Buffer Overflow Vulnerabilities in Schneider Electric OPC Factory Server
CVE-2014-0789

Currently unrated

Key Information:

Vendor: Schneider Electric
Status: Opc Factory Server Tlxcdlfofs; Opc Factory Server Tlxcdstofs; Opc Factory Server Tlxcdsuofs; Opc Factory Server Tlxcdltofs
Vendor: CVE Published:; 4 April 2014

Summary

Multiple buffer overflow vulnerabilities exist within the OPC Automation 2.0 Server Object ActiveX control of Schneider Electric's OPC Factory Server. These flaws can be exploited by remote attackers, potentially leading to a denial of service by delivering excessively long arguments to unspecified functions. Affected versions include TLXCDSUOFS33, TLXCDSTOFS33, TLXCDLUOFS33, TLXCDLTOFS33, and TLXCDLFOFS33, all version 3.5 and earlier. Proper mitigation strategies and updates are critical to safeguard against these exploitable vulnerabilities.

References

http://ics-cert.us-cert.gov/advisories/ICSA-14-093-01

x_refsource_MISC

http://www.schneider-electric.com/corporate/en/support/cy...

x_refsource_CONFIRM

Timeline

Vulnerability published
Apr 4, 2014
Vulnerability Reserved
Jan 2, 2014