CVE-2014-0779 - OpenCVE

The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file).

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Aveva	Clearscada

Configuration 1 [-]

OR	cpe:2.3:a:aveva:clearscada:2010:r2::::::
	cpe:2.3:a:aveva:clearscada:2010:r2.1::::::
	cpe:2.3:a:aveva:clearscada:2010:r3::::::
	cpe:2.3:a:aveva:clearscada:2010:r3.1::::::
	cpe:2.3:a:aveva:clearscada:2013:r1::::::
	cpe:2.3:a:aveva:clearscada:2013:r1.1::::::
	cpe:2.3:a:aveva:clearscada:2013:r1.1a::::::
	cpe:2.3:a:aveva:clearscada:2013:r1.2::::::
	cpe:2.3:a:aveva:clearscada:2013:r2::::::

No data.

References

Link	Providers
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01
http://ics-cert.us-cert.gov/advisories/ICSA-14-072-01

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2014-03-14T10:00:00

Updated: 2024-08-06T09:27:19.515Z

Reserved: 2014-01-02T00:00:00

Link: CVE-2014-0779

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2014-03-14T10:55:05.803

Modified: 2018-12-31T14:23:16.887

Link: CVE-2014-0779

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-03-13T00:00:00", "descriptions": [{"lang": "en", "value": "The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-03-14T05:57:00", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01"}, {"tags": ["x_refsource_MISC"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-072-01"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2014-0779", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01", "refsource": "CONFIRM", "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01"}, {"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-072-01", "refsource": "MISC", "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-072-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:27:19.515Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-072-01"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2014-0779", "datePublished": "2014-03-14T10:00:00", "dateReserved": "2014-01-02T00:00:00", "dateUpdated": "2024-08-06T09:27:19.515Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:aveva:clearscada:2010:r2:*:*:*:*:*:*", "matchCriteriaId": "0A01B1BA-9515-40F7-A3CF-83D387868470", "vulnerable": true}, {"criteria": "cpe:2.3:a:aveva:clearscada:2010:r2.1:*:*:*:*:*:*", "matchCriteriaId": "EAC05F7C-4F5B-4045-ACFD-1239AEAED3C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:aveva:clearscada:2010:r3:*:*:*:*:*:*", "matchCriteriaId": "AAD213FA-E444-4DDB-B593-CC79C45D92F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:aveva:clearscada:2010:r3.1:*:*:*:*:*:*", "matchCriteriaId": "E4FBC203-019A-4DE0-97ED-F0A4872B4E55", "vulnerable": true}, {"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1:*:*:*:*:*:*", "matchCriteriaId": "0733DE5C-D168-4A2B-996F-E2BE671FB4C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1.1:*:*:*:*:*:*", "matchCriteriaId": "9A22FFBF-1EAF-478B-A8F4-5EDBDCAE8F41", "vulnerable": true}, {"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1.1a:*:*:*:*:*:*", "matchCriteriaId": "64BF21B8-F98E-46C5-A1AC-FE7DBD45D80F", "vulnerable": true}, {"criteria": "cpe:2.3:a:aveva:clearscada:2013:r1.2:*:*:*:*:*:*", "matchCriteriaId": "A2115F6A-1689-4121-99FA-5821C78BA394", "vulnerable": true}, {"criteria": "cpe:2.3:a:aveva:clearscada:2013:r2:*:*:*:*:*:*", "matchCriteriaId": "D2F240E9-4C6F-4257-9F20-456B736569CD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file)."}, {"lang": "es", "value": "El controlador PLC en ServerMain.exe en el componente Kepware KepServerEX 4 en Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955 y 2013 R2 build 74.5094 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un archivo OPF manipulado (tambi\u00e9n conocido como archivo de proyecto)."}], "id": "CVE-2014-0779", "lastModified": "2018-12-31T14:23:16.887", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-03-14T10:55:05.803", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Vendor Advisory"], "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["US Government Resource"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-072-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}