03-25T00:00:00
db:CNNVDid:CNNVD-201404-058date:2014-04-09T00:00:00
db:JVNDBid:JVNDB-2014-001905date:2014-04-07T00:00:00
db:NVDid:CVE-2014-0789date:2014-04-04T15:09:45.917