CVE-2014-0789

Schneider-electric Opc Factory Server Tlxcdlfofs - Memory Corruption

Title source: rule

Description

Multiple buffer overflows in the OPC Automation 2.0 Server Object ActiveX control in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 3.5 and earlier, TLXCDSTOFS33 3.5 and earlier, TLXCDLUOFS33 3.5 and earlier, TLXCDLTOFS33 3.5 and earlier, and TLXCDLFOFS33 3.5 and earlier allow remote attackers to cause a denial of service via long arguments to unspecified functions.

References (4)

[Vendor Advisory] http://www.schneider-electric.com/corporate/en/support/cybersecurity/viewer-news.page?c_filepath=/templatedata/Content/News/data/en/local/cybersecurity/general_information/2014/03/20140325_vulnerability_disclosure_opc_factory_server.xml

[Various Sources] http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cybersecurity.page

[US Government Resource] http://ics-cert.us-cert.gov/advisories/ICSA-14-093-01

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-14-093-01

Scores

EPSS 0.0105

EPSS Percentile 77.3%

Classification

CWE

CWE-119 CWE-122

Status draft

Affected Products (5)

schneider-electric/opc_factory_server_tlxcdlfofs < 3.35

schneider-electric/opc_factory_server_tlxcdltofs < 3.35

schneider-electric/opc_factory_server_tlxcdluofs < 3.35

schneider-electric/opc_factory_server_tlxcdstofs < 3.35

schneider-electric/opc_factory_server_tlxcdsuofs < 3.35

Timeline

Published Apr 04, 2014

Tracked Since Feb 18, 2026