Schneider-Electric Opc Factory Server vulnerabilities
5 known vulnerabilities affecting schneider-electric/opc_factory_server.
Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2023-2161MEDIUMCVSS 5.5fixed in 3.63v3.632023-05-16
CVE-2023-2161 [MEDIUM] CWE-611 CVE-2023-2161:
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that
could ca
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that
could cause unauthorized read access to the file system when a malicious configuration file is
loaded on to the software by a local user.
nvd
CVE-2015-1014HIGHCVSS 7.3v3.52019-03-25
CVE-2015-1014 [HIGH] CWE-427 CVE-2015-1014: A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in
A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3.5 with version v7.20 of Vijeo Citect/CitectSCADA.. If the a
nvd
CVE-2013-0662CRITICALCVSS 9.3PoC≤ 3.5.0v3.34+1 more2014-04-01
CVE-2013-0662 [CRITICAL] CWE-787 CVE-2013-0662: Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.
Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header.
nvd
CVE-2014-0774MEDIUMCVSS 6.9v3.352014-02-28
CVE-2014-0774 [MEDIUM] CWE-121 CVE-2014-0774: Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS)
Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file.
nvd
CVE-2011-3330HIGHCVSS 7.2≤ 3.342011-11-04
CVE-2011-3330 [HIGH] CWE-119 CVE-2011-3330: Buffer overflow in the UnitelWay Windows Device Driver, as used in Schneider Electric Unity Pro 6 an
Buffer overflow in the UnitelWay Windows Device Driver, as used in Schneider Electric Unity Pro 6 and earlier, OPC Factory Server 3.34, Vijeo Citect 7.20 and earlier, Telemecanique Driver Pack 2.6 and earlier, Monitor Pro 7.6 and earlier, and PL7 Pro 4.5 and earlier, allows local users, and possibly remote attackers, to execute arbitrary code via an uns
nvd