Sign-up

ID

VAR-201503-0333


CVE

CVE-2014-9206


TITLE

Schneider Electric DTM Buffer Overflow Vulnerability

Trust: 0.8

sources: IVD: 9caa5b56-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-01337

DESCRIPTION

Stack-based buffer overflow in Device Type Manager (DTM) 3.1.6 and earlier for Schneider Electric Invensys SRD Control Valve Positioner devices 960 and 991 allows local users to gain privileges via a malformed DLL file. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. The Schneider Electric DTM has a buffer overflow vulnerability that could allow an attacker to execute arbitrary code or initiate a denial of service attack in the context of an application. Schneider Electric DTM is prone to a remote stack-based buffer-overflow vulnerability. Failed exploit attempts will result in a denial-of-service condition. Schneider Electric DTM 3.1.6 and prior are vulnerable. A local attacker can exploit this vulnerability to gain permissions through a malformed DLL file

Trust: 2.7

sources: NVD: CVE-2014-9206 // JVNDB: JVNDB-2014-007981 // CNVD: CNVD-2015-01337 // BID: 72764 // IVD: 9caa5b56-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-77151

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 9caa5b56-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-01337

AFFECTED PRODUCTS

vendor:schneider electricmodel:device type managerscope:lteversion:3.1.6

Trust: 1.8

vendor:schneidermodel:electric dtmscope:lteversion:<=3.1.6

Trust: 0.6

vendor:schneider electricmodel:device type managerscope:eqversion:3.1.6

Trust: 0.6

vendor:device type managermodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 9caa5b56-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-01337 // JVNDB: JVNDB-2014-007981 // CNNVD: CNNVD-201503-033 // NVD: CVE-2014-9206

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-9206
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-9206
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-01337
value: LOW

Trust: 0.6

CNNVD: CNNVD-201503-033
value: MEDIUM

Trust: 0.6

IVD: 9caa5b56-2351-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-77151
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-9206
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-01337
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 9caa5b56-2351-11e6-abef-000c29c66e3d
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-77151
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 9caa5b56-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-01337 // VULHUB: VHN-77151 // JVNDB: JVNDB-2014-007981 // CNNVD: CNNVD-201503-033 // NVD: CVE-2014-9206

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-77151 // JVNDB: JVNDB-2014-007981 // NVD: CVE-2014-9206

THREAT TYPE

local

Trust: 0.9

sources: BID: 72764 // CNNVD: CNNVD-201503-033

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: 9caa5b56-2351-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201503-033

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-007981

PATCH
title:Invensys Positioner DTM Security Vulnerabilityurl:http://download.schneider-electric.com/files?p_File_Id=745435959&p_File_Name=SEVD-2015-050-01.pdf
Trust: 0.8
title:Patch for Schneider Electric DTM Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/55653
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-01337 // 
            
            
            
            JVNDB: JVNDB-2014-007981

EXTERNAL IDS
db:NVDid:CVE-2014-9206
Trust: 3.6
db:ICS CERTid:ICSA-15-055-03
Trust: 2.5
db:SCHNEIDERid:SEVD-2015-050-01
Trust: 1.7
db:BIDid:72764
Trust: 1.6
db:CNNVDid:CNNVD-201503-033
Trust: 0.9
db:CNVDid:CNVD-2015-01337
Trust: 0.8
db:JVNDBid:JVNDB-2014-007981
Trust: 0.8
db:IVDid:9CAA5B56-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-77151
Trust: 0.1
sources:
            
            
            IVD: 9caa5b56-2351-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2015-01337 // 
            
            
            
            VULHUB: VHN-77151 // 
            
            
            
            BID: 72764 // 
            
            
            
            JVNDB: JVNDB-2014-007981 // 
            
            
            
            CNNVD: CNNVD-201503-033 // 
            
            
            
            NVD: CVE-2014-9206

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-15-055-03
Trust: 2.5
url:http://www.securityfocus.com/bid/72764
Trust: 1.2
url:http://download.schneider-electric.com/files?p_file_id=745435959&p_file_name=sevd-2015-050-01.pdf
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9206
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9206
Trust: 0.8
url:http://download.schneider-electric.com/files?p_file_id=740491624&p_file_name=sevd-2015-050-01.pdf
Trust: 0.6
url:http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true
Trust: 0.3
url:http://download.schneider-electric.com/files?p_file_id=745435959&amp;p_file_name=sevd-2015-050-01.pdf
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-01337 // 
            
            
            
            VULHUB: VHN-77151 // 
            
            
            
            BID: 72764 // 
            
            
            
            JVNDB: JVNDB-2014-007981 // 
            
            
            
            CNNVD: CNNVD-201503-033 // 
            
            
            
            NVD: CVE-2014-9206

CREDITS
Ivan Sanchez
Trust: 0.9
sources:
            
            
            BID: 72764 // 
            
            
            
            CNNVD: CNNVD-201503-033

SOURCES
db:IVDid:9caa5b56-2351-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2015-01337
db:VULHUBid:VHN-77151
db:BIDid:72764
db:JVNDBid:JVNDB-2014-007981
db:CNNVDid:CNNVD-201503-033
db:NVDid:CVE-2014-9206

LAST UPDATE DATE
2025-04-13T23:34:05.218000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-01337date:2015-02-28T00:00:00
db:VULHUBid:VHN-77151date:2016-08-26T00:00:00
db:BIDid:72764date:2015-02-24T00:00:00
db:JVNDBid:JVNDB-2014-007981date:2015-03-17T00:00:00
db:CNNVDid:CNNVD-201503-033date:2015-03-16T00:00:00
db:NVDid:CVE-2014-9206date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:IVDid:9caa5b56-2351-11e6-abef-000c29c66e3ddate:2015-02-28T00:00:00
db:CNVDid:CNVD-2015-01337date:2015-02-28T00:00:00
db:VULHUBid:VHN-77151date:2015-03-14T00:00:00
db:BIDid:72764date:2015-02-24T00:00:00
db:JVNDBid:JVNDB-2014-007981date:2015-03-17T00:00:00
db:CNNVDid:CNNVD-201503-033date:2015-02-24T00:00:00
db:NVDid:CVE-2014-9206date:2015-03-14T01:59:06.610