{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Floating License Manager", "vendor": "Schneider Electric", "versions": [{"lessThanOrEqual": "V1.4.0", "status": "affected", "version": "V1.0.0", "versionType": "custom"}]}], "datePublic": "2014-02-27T07:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.</p>"}], "value": "Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character."}], "metrics": [{"cvssV2_0": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-428", "description": "CWE-428", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-09-19T18:52:00.207Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-058-01"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-015-01"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Deployment of the Schneider Electric products using the vulnerable \nfloating license manager are designed to be automatically updated via \nthe Schneider Electric Software Update system.</p>\n<p>Schneider Electric\u2019s latest download patches and known vulnerabilities are available here:</p>\n<p><a target=\"_blank\" rel=\"nofollow\" href=\"http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cybersecurity.page\">http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cybersecurity.page</a></p>\n\n<br>"}], "value": "Deployment of the Schneider Electric products using the vulnerable \nfloating license manager are designed to be automatically updated via \nthe Schneider Electric Software Update system.\n\n\nSchneider Electric\u2019s latest download patches and known vulnerabilities are available here:\n\n\n http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cybersecurity.page"}], "source": {"advisory": "ICSA-14-058-01", "discovery": "INTERNAL"}, "title": "Schneider Electric Floating License Manager Unquoted Search Path or Element", "x_generator": {"engine": "Vulnogram 0.2.0"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2014-0759", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-058-01", "refsource": "MISC", "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-058-01"}, {"name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-015-01", "refsource": "CONFIRM", "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-015-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:27:19.486Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-058-01"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-015-01"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2014-0759", "datePublished": "2014-02-28T02:00:00", "dateReserved": "2014-01-02T00:00:00", "dateUpdated": "2025-09-19T18:52:00.207Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:schneider-electric:floating_license_manager:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "7976E9AC-B3A5-439D-8E0C-90F540A93CF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:schneider-electric:floating_license_manager:1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "D2F7F55C-E444-4331-9ECC-F8D92D458AD2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character."}, {"lang": "es", "value": "Vulnerabilidad de b\u00fasqueda de ruta en Windows sin entrecomillar en Schneider Electric Floating License Manager 1.0.0 hasta 1.4.0 permite a usuarios locales ganar privilegios a trav\u00e9s de una aplicaci\u00f3n de caballo de troya con un nombre compuesto de una subcadena inicial de una ruta que contiene un caracter de espacio."}], "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/428.html\n\n\"CWE-428: Unquoted Search Path or Element\"", "evaluatorSolution": "Per: http://ics-cert.us-cert.gov/advisories/ICSA-14-058-01\n\n\"This license manager is used in the following Schneider Electric products:\n\n Power Monitoring Expert,\n Struxureware process Expert (PES),\n Struxureware process Expert libraries,\n Vijeo Citect (SCADA), and\n Vijeo Citect Historian.\"", "id": "CVE-2014-0759", "lastModified": "2025-09-19T19:15:36.973", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "ics-cert@hq.dhs.gov", "type": "Secondary", "userInteractionRequired": false}, {"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-02-28T06:18:54.260", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Vendor Advisory"], "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-015-01"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-058-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-015-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-058-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-428"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{}

{}