Lucene search

[email protected]CVE-2014-9190

HistoryJan 10, 2015 - 2:59 a.m.

CVE-2014-9190

2015-01-1002:59:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2014-9190

schneider electric

wonderware

intouch access

buffer overflow

remote code execution

8.3 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.038 Low

EPSS

Percentile

91.9%

JSON

Stack-based buffer overflow in Schneider Electric Wonderware InTouch Access Anywhere Server 10.6 and 11.0 allows remote attackers to execute arbitrary code via a request for a filename that does not exist.

CPENameOperatorVersion
schneider-electric:wonderware_intouch_access_anywhere_serverschneider-electric wonderware intouch access anywhere servereq10.6
schneider-electric:wonderware_intouch_access_anywhere_serverschneider-electric wonderware intouch access anywhere servereq11.0

CPE	Name	Operator	Version
schneider-electric:wonderware_intouch_access_anywhere_server	schneider-electric wonderware intouch access anywhere server	eq	10.6
schneider-electric:wonderware_intouch_access_anywhere_server	schneider-electric wonderware intouch access anywhere server	eq	11.0

References

ics-cert.us-cert.gov/advisories/ICSA-15-008-02

wdnresource.wonderware.com/support/docs/_SecurityBulletins/Security_Bulletin_LFSEC00000104.pdf

8.3 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.038 Low

EPSS

Percentile

91.9%

JSON

Related for CVE-2014-9190

prion1 cvelist1 ics1