CVE-2014-0774
Schneider Electric OPC Factory Server 3.35 - Local Privilege Escalation via Malformed Config
Title source: llmDescription
Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file.
References (5)
Core 5
Core References
Various Sources x_refsource_confirm
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01
Third Party Advisory, US Government Resource
http://ics-cert.us-cert.gov/advisories/ICSA-14-058-02
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-14-058-02
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/65871
Scores
EPSS
0.0027
EPSS Percentile
50.9%
Details
CWE
CWE-119
CWE-121
Status
published
Products (11)
Schneider Electric/TLXCDLFOFS33
V3.35
Schneider Electric/TLXCDLTOFS33
V3.35
Schneider Electric/TLXCDLUOFS33
V3.35
Schneider Electric/TLXCDSTOFS33
V3.35
Schneider Electric/TLXCDSUOFS33
V3.35
schneider-electric/ofs_test_client_tlxcdlfofs33
3.35
schneider-electric/ofs_test_client_tlxcdltofs33
3.35
schneider-electric/ofs_test_client_tlxcdluofs33
3.35
schneider-electric/ofs_test_client_tlxcdstofs33
3.35
schneider-electric/ofs_test_client_tlxcdsuofs33
3.35
... and 1 more
Published
Feb 28, 2014
Tracked Since
Feb 18, 2026