CVE-2014-9200 — Stack-based Buffer Overflow in Electric Canopen Communication Library

CWE-121 — Stack-based Buffer Overflow CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

7.5HIGHNVD

EPSS

2.2%

top 15.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider Electric Canopen Communication Library Schneider Electric Ethernet IP Communication Library Schneider Electric Modbus Communication Library +8 more

Timeline

PublishedFeb 1

Latest updateMay 17

Description

Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library 1.0.0 and earlier, EM X80 Gateway DTM (MB TCP/SL), Advantys DTM for OTB, Advantys DTM for STB, KINOS DTM, SOLO DTM, and Xantrex DTMs allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages11 packages

▶CVEListV5schneider_electric/modbus_communication_libraryVersion 2.2.6

▶CVEListV5schneider_electric/canopen_communication_libraryVersion 1.0.2

▶CVEListV5schneider_electric/ethernet_ip_communication_libraryVersion 1.0.0

▶CVEListV5schneider_electric/somove_liteall versions

▶CVEListV5schneider_electric/somoveall versions

🔴Vulnerability Details

GHSA

GHSA-2gx2-9hj7-p6pc: Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbu↗2022-05-17

▶

CVEList

Schneider Electric Device Type Managers (DTMs) Stack-based Buffer Overflow↗2015-02-01

▶