Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.
Fixes

Solution

Deployment of the Schneider Electric products using the vulnerable floating license manager are designed to be automatically updated via the Schneider Electric Software Update system. Schneider Electric’s latest download patches and known vulnerabilities are available here: http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cybersecurity.page


Workaround

No workaround given by the vendor.

History

Fri, 19 Sep 2025 19:00:00 +0000

Type Values Removed Values Added
Title Schneider Electric Floating License Manager Unquoted Search Path or Element
Weaknesses CWE-428
References

cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2025-09-19T18:52:00.207Z

Reserved: 2014-01-02T00:00:00

Link: CVE-2014-0759

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2014-02-28T06:18:54.260

Modified: 2025-09-19T19:15:36.973

Link: CVE-2014-0759

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.