Detections
Analytics

Schneider Electric OPC Factory Server (OFS) 3.35 Buffer Overflow

medium Nessus Network Monitor Plugin ID 720159

Synopsis

Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) allows local users to gain privileges via vectors involving a malformed configuration file.

Description

Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file.

Solution

Perform vendor recommended mitigations and apply available vendor upgrades.

See Also

http://ics-cert.us-cert.gov/advisories/ICSA-14-058-02,http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01,http://www.securityfocus.com/bid/65871,https://ics-cert.us-cert.gov/advisories/ICSA-14-058-02

Plugin Details

Severity: Medium

ID: 720159

Family: SCADA

Published: 5/8/2019

Updated: 9/30/2019

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 5.7

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

Patch Publication Date: 2/27/2014

Vulnerability Publication Date: 2/27/2014

Reference Information

CVE: CVE-2014-0774

BID: 65871