{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "TLXCDSUOFS33", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "V3.35"}]}, {"defaultStatus": "unaffected", "product": "TLXCDSTOFS33", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "V3.35"}]}, {"defaultStatus": "unaffected", "product": "TLXCDLUOFS33", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "V3.35"}]}, {"defaultStatus": "unaffected", "product": "TLXCDLTOFS33", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "V3.35"}]}, {"defaultStatus": "unaffected", "product": "TLXCDLFOFS33", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "V3.35"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Schneider Electric"}], "datePublic": "2014-02-27T07:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file.</p>"}], "value": "Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file."}], "metrics": [{"cvssV2_0": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "CWE-121", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-09-24T21:10:10.144Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-058-02"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01"}, {"name": "65871", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/65871"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Schneider Electric has a product upgrade as well as a workaround \nsolution \nthat mitigates this \nvulnerability.&nbsp;</p><p>Schneider Electric Security Notification SEVD \n2014-031-01,\u201dVulnerability Disclosure \u2013 OPC Factory Server V3.35,\u201d \n<a target=\"_blank\" rel=\"nofollow\" href=\"http://www.downloads.schneider-electric.com/?p_Conf=&amp;p_localesFilter=&amp;p_docTypeFilter=1555899,&amp;p_docTypeGroupFilter=3541958\">http://www.downloads.schneider-electric.com/?p_Conf=&amp;p_localesFilter=&amp;p_docTypeFilter=155589...</a>&nbsp; &nbsp;</p>\n<div>\n<p>The security announcements affecting the OPC Factory Server are available here:</p>\n<p><a target=\"_blank\" rel=\"nofollow\" href=\"http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cybersecurity.page\">http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cybersecurity.page</a></p></div>Schneider\n Electric recommends customers to upgrade to OFS v3.4 or later (Version \nv3.5 is currently available). Customers that cannot upgrade are directed\n to remove the demonstration client from affected computers, provided it\n is not required for operations.\n\n<br>"}], "value": "Schneider Electric has a product upgrade as well as a workaround \nsolution \nthat mitigates this \nvulnerability.\u00a0\n\nSchneider Electric Security Notification SEVD \n2014-031-01,\u201dVulnerability Disclosure \u2013 OPC Factory Server V3.35,\u201d \n http://www.downloads.schneider-electric.com/?p_Conf=&p_localesFilter=&p_docTypeFilter=155589... http://www.downloads.schneider-electric.com/ \u00a0 \u00a0\n\n\n\nThe security announcements affecting the OPC Factory Server are available here:\n\n\n http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cybersecurity.page \n\n\n\nSchneider\n Electric recommends customers to upgrade to OFS v3.4 or later (Version \nv3.5 is currently available). Customers that cannot upgrade are directed\n to remove the demonstration client from affected computers, provided it\n is not required for operations."}], "source": {"advisory": "ICSA-14-058-02", "discovery": "INTERNAL"}, "title": "Schneider Electric OFS Stack Buffer Overflow", "x_generator": {"engine": "Vulnogram 0.2.0"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2014-0774", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-058-02", "refsource": "MISC", "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-058-02"}, {"name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01", "refsource": "CONFIRM", "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01"}, {"name": "65871", "refsource": "BID", "url": "http://www.securityfocus.com/bid/65871"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:27:19.467Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-058-02"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01"}, {"name": "65871", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/65871"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2014-0774", "datePublished": "2014-02-28T02:00:00", "dateReserved": "2014-01-02T00:00:00", "dateUpdated": "2025-09-24T21:10:10.144Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:schneider-electric:ofs_test_client_tlxcdlfofs33:3.35:*:*:*:*:*:*:*", "matchCriteriaId": "36AB0685-A0FE-4465-8C9E-7C633AAE0584", "vulnerable": true}, {"criteria": "cpe:2.3:a:schneider-electric:ofs_test_client_tlxcdltofs33:3.35:*:*:*:*:*:*:*", "matchCriteriaId": "16B1D3C2-7A1B-403F-A2BE-01BAC2C01E74", "vulnerable": true}, {"criteria": "cpe:2.3:a:schneider-electric:ofs_test_client_tlxcdluofs33:3.35:*:*:*:*:*:*:*", "matchCriteriaId": "6B58EF88-D1BC-4858-A3DA-505D72EE46E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:schneider-electric:ofs_test_client_tlxcdstofs33:3.35:*:*:*:*:*:*:*", "matchCriteriaId": "06B8043C-3542-4B8F-82BE-E1E8A8E067F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:schneider-electric:ofs_test_client_tlxcdsuofs33:3.35:*:*:*:*:*:*:*", "matchCriteriaId": "1EF80DC0-7948-4E95-B090-14CC482B9DE5", "vulnerable": true}, {"criteria": "cpe:2.3:a:schneider-electric:opc_factory_server:3.35:*:*:*:*:*:*:*", "matchCriteriaId": "F8874360-6B9A-40C3-A95F-8FD18F73244D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file."}, {"lang": "es", "value": "Desbordamiento de buffer basado en pila en el cliente C++ de ejemplo en Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35 y TLXCDLFOFS33 - 3.35 permite a usuarios locales ganar privilegios a trav\u00e9s de vectores involucrando un archivo de configuraci\u00f3n malformado."}], "id": "CVE-2014-0774", "lastModified": "2025-09-24T22:15:34.533", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "ics-cert@hq.dhs.gov", "type": "Secondary", "userInteractionRequired": true}, {"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-02-28T06:18:54.277", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "http://www.securityfocus.com/bid/65871"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-058-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-058-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/65871"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{}

{}