CVE-2014-0779

CWE-119Buffer Overflow3 documents3 sources
Severity
6.8MEDIUM
EPSS
0.7%
top 28.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Schneider Electric ClearscadaSchneider Electric Scada Expert ClearscadaAveva Clearscada
Timeline
PublishedMar 14
Latest updateMay 14

Description

The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file).

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

CVEListV5schneider_electric/clearscada4 versions+3
NVDaveva/clearscada2010, 2013+1

🔴Vulnerability Details

2
GHSA
GHSA-w3fm-7p4x-vf2h: The PLC driver in ServerMain2022-05-14
CVEList
Schneider Electric StruxureWare SCADA Expert ClearSCADA Improper Restriction of Operations within the Bounds of a Memory Buffer2014-03-14
CVE-2014-0779 (MEDIUM CVSS 6.8) | The PLC driver in ServerMain.exe in | cvebase.io