Sign-up

ID

VAR-202001-1285


CVE

CVE-2014-1598


TITLE

CenturyStar ActiveX (CamW2000.dll) SetMyAddress Function parameter handling buffer overflow vulnerability

Trust: 0.8

sources: IVD: deb78352-1eec-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-00918

DESCRIPTION

centurystar 7.12 ActiveX Control has a Stack Buffer Overflow. centurystar Contains an out-of-bounds write vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. CenturyStar is a popular SCADA industrial control software. The SetMyAddress function in the CenturyStar CamW2000.dll ActiveX control has an overflow vulnerability in parsing parameters, allowing remote attackers to exploit exploits to build malicious web pages, tricking users into parsing, crashing an application, or executing arbitrary code

Trust: 2.34

sources: NVD: CVE-2014-1598 // JVNDB: JVNDB-2014-008776 // CNVD: CNVD-2014-00918 // IVD: deb78352-1eec-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: deb78352-1eec-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-00918

AFFECTED PRODUCTS

vendor:centurystarmodel:centurystarscope:eqversion:7.12

Trust: 1.8

vendor:jichang qiu shi science andmodel:centurystarscope:eqversion:7.12

Trust: 0.6

vendor:centurystarmodel: - scope:eqversion:7.12

Trust: 0.2

sources: IVD: deb78352-1eec-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-00918 // JVNDB: JVNDB-2014-008776 // NVD: CVE-2014-1598

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-1598
value: CRITICAL

Trust: 1.0

NVD: CVE-2014-1598
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2014-00918
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202001-246
value: CRITICAL

Trust: 0.6

IVD: deb78352-1eec-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2014-1598
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-00918
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: deb78352-1eec-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2014-1598
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2014-1598
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: deb78352-1eec-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-00918 // JVNDB: JVNDB-2014-008776 // CNNVD: CNNVD-202001-246 // NVD: CVE-2014-1598

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.8

sources: JVNDB: JVNDB-2014-008776 // NVD: CVE-2014-1598

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-246

TYPE

Buffer error

Trust: 0.8

sources: IVD: deb78352-1eec-11e6-abef-000c29c66e3d // CNNVD: CNNVD-202001-246

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-008776

PATCH
title:CenturyStar ActiveX (CamW2000.dll) SetMyAddress function parameter handles patch overflow vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/43562
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-00918

EXTERNAL IDS
db:NVDid:CVE-2014-1598
Trust: 3.2
db:CNVDid:CNVD-2014-00918
Trust: 0.8
db:CNNVDid:CNNVD-202001-246
Trust: 0.8
db:JVNDBid:JVNDB-2014-008776
Trust: 0.8
db:OSVDBid:102995
Trust: 0.6
db:IVDid:DEB78352-1EEC-11E6-ABEF-000C29C66E3D
Trust: 0.2
sources:
            
            
            IVD: deb78352-1eec-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2014-00918 // 
            
            
            
            JVNDB: JVNDB-2014-008776 // 
            
            
            
            CNNVD: CNNVD-202001-246 // 
            
            
            
            NVD: CVE-2014-1598

REFERENCES
url:https://support.ixiacom.com/strikes/exploits/scada/cve_2014_1598_centurystar_activex_control_setmyaddress_bo.xml
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2014-1598
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1598
Trust: 0.8
url:http://osvdb.org/ref/102/centrystar_7.12_setmyaddress_activex_stack_buffer_overflow_vulnerability.pdf
Trust: 0.6
url:http://osvdb.com/show/osvdb/102995
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-00918 // 
            
            
            
            JVNDB: JVNDB-2014-008776 // 
            
            
            
            CNNVD: CNNVD-202001-246 // 
            
            
            
            NVD: CVE-2014-1598

SOURCES
db:IVDid:deb78352-1eec-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2014-00918
db:JVNDBid:JVNDB-2014-008776
db:CNNVDid:CNNVD-202001-246
db:NVDid:CVE-2014-1598

LAST UPDATE DATE
2024-11-23T22:55:18.670000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-00918date:2014-03-19T00:00:00
db:JVNDBid:JVNDB-2014-008776date:2020-01-23T00:00:00
db:CNNVDid:CNNVD-202001-246date:2020-05-15T00:00:00
db:NVDid:CVE-2014-1598date:2024-11-21T02:04:41.617

SOURCES RELEASE DATE
db:IVDid:deb78352-1eec-11e6-abef-000c29c66e3ddate:2020-01-08T00:00:00
db:CNVDid:CNVD-2014-00918date:2014-02-14T00:00:00
db:JVNDBid:JVNDB-2014-008776date:2020-01-23T00:00:00
db:CNNVDid:CNNVD-202001-246date:2020-01-08T00:00:00
db:NVDid:CVE-2014-1598date:2020-01-08T14:15:12.723