{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"TLXCDSUOFS33","vendor":"Schneider Electric","versions":[{"status":"affected","version":"V3.35"}]},{"defaultStatus":"unaffected","product":"TLXCDSTOFS33","vendor":"Schneider Electric","versions":[{"status":"affected","version":"V3.35"}]},{"defaultStatus":"unaffected","product":"TLXCDLUOFS33","vendor":"Schneider Electric","versions":[{"status":"affected","version":"V3.35"}]},{"defaultStatus":"unaffected","product":"TLXCDLTOFS33","vendor":"Schneider Electric","versions":[{"status":"affected","version":"V3.35"}]},{"defaultStatus":"unaffected","product":"TLXCDLFOFS33","vendor":"Schneider Electric","versions":[{"status":"affected","version":"V3.35"}]}],"credits":[{"lang":"en","type":"finder","value":"Schneider Electric"}],"datePublic":"2014-02-27T07:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file.</p>"}],"value":"Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file."}],"metrics":[{"cvssV2_0":{"accessComplexity":"LOW","accessVector":"LOCAL","authentication":"SINGLE","availabilityImpact":"COMPLETE","baseScore":6.8,"confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","vectorString":"AV:L/AC:L/Au:S/C:C/I:C/A:C","version":"2.0"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-121","description":"CWE-121","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","shortName":"icscert","dateUpdated":"2025-09-24T21:10:10.144Z"},"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-14-058-02"},{"tags":["x_refsource_CONFIRM"],"url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01"},{"name":"65871","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/65871"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Schneider Electric has a product upgrade as well as a workaround \nsolution \nthat mitigates this \nvulnerability.&nbsp;</p><p>Schneider Electric Security Notification SEVD \n2014-031-01,”Vulnerability Disclosure – OPC Factory Server V3.35,” \n<a target=\"_blank\" rel=\"nofollow\" href=\"http://www.downloads.schneider-electric.com/?p_Conf=&amp;p_localesFilter=&amp;p_docTypeFilter=1555899,&amp;p_docTypeGroupFilter=3541958\">http://www.downloads.schneider-electric.com/?p_Conf=&amp;p_localesFilter=&amp;p_docTypeFilter=155589...</a>&nbsp; &nbsp;</p>\n<div>\n<p>The security announcements affecting the OPC Factory Server are available here:</p>\n<p><a target=\"_blank\" rel=\"nofollow\" href=\"http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cybersecurity.page\">http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cybersecurity.page</a></p></div>Schneider\n Electric recommends customers to upgrade to OFS v3.4 or later (Version \nv3.5 is currently available). Customers that cannot upgrade are directed\n to remove the demonstration client from affected computers, provided it\n is not required for operations.\n\n<br>"}],"value":"Schneider Electric has a product upgrade as well as a workaround \nsolution \nthat mitigates this \nvulnerability. \n\nSchneider Electric Security Notification SEVD \n2014-031-01,”Vulnerability Disclosure – OPC Factory Server V3.35,” \n http://www.downloads.schneider-electric.com/?p_Conf=&p_localesFilter=&p_docTypeFilter=155589... http://www.downloads.schneider-electric.com/    \n\n\n\nThe security announcements affecting the OPC Factory Server are available here:\n\n\n http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cybersecurity.page \n\n\n\nSchneider\n Electric recommends customers to upgrade to OFS v3.4 or later (Version \nv3.5 is currently available). Customers that cannot upgrade are directed\n to remove the demonstration client from affected computers, provided it\n is not required for operations."}],"source":{"advisory":"ICSA-14-058-02","discovery":"INTERNAL"},"title":"Schneider Electric OFS Stack Buffer Overflow","x_generator":{"engine":"Vulnogram 0.2.0"},"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"ics-cert@hq.dhs.gov","ID":"CVE-2014-0774","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://ics-cert.us-cert.gov/advisories/ICSA-14-058-02","refsource":"MISC","url":"http://ics-cert.us-cert.gov/advisories/ICSA-14-058-02"},{"name":"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01","refsource":"CONFIRM","url":"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01"},{"name":"65871","refsource":"BID","url":"http://www.securityfocus.com/bid/65871"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-06T09:27:19.467Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"http://ics-cert.us-cert.gov/advisories/ICSA-14-058-02"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01"},{"name":"65871","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/65871"}]}]},"cveMetadata":{"assignerOrgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","assignerShortName":"icscert","cveId":"CVE-2014-0774","datePublished":"2014-02-28T02:00:00.000Z","dateReserved":"2014-01-02T00:00:00.000Z","dateUpdated":"2025-09-24T21:10:10.144Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}