Find a vulnerability
Search criteria
450 vulnerabilities by Schneider
VAR-201409-0722
Vulnerability from variot - Updated: 2025-11-19 23:15Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. ClearSCADA is an integrated SCADA host platform that includes a rotation training engine, real-time database, web server, alarm processor and reporting software. A cross-site scripting vulnerability exists in the ClearSCADA WEB interface that allows an attacker to exploit a vulnerability to construct a malicious URI, to induce user resolution, and to perform system management operations. Scada Expert Clearscada is prone to a cross-site scripting vulnerability. Schneider Electric StruxureWare SCADA Expert ClearSCADA is a set of energy efficiency management software monitoring platform of French Schneider Electric (Schneider Electric). The platform is primarily used for remote management of critical infrastructure
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-0722",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": "eq",
"trust": 2.0,
"vendor": "clearscada",
"version": "2013"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "2014"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2013"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "clearscada",
"version": "2010"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3 (build 72.4560)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3.1 (build 72.4644)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1 (build 73.4729)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1 (build 73.4832)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1a (build 73.4903)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.2 (build 73.4955)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r2 (build 74.5094)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r2.1 (build 74.5192)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2014 r1 (build 75.5210)"
},
{
"model": "electric clearscada r3 (build",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "201072.4560)"
},
{
"model": "electric clearscada r3.1 (build",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "201072.4644)"
},
{
"model": "electric scada expert clearscada r1 (build",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "201373.4729)"
},
{
"model": "electric scada expert clearscada r1.1 (build",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "201373.4832)"
},
{
"model": "electric scada expert clearscada r1.1a (build",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "201373.4903)"
},
{
"model": "electric scada expert clearscada r1.2 (build",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "201373.4955)"
},
{
"model": "electric scada expert clearscada r2 (build",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "201374.5094)"
},
{
"model": "electric scada expert clearscada r2.1 (build",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "201374.5192)"
},
{
"model": "electric scada expert clearscada r1 (build",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "201475.5210)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada expert clearscada",
"version": "2013"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada expert clearscada",
"version": "2014"
},
{
"model": "scada expert clearscada r1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2014"
},
{
"model": "scada expert clearscada r2.1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada r2",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada r1.2",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada r1.1a",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada r1.1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "scada expert clearscada r1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": "clearscada r3.1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": "clearscada r3",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2010"
}
],
"sources": [
{
"db": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"db": "BID",
"id": "80073"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-656"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004282"
},
{
"db": "NVD",
"id": "CVE-2014-5411"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:clearscada",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:scada_expert_clearscada",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004282"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "80073"
}
],
"trust": 0.3
},
"cve": "CVE-2014-5411",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2014-5411",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2014-5411",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CNVD-2014-06196",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-73352",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2014-5411",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2014-5411",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2014-5411",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2014-06196",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201409-656",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "LOW"
},
{
"author": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-73352",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"db": "VULHUB",
"id": "VHN-73352"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-656"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004282"
},
{
"db": "NVD",
"id": "CVE-2014-5411"
},
{
"db": "NVD",
"id": "CVE-2014-5411"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. ClearSCADA is an integrated SCADA host platform that includes a rotation training engine, real-time database, web server, alarm processor and reporting software. A cross-site scripting vulnerability exists in the ClearSCADA WEB interface that allows an attacker to exploit a vulnerability to construct a malicious URI, to induce user resolution, and to perform system management operations. Scada Expert Clearscada is prone to a cross-site scripting vulnerability. Schneider Electric StruxureWare SCADA Expert ClearSCADA is a set of energy efficiency management software monitoring platform of French Schneider Electric (Schneider Electric). The platform is primarily used for remote management of critical infrastructure",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5411"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004282"
},
{
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"db": "BID",
"id": "80073"
},
{
"db": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-73352"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-5411",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-14-259-01",
"trust": 3.4
},
{
"db": "CNVD",
"id": "CNVD-2014-06196",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201409-656",
"trust": 1.0
},
{
"db": "ICS CERT",
"id": "ICSA-14-259-01A",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004282",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "111238",
"trust": 0.6
},
{
"db": "BID",
"id": "80073",
"trust": 0.4
},
{
"db": "IVD",
"id": "770608EC-1EB9-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "DCDEEBB0-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-73352",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"db": "VULHUB",
"id": "VHN-73352"
},
{
"db": "BID",
"id": "80073"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-656"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004282"
},
{
"db": "NVD",
"id": "CVE-2014-5411"
}
]
},
"id": "VAR-201409-0722",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"db": "VULHUB",
"id": "VHN-73352"
}
],
"trust": 2.0027777833333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06196"
}
]
},
"last_update_date": "2025-11-19T23:15:03.200000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "StruxureWare SCADA Expert ClearSCADA",
"trust": 0.8,
"url": "http://www.schneider-electric.com/products/ww/en/5100-software/5135-operating-monitoring/61264-struxureware-scada-expert-clearscada/?xtmc=ClearSCADA\u0026xtcr=1"
},
{
"title": "Patch for Schneider Electric ClearSCADA Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/50244"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004282"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73352"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004282"
},
{
"db": "NVD",
"id": "CVE-2014-5411"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-259-01"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5411"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a"
},
{
"trust": 1.0,
"url": "https://github.com/cisagov/csaf/blob/develop/csaf_files/ot/white/2014/icsa-14-259-01a.json"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5411"
},
{
"trust": 0.6,
"url": "http://osvdb.com/show/osvdb/111238"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"db": "VULHUB",
"id": "VHN-73352"
},
{
"db": "BID",
"id": "80073"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-656"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004282"
},
{
"db": "NVD",
"id": "CVE-2014-5411"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"db": "VULHUB",
"id": "VHN-73352"
},
{
"db": "BID",
"id": "80073"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-656"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004282"
},
{
"db": "NVD",
"id": "CVE-2014-5411"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-23T00:00:00",
"db": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
},
{
"date": "2014-09-23T00:00:00",
"db": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"date": "2014-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-73352"
},
{
"date": "2014-09-18T00:00:00",
"db": "BID",
"id": "80073"
},
{
"date": "2014-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-656"
},
{
"date": "2014-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004282"
},
{
"date": "2014-09-18T10:55:11.640000",
"db": "NVD",
"id": "CVE-2014-5411"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06196"
},
{
"date": "2018-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-73352"
},
{
"date": "2014-09-18T00:00:00",
"db": "BID",
"id": "80073"
},
{
"date": "2014-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-656"
},
{
"date": "2014-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004282"
},
{
"date": "2025-11-04T23:15:33.223000",
"db": "NVD",
"id": "CVE-2014-5411"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-656"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric ClearSCADA Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "IVD",
"id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06196"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-656"
}
],
"trust": 0.6
}
}
VAR-201409-0724
Vulnerability from variot - Updated: 2025-11-19 23:15Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm. ClearSCADA is an integrated SCADA host platform. Schneider Electric ClearSCADA has a remote unknown vulnerability that allows an attacker to exploit the vulnerability to obtain sensitive information. Information obtained may lead to further attacks. Schneider Electric StruxureWare SCADA Expert ClearSCADA is a set of energy efficiency management software monitoring platform of French Schneider Electric (Schneider Electric). The platform is primarily used for remote management of critical infrastructure. There is an encryption issue vulnerability in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 to 2014 R1
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-0724",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "2014"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "clearscada",
"version": "2013"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2013"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2010"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3 (build 72.4560)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3.1 (build 72.4644)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1 (build 73.4729)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1 (build 73.4832)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1a (build 73.4903)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.2 (build 73.4955)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r2 (build 74.5094)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r2.1 (build 74.5192)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2014 r1 (build 75.5210)"
},
{
"model": "electric clearscada r3-2014 r1",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "2010"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "clearscada",
"version": "2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada expert clearscada",
"version": "2013"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada expert clearscada",
"version": "2014"
}
],
"sources": [
{
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-658"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"db": "NVD",
"id": "CVE-2014-5413"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:clearscada",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:scada_expert_clearscada",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aditya Sood",
"sources": [
{
"db": "BID",
"id": "69842"
}
],
"trust": 0.3
},
"cve": "CVE-2014-5413",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-5413",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-5413",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-5413",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-06121",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-73354",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2014-5413",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2014-5413",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-5413",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-06121",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201409-658",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-73354",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "VULHUB",
"id": "VHN-73354"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-658"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"db": "NVD",
"id": "CVE-2014-5413"
},
{
"db": "NVD",
"id": "CVE-2014-5413"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm. ClearSCADA is an integrated SCADA host platform. Schneider Electric ClearSCADA has a remote unknown vulnerability that allows an attacker to exploit the vulnerability to obtain sensitive information. Information obtained may lead to further attacks. Schneider Electric StruxureWare SCADA Expert ClearSCADA is a set of energy efficiency management software monitoring platform of French Schneider Electric (Schneider Electric). The platform is primarily used for remote management of critical infrastructure. There is an encryption issue vulnerability in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 to 2014 R1",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5413"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "BID",
"id": "69842"
},
{
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-73354"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-5413",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-14-259-01",
"trust": 2.5
},
{
"db": "BID",
"id": "69842",
"trust": 1.0
},
{
"db": "ICS CERT",
"id": "ICSA-14-259-01A",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201409-658",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-06121",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284",
"trust": 0.8
},
{
"db": "IVD",
"id": "DCFE0734-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-73354",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "VULHUB",
"id": "VHN-73354"
},
{
"db": "BID",
"id": "69842"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-658"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"db": "NVD",
"id": "CVE-2014-5413"
}
]
},
"id": "VAR-201409-0724",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "VULHUB",
"id": "VHN-73354"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06121"
}
]
},
"last_update_date": "2025-11-19T23:15:03.156000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "StruxureWare SCADA Expert ClearSCADA",
"trust": 0.8,
"url": "http://www.schneider-electric.com/products/ww/en/5100-software/5135-operating-monitoring/61264-struxureware-scada-expert-clearscada/?xtmc=ClearSCADA\u0026xtcr=1"
},
{
"title": "Schneider Electric ClearSCADA has patches for remote unknown vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/50145"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73354"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"db": "NVD",
"id": "CVE-2014-5413"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-259-01"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a"
},
{
"trust": 1.0,
"url": "https://github.com/cisagov/csaf/blob/develop/csaf_files/ot/white/2014/icsa-14-259-01a.json"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5413"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5413"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/69842/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "VULHUB",
"id": "VHN-73354"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-658"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"db": "NVD",
"id": "CVE-2014-5413"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"db": "VULHUB",
"id": "VHN-73354"
},
{
"db": "BID",
"id": "69842"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-658"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"db": "NVD",
"id": "CVE-2014-5413"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-22T00:00:00",
"db": "IVD",
"id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"date": "2014-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-73354"
},
{
"date": "2014-09-16T00:00:00",
"db": "BID",
"id": "69842"
},
{
"date": "2014-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-658"
},
{
"date": "2014-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"date": "2014-09-18T10:55:11.733000",
"db": "NVD",
"id": "CVE-2014-5413"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06121"
},
{
"date": "2018-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-73354"
},
{
"date": "2014-10-08T07:00:00",
"db": "BID",
"id": "69842"
},
{
"date": "2014-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-658"
},
{
"date": "2014-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004284"
},
{
"date": "2025-11-04T23:15:33.543000",
"db": "NVD",
"id": "CVE-2014-5413"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-658"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric StruxureWare SCADA Expert ClearSCADA Vulnerable to server impersonation",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004284"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-658"
}
],
"trust": 0.6
}
}
VAR-201409-0723
Vulnerability from variot - Updated: 2025-11-18 15:15Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account. ClearSCADA is an integrated SCADA host platform. Schneider Electric ClearSCADA has a remote security bypass vulnerability that allows an attacker to exploit this vulnerability to bypass security restrictions and perform unauthorized operations. Schneider Electric ClearSCADA is prone to a remote security-bypass vulnerability. The platform is primarily used for remote management of critical infrastructure
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-0723",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "2014"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "2013"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "clearscada",
"version": "2013"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2013"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2010"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3 (build 72.4560)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3.1 (build 72.4644)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1 (build 73.4729)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1 (build 73.4832)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1a (build 73.4903)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.2 (build 73.4955)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r2 (build 74.5094)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r2.1 (build 74.5192)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2014 r1 (build 75.5210)"
},
{
"model": "electric clearscada",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "clearscada",
"version": "2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada expert clearscada",
"version": "2013"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada expert clearscada",
"version": "2014"
}
],
"sources": [
{
"db": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06087"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-657"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004283"
},
{
"db": "NVD",
"id": "CVE-2014-5412"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:clearscada",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:scada_expert_clearscada",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004283"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CERT",
"sources": [
{
"db": "BID",
"id": "69840"
}
],
"trust": 0.3
},
"cve": "CVE-2014-5412",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-5412",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-5412",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-06087",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-73353",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2014-5412",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2014-5412",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-5412",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-06087",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201409-657",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-73353",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06087"
},
{
"db": "VULHUB",
"id": "VHN-73353"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-657"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004283"
},
{
"db": "NVD",
"id": "CVE-2014-5412"
},
{
"db": "NVD",
"id": "CVE-2014-5412"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account. ClearSCADA is an integrated SCADA host platform. Schneider Electric ClearSCADA has a remote security bypass vulnerability that allows an attacker to exploit this vulnerability to bypass security restrictions and perform unauthorized operations. Schneider Electric ClearSCADA is prone to a remote security-bypass vulnerability. The platform is primarily used for remote management of critical infrastructure",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5412"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004283"
},
{
"db": "CNVD",
"id": "CNVD-2014-06087"
},
{
"db": "BID",
"id": "69840"
},
{
"db": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-73353"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-5412",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-14-259-01",
"trust": 2.8
},
{
"db": "ICS CERT",
"id": "ICSA-14-259-01A",
"trust": 1.3
},
{
"db": "BID",
"id": "69840",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201409-657",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-06087",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004283",
"trust": 0.8
},
{
"db": "IVD",
"id": "DCF002D8-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-73353",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06087"
},
{
"db": "VULHUB",
"id": "VHN-73353"
},
{
"db": "BID",
"id": "69840"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-657"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004283"
},
{
"db": "NVD",
"id": "CVE-2014-5412"
}
]
},
"id": "VAR-201409-0723",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06087"
},
{
"db": "VULHUB",
"id": "VHN-73353"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06087"
}
]
},
"last_update_date": "2025-11-18T15:15:10.874000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "StruxureWare SCADA Expert ClearSCADA",
"trust": 0.8,
"url": "http://www.schneider-electric.com/products/ww/en/5100-software/5135-operating-monitoring/61264-struxureware-scada-expert-clearscada/?xtmc=ClearSCADA\u0026xtcr=1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004283"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
},
{
"problemtype": "CWE-287",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73353"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004283"
},
{
"db": "NVD",
"id": "CVE-2014-5412"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-259-01"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a"
},
{
"trust": 1.0,
"url": "https://github.com/cisagov/csaf/blob/develop/csaf_files/ot/white/2014/icsa-14-259-01a.json"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5412"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5412"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/69840"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/products/ww/en/"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-259-01a"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06087"
},
{
"db": "VULHUB",
"id": "VHN-73353"
},
{
"db": "BID",
"id": "69840"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-657"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004283"
},
{
"db": "NVD",
"id": "CVE-2014-5412"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06087"
},
{
"db": "VULHUB",
"id": "VHN-73353"
},
{
"db": "BID",
"id": "69840"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-657"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004283"
},
{
"db": "NVD",
"id": "CVE-2014-5412"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-19T00:00:00",
"db": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-09-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06087"
},
{
"date": "2014-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-73353"
},
{
"date": "2014-09-16T00:00:00",
"db": "BID",
"id": "69840"
},
{
"date": "2014-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-657"
},
{
"date": "2014-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004283"
},
{
"date": "2014-09-18T10:55:11.687000",
"db": "NVD",
"id": "CVE-2014-5412"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06087"
},
{
"date": "2018-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-73353"
},
{
"date": "2015-03-19T08:46:00",
"db": "BID",
"id": "69840"
},
{
"date": "2014-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-657"
},
{
"date": "2014-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004283"
},
{
"date": "2025-11-04T23:15:33.393000",
"db": "NVD",
"id": "CVE-2014-5412"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-657"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric ClearSCADA Remote Security Bypass Vulnerability",
"sources": [
{
"db": "IVD",
"id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06087"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-657"
}
],
"trust": 0.6
}
}
VAR-201905-1044
Vulnerability from variot - Updated: 2025-11-18 15:14A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered. U.motionBuilder is a generator product from Schneider Electric of France. A security vulnerability exists in SchneiderElectricU.MotionBuildertrack_import_export.phpobject_id. The vulnerability is due to an application failing to properly validate and filter this parameter, and an attacker could exploit the vulnerability to insert arbitrary commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1044",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "u.motion builder",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "1.3.4"
},
{
"model": "u.motion builder software",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "1.3.4"
},
{
"model": "electric u.motion builder",
"scope": "lte",
"trust": 0.6,
"vendor": "schneider",
"version": "\u003c=1.3.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "u motion builder",
"version": "1.3.4"
}
],
"sources": [
{
"db": "IVD",
"id": "ab58dace-bec4-420e-bb16-b855ccecebc0"
},
{
"db": "CNVD",
"id": "CNVD-2019-14275"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015483"
},
{
"db": "NVD",
"id": "CVE-2018-7841"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:u.motion_builder",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015483"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Julien Ahrens",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-612"
}
],
"trust": 0.6
},
"cve": "CVE-2018-7841",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7841",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-14275",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "ab58dace-bec4-420e-bb16-b855ccecebc0",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7841",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-7841",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7841",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2018-7841",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-7841",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-14275",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-612",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "ab58dace-bec4-420e-bb16-b855ccecebc0",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2018-7841",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ab58dace-bec4-420e-bb16-b855ccecebc0"
},
{
"db": "CNVD",
"id": "CNVD-2019-14275"
},
{
"db": "VULMON",
"id": "CVE-2018-7841"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-612"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015483"
},
{
"db": "NVD",
"id": "CVE-2018-7841"
},
{
"db": "NVD",
"id": "CVE-2018-7841"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered. U.motionBuilder is a generator product from Schneider Electric of France. A security vulnerability exists in SchneiderElectricU.MotionBuildertrack_import_export.phpobject_id. The vulnerability is due to an application failing to properly validate and filter this parameter, and an attacker could exploit the vulnerability to insert arbitrary commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7841"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015483"
},
{
"db": "CNVD",
"id": "CNVD-2019-14275"
},
{
"db": "IVD",
"id": "ab58dace-bec4-420e-bb16-b855ccecebc0"
},
{
"db": "VULMON",
"id": "CVE-2018-7841"
}
],
"trust": 2.43
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=46846",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-7841"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7841",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "152862",
"trust": 1.7
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-071-02",
"trust": 1.7
},
{
"db": "CNVD",
"id": "CNVD-2019-14275",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-612",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015483",
"trust": 0.8
},
{
"db": "EXPLOIT-DB",
"id": "46846",
"trust": 0.7
},
{
"db": "IVD",
"id": "AB58DACE-BEC4-420E-BB16-B855CCECEBC0",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2018-7841",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "ab58dace-bec4-420e-bb16-b855ccecebc0"
},
{
"db": "CNVD",
"id": "CNVD-2019-14275"
},
{
"db": "VULMON",
"id": "CVE-2018-7841"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-612"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015483"
},
{
"db": "NVD",
"id": "CVE-2018-7841"
}
]
},
"id": "VAR-201905-1044",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "ab58dace-bec4-420e-bb16-b855ccecebc0"
},
{
"db": "CNVD",
"id": "CNVD-2019-14275"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "ab58dace-bec4-420e-bb16-b855ccecebc0"
},
{
"db": "CNVD",
"id": "CNVD-2019-14275"
}
]
},
"last_update_date": "2025-11-18T15:14:19.529000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-071-02",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-071-02/"
},
{
"title": "advisories",
"trust": 0.1,
"url": "https://github.com/MrTuxracer/advisories "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-7841"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015483"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015483"
},
{
"db": "NVD",
"id": "CVE-2018-7841"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://seclists.org/fulldisclosure/2019/may/26"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/152862/schneider-electric-u.motion-builder-1.3.4-command-injection.html"
},
{
"trust": 1.7,
"url": "https://www.schneider-electric.com/ww/en/download/document/sevd-2019-071-02"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7841"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2018-7841"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7841"
},
{
"trust": 0.7,
"url": "https://www.exploit-db.com/exploits/46846"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/89.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14275"
},
{
"db": "VULMON",
"id": "CVE-2018-7841"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-612"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015483"
},
{
"db": "NVD",
"id": "CVE-2018-7841"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "ab58dace-bec4-420e-bb16-b855ccecebc0"
},
{
"db": "CNVD",
"id": "CNVD-2019-14275"
},
{
"db": "VULMON",
"id": "CVE-2018-7841"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-612"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015483"
},
{
"db": "NVD",
"id": "CVE-2018-7841"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-15T00:00:00",
"db": "IVD",
"id": "ab58dace-bec4-420e-bb16-b855ccecebc0"
},
{
"date": "2019-05-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-14275"
},
{
"date": "2019-05-22T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7841"
},
{
"date": "2019-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-612"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015483"
},
{
"date": "2019-05-22T20:29:01.480000",
"db": "NVD",
"id": "CVE-2018-7841"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-14275"
},
{
"date": "2019-05-23T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7841"
},
{
"date": "2019-05-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-612"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015483"
},
{
"date": "2025-11-03T18:59:49.653000",
"db": "NVD",
"id": "CVE-2018-7841"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-612"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric U.Motion Builder track_import_export.php object_id Unverified command injection vulnerability",
"sources": [
{
"db": "IVD",
"id": "ab58dace-bec4-420e-bb16-b855ccecebc0"
},
{
"db": "CNVD",
"id": "CNVD-2019-14275"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "ab58dace-bec4-420e-bb16-b855ccecebc0"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-612"
}
],
"trust": 0.8
}
}
VAR-201409-0721
Vulnerability from variot - Updated: 2025-11-18 15:07Multiple stack-based buffer overflows in Schneider Electric VAMPSET 2.2.136 and earlier allow local users to cause a denial of service (application halt) via a malformed (1) setting file or (2) disturbance recording file. Schneider Electric VAMPSET is a free device management software for parameter setting and configuration relaying of VAMP relay protection. Schneider Electric VAMPSET has a local stack buffer overflow vulnerability that fails to properly check for user-entered data as it is copied to the buffer. An attacker could exploit this vulnerability to execute arbitrary code in the context of an application. Failed exploit attempts will result in a denial-of-service condition. VAMPSET 2.2.136 and prior versions are vulnerable. Schneider Electric VAMPSET is a set of software deployed in the energy industry by the French company Schneider Electric to configure and maintain multiple relays and arc monitors
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-0721",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vampset",
"scope": "lte",
"trust": 1.8,
"vendor": "schneider electric",
"version": "2.2.136"
},
{
"model": "electric vampset",
"scope": "lte",
"trust": 0.6,
"vendor": "schneider",
"version": "\u003c=2.2.136"
},
{
"model": "vampset",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2.2.136"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vampset",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "dce1bf8e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06017"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-523"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004190"
},
{
"db": "NVD",
"id": "CVE-2014-5407"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:vampset",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004190"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aivar Liimets of Martem AS",
"sources": [
{
"db": "BID",
"id": "69764"
}
],
"trust": 0.3
},
"cve": "CVE-2014-5407",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "CVE-2014-5407",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 2.7,
"id": "CVE-2014-5407",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:L/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "CNVD-2014-06017",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "dce1bf8e-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "VHN-73348",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2014-5407",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2014-5407",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-5407",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-06017",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201409-523",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "dce1bf8e-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-73348",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "dce1bf8e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06017"
},
{
"db": "VULHUB",
"id": "VHN-73348"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-523"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004190"
},
{
"db": "NVD",
"id": "CVE-2014-5407"
},
{
"db": "NVD",
"id": "CVE-2014-5407"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple stack-based buffer overflows in Schneider Electric VAMPSET 2.2.136 and earlier allow local users to cause a denial of service (application halt) via a malformed (1) setting file or (2) disturbance recording file. Schneider Electric VAMPSET is a free device management software for parameter setting and configuration relaying of VAMP relay protection. Schneider Electric VAMPSET has a local stack buffer overflow vulnerability that fails to properly check for user-entered data as it is copied to the buffer. An attacker could exploit this vulnerability to execute arbitrary code in the context of an application. Failed exploit attempts will result in a denial-of-service condition. \nVAMPSET 2.2.136 and prior versions are vulnerable. Schneider Electric VAMPSET is a set of software deployed in the energy industry by the French company Schneider Electric to configure and maintain multiple relays and arc monitors",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5407"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004190"
},
{
"db": "CNVD",
"id": "CNVD-2014-06017"
},
{
"db": "BID",
"id": "69764"
},
{
"db": "IVD",
"id": "dce1bf8e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-73348"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-5407",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-14-254-01",
"trust": 2.8
},
{
"db": "BID",
"id": "69764",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201409-523",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-06017",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004190",
"trust": 0.8
},
{
"db": "IVD",
"id": "DCE1BF8E-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-73348",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "dce1bf8e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06017"
},
{
"db": "VULHUB",
"id": "VHN-73348"
},
{
"db": "BID",
"id": "69764"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-523"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004190"
},
{
"db": "NVD",
"id": "CVE-2014-5407"
}
]
},
"id": "VAR-201409-0721",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "dce1bf8e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06017"
},
{
"db": "VULHUB",
"id": "VHN-73348"
}
],
"trust": 1.721428565
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "dce1bf8e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06017"
}
]
},
"last_update_date": "2025-11-18T15:07:13.689000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Vamp Software",
"trust": 0.8,
"url": "http://www.schneider-electric.com/products/ww/en/2300-ied-user-software/2320-vamp-user-software/62050-vamp-software/"
},
{
"title": "Schneider Electric VAMPSET Local Stack Buffer Overflow Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/50100"
},
{
"title": "VAMP 50 default setting for VAMPSET",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51646"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06017"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-523"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004190"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
},
{
"problemtype": "CWE-121",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73348"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004190"
},
{
"db": "NVD",
"id": "CVE-2014-5407"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-254-01"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5407"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-254-01"
},
{
"trust": 1.0,
"url": "http://www.schneider-electric.com/products/ww/en/2300-ied-user-software/2320-vamp-user-software/62050-vamp-software/"
},
{
"trust": 1.0,
"url": "https://github.com/cisagov/csaf/blob/develop/csaf_files/ot/white/2014/icsa-14-254-01.json"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5407"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/69764"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06017"
},
{
"db": "VULHUB",
"id": "VHN-73348"
},
{
"db": "BID",
"id": "69764"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-523"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004190"
},
{
"db": "NVD",
"id": "CVE-2014-5407"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "dce1bf8e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06017"
},
{
"db": "VULHUB",
"id": "VHN-73348"
},
{
"db": "BID",
"id": "69764"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-523"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004190"
},
{
"db": "NVD",
"id": "CVE-2014-5407"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-18T00:00:00",
"db": "IVD",
"id": "dce1bf8e-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-09-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06017"
},
{
"date": "2014-09-15T00:00:00",
"db": "VULHUB",
"id": "VHN-73348"
},
{
"date": "2014-09-11T00:00:00",
"db": "BID",
"id": "69764"
},
{
"date": "2014-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-523"
},
{
"date": "2014-09-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004190"
},
{
"date": "2014-09-15T14:55:11.697000",
"db": "NVD",
"id": "CVE-2014-5407"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06017"
},
{
"date": "2014-09-15T00:00:00",
"db": "VULHUB",
"id": "VHN-73348"
},
{
"date": "2015-03-19T08:44:00",
"db": "BID",
"id": "69764"
},
{
"date": "2014-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-523"
},
{
"date": "2014-09-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004190"
},
{
"date": "2025-11-03T19:15:38.683000",
"db": "NVD",
"id": "CVE-2014-5407"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "69764"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-523"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric VAMPSET Local Stack Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "dce1bf8e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06017"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "dce1bf8e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-523"
}
],
"trust": 0.8
}
}
VAR-202506-0483
Vulnerability from variot - Updated: 2025-10-07 22:57CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote control over the charging station when an authenticated user modifies configuration parameters on the web server. Schneider Electric EVLink WallBox is a home charging station from Schneider Electric of France.
Schneider Electric EVLink WallBox has an operating system command injection vulnerability. Attackers can exploit this vulnerability to remotely control the charging station
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202506-0483",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "electric evlink wallbox",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15347"
}
]
},
"cve": "CVE-2025-5743",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.4,
"id": "CNVD-2025-15347",
"impactScore": 7.8,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:C/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cybersecurity@se.com",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.2,
"id": "CVE-2025-5743",
"impactScore": 4.2,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "cybersecurity@se.com",
"id": "CVE-2025-5743",
"trust": 1.0,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-15347",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15347"
},
{
"db": "NVD",
"id": "CVE-2025-5743"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\nvulnerability exists that could cause remote control over the charging station when an authenticated user\nmodifies configuration parameters on the web server. Schneider Electric EVLink WallBox is a home charging station from Schneider Electric of France. \n\nSchneider Electric EVLink WallBox has an operating system command injection vulnerability. Attackers can exploit this vulnerability to remotely control the charging station",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-5743"
},
{
"db": "CNVD",
"id": "CNVD-2025-15347"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-5743",
"trust": 1.6
},
{
"db": "SCHNEIDER",
"id": "SEVD-2025-161-03",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2025-15347",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15347"
},
{
"db": "NVD",
"id": "CVE-2025-5743"
}
]
},
"id": "VAR-202506-0483",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15347"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15347"
}
]
},
"last_update_date": "2025-10-07T22:57:56.359000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Schneider Electric EVLink WallBox OS Command Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/706306"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15347"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-5743"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2025-161-03\u0026p_endoctype=security+and+safety+notice\u0026p_file_name=sevd-2025-161-03.pdf"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-5743"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15347"
},
{
"db": "NVD",
"id": "CVE-2025-5743"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-15347"
},
{
"db": "NVD",
"id": "CVE-2025-5743"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-07-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-15347"
},
{
"date": "2025-06-10T09:15:25.703000",
"db": "NVD",
"id": "CVE-2025-5743"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-07-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-15347"
},
{
"date": "2025-10-07T04:16:18.733000",
"db": "NVD",
"id": "CVE-2025-5743"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric EVLink WallBox OS Command Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15347"
}
],
"trust": 0.6
}
}
VAR-202506-0485
Vulnerability from variot - Updated: 2025-10-07 22:57CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file writes when an authenticated user on the web server manipulates file path. Schneider Electric EVLink WallBox is a home charging station from Schneider Electric of France.
Schneider Electric EVLink WallBox has a path traversal vulnerability, which is caused by improper path name restriction
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202506-0485",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "electric evlink wallbox",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15348"
}
]
},
"cve": "CVE-2025-5740",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.4,
"id": "CNVD-2025-15348",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cybersecurity@se.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2025-5740",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "cybersecurity@se.com",
"id": "CVE-2025-5740",
"trust": 1.0,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-15348",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15348"
},
{
"db": "NVD",
"id": "CVE-2025-5740"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability exists that could cause arbitrary file writes when an authenticated user on the web server manipulates file path. Schneider Electric EVLink WallBox is a home charging station from Schneider Electric of France. \n\nSchneider Electric EVLink WallBox has a path traversal vulnerability, which is caused by improper path name restriction",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-5740"
},
{
"db": "CNVD",
"id": "CNVD-2025-15348"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-5740",
"trust": 1.6
},
{
"db": "SCHNEIDER",
"id": "SEVD-2025-161-03",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2025-15348",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15348"
},
{
"db": "NVD",
"id": "CVE-2025-5740"
}
]
},
"id": "VAR-202506-0485",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15348"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15348"
}
]
},
"last_update_date": "2025-10-07T22:57:56.343000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Schneider Electric EVLink WallBox Path Traversal Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/706291"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15348"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-5740"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2025-161-03\u0026p_endoctype=security+and+safety+notice\u0026p_file_name=sevd-2025-161-03.pdf"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-5740"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15348"
},
{
"db": "NVD",
"id": "CVE-2025-5740"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-15348"
},
{
"db": "NVD",
"id": "CVE-2025-5740"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-07-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-15348"
},
{
"date": "2025-06-10T09:15:25.093000",
"db": "NVD",
"id": "CVE-2025-5740"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-07-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-15348"
},
{
"date": "2025-10-07T04:16:18.470000",
"db": "NVD",
"id": "CVE-2025-5740"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric EVLink WallBox Path Traversal Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15348"
}
],
"trust": 0.6
}
}
VAR-201404-0553
Vulnerability from variot - Updated: 2025-09-26 23:41Multiple buffer overflows in the OPC Automation 2.0 Server Object ActiveX control in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 3.5 and earlier, TLXCDSTOFS33 3.5 and earlier, TLXCDLUOFS33 3.5 and earlier, TLXCDLTOFS33 3.5 and earlier, and TLXCDLFOFS33 3.5 and earlier allow remote attackers to cause a denial of service via long arguments to unspecified functions. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Zone overflow vulnerability. Allowing a remote attacker to cause a denial of service through the \342\200\230long\342\200\231 parameter. Multiple Schneider Electric Products are prone to a remote buffer-overflow vulnerability because it fails to properly validate user-supplied input. Attackers can exploit this issue to cause a denial-of-service condition. The following products are vulnerable: TLXCDSUOFS33 3.5 and prior TLXCDSTOFS33 3.5 and prior TLXCDLUOFS33 3.5 and prior TLXCDLTOFS33 3.5 and prior TLXCDLFOFS33 3.5 and prior. The application features easy integration, custom interface and more
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201404-0553",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "opc factory server tlxcdstofs",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.35"
},
{
"model": "opc factory server tlxcdluofs",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.35"
},
{
"model": "opc factory server tlxcdlfofs",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.35"
},
{
"model": "opc factory server tlxcdltofs",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.35"
},
{
"model": "opc factory server tlxcdsuofs",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.35"
},
{
"model": "tlxcdlfofs",
"scope": "lte",
"trust": 0.8,
"vendor": "schneider electric",
"version": "33 - v3.5"
},
{
"model": "tlxcdltofs",
"scope": "lte",
"trust": 0.8,
"vendor": "schneider electric",
"version": "33 - v3.5"
},
{
"model": "tlxcdluofs",
"scope": "lte",
"trust": 0.8,
"vendor": "schneider electric",
"version": "33 - v3.5"
},
{
"model": "tlxcdstofs",
"scope": "lte",
"trust": 0.8,
"vendor": "schneider electric",
"version": "33 - v3.5"
},
{
"model": "tlxcdsuofs",
"scope": "lte",
"trust": 0.8,
"vendor": "schneider electric",
"version": "33 - v3.5"
},
{
"model": "electric tlxcdsuofs33",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "3.5"
},
{
"model": "electric tlxcdstofs33",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "3.5"
},
{
"model": "electric tlxcdluofs33",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "3.5"
},
{
"model": "electric tlxcdlfofs33",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "3.5"
},
{
"model": "opc factory server tlxcdluofs",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "3.35"
},
{
"model": "opc factory server tlxcdstofs",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "3.35"
},
{
"model": "opc factory server tlxcdlfofs",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "3.35"
},
{
"model": "opc factory server tlxcdsuofs",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "3.35"
},
{
"model": "opc factory server tlxcdltofs",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "3.35"
},
{
"model": "opc factory server tlxcdsuofs33",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "3.5"
},
{
"model": "opc factory server tlxcdstofs33",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "3.5"
},
{
"model": "opc factory server tlxcdluofs33",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "3.5"
},
{
"model": "opc factory server tlxcdltofs33",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "3.5"
},
{
"model": "opc factory server tlxcdlfofs33",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "3.5"
},
{
"model": "opc factory server sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "3.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "opc factory server tlxcdlfofs",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "opc factory server tlxcdltofs",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "opc factory server tlxcdluofs",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "opc factory server tlxcdstofs",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "opc factory server tlxcdsuofs",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "1ab16a62-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-02181"
},
{
"db": "BID",
"id": "66643"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-058"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001905"
},
{
"db": "NVD",
"id": "CVE-2014-0789"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:schneider_electric:opc_factory_server_tlxcdlfofs",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:opc_factory_server_tlxcdltofs",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:opc_factory_server_tlxcdluofs",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:opc_factory_server_tlxcdstofs",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:opc_factory_server_tlxcdsuofs",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001905"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wei Gao",
"sources": [
{
"db": "BID",
"id": "66643"
}
],
"trust": 0.3
},
"cve": "CVE-2014-0789",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-0789",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-0789",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-02181",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "1ab16a62-2352-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-68282",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2014-0789",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2014-0789",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-0789",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-02181",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201404-058",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "1ab16a62-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-68282",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "1ab16a62-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-02181"
},
{
"db": "VULHUB",
"id": "VHN-68282"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-058"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001905"
},
{
"db": "NVD",
"id": "CVE-2014-0789"
},
{
"db": "NVD",
"id": "CVE-2014-0789"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple buffer overflows in the OPC Automation 2.0 Server Object ActiveX control in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 3.5 and earlier, TLXCDSTOFS33 3.5 and earlier, TLXCDLUOFS33 3.5 and earlier, TLXCDLTOFS33 3.5 and earlier, and TLXCDLFOFS33 3.5 and earlier allow remote attackers to cause a denial of service via long arguments to unspecified functions. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Zone overflow vulnerability. Allowing a remote attacker to cause a denial of service through the \\342\\200\\230long\\342\\200\\231 parameter. Multiple Schneider Electric Products are prone to a remote buffer-overflow vulnerability because it fails to properly validate user-supplied input. \nAttackers can exploit this issue to cause a denial-of-service condition. \nThe following products are vulnerable:\nTLXCDSUOFS33 3.5 and prior\nTLXCDSTOFS33 3.5 and prior\nTLXCDLUOFS33 3.5 and prior\nTLXCDLTOFS33 3.5 and prior\nTLXCDLFOFS33 3.5 and prior. The application features easy integration, custom interface and more",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0789"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001905"
},
{
"db": "CNVD",
"id": "CNVD-2014-02181"
},
{
"db": "BID",
"id": "66643"
},
{
"db": "IVD",
"id": "1ab16a62-2352-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-68282"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0789",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-14-093-01",
"trust": 2.8
},
{
"db": "BID",
"id": "66643",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201404-058",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-02181",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001905",
"trust": 0.8
},
{
"db": "IVD",
"id": "1AB16A62-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-68282",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "1ab16a62-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-02181"
},
{
"db": "VULHUB",
"id": "VHN-68282"
},
{
"db": "BID",
"id": "66643"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-058"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001905"
},
{
"db": "NVD",
"id": "CVE-2014-0789"
}
]
},
"id": "VAR-201404-0553",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "1ab16a62-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-02181"
},
{
"db": "VULHUB",
"id": "VHN-68282"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "1ab16a62-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-02181"
}
]
},
"last_update_date": "2025-09-26T23:41:12.986000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Vulnerability Disclosure - OPC Factory Server Buffer Overflow (SEVD 2014-084-01)",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-084-01"
},
{
"title": "Cybersecurity News",
"trust": 0.8,
"url": "http://www.schneider-electric.com/corporate/en/support/cybersecurity/viewer-news.page?c_filepath=/templatedata/Content/News/data/en/local/cybersecurity/general_information/2014/03/20140325_vulnerability_disclosure_opc_factory_server.xml"
},
{
"title": "Patch for multiple Schneider Electric product heap buffer overflow vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/44691"
},
{
"title": "OFS_CD2906_V350_SP1",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49093"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02181"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-058"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001905"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
},
{
"problemtype": "CWE-122",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68282"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001905"
},
{
"db": "NVD",
"id": "CVE-2014-0789"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-093-01"
},
{
"trust": 1.7,
"url": "http://www.schneider-electric.com/corporate/en/support/cybersecurity/viewer-news.page?c_filepath=/templatedata/content/news/data/en/local/cybersecurity/general_information/2014/03/20140325_vulnerability_disclosure_opc_factory_server.xml"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0789"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-093-01"
},
{
"trust": 1.0,
"url": "http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cybersecurity.page"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0789"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/66643"
},
{
"trust": 0.3,
"url": "http://chemical-facility-security-news.blogspot.com/2014/04/yet-another-schneider-advisory-from-ics.html"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
},
{
"trust": 0.3,
"url": "http://www2.schneider-electric.com/corporate/en/support/cybersecurity/viewer-news.page?c_filepath=/templatedata/content/news/data/en/local/cybersecurity/general_information/2014/03/20140325_vulnerabil"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02181"
},
{
"db": "VULHUB",
"id": "VHN-68282"
},
{
"db": "BID",
"id": "66643"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-058"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001905"
},
{
"db": "NVD",
"id": "CVE-2014-0789"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "1ab16a62-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-02181"
},
{
"db": "VULHUB",
"id": "VHN-68282"
},
{
"db": "BID",
"id": "66643"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-058"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001905"
},
{
"db": "NVD",
"id": "CVE-2014-0789"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-10T00:00:00",
"db": "IVD",
"id": "1ab16a62-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2014-04-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-02181"
},
{
"date": "2014-04-04T00:00:00",
"db": "VULHUB",
"id": "VHN-68282"
},
{
"date": "2014-03-25T00:00:00",
"db": "BID",
"id": "66643"
},
{
"date": "2014-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-058"
},
{
"date": "2014-04-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001905"
},
{
"date": "2014-04-04T15:09:45.917000",
"db": "NVD",
"id": "CVE-2014-0789"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-02181"
},
{
"date": "2014-04-04T00:00:00",
"db": "VULHUB",
"id": "VHN-68282"
},
{
"date": "2014-03-25T00:00:00",
"db": "BID",
"id": "66643"
},
{
"date": "2014-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-058"
},
{
"date": "2014-04-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001905"
},
{
"date": "2025-09-25T18:15:36.177000",
"db": "NVD",
"id": "CVE-2014-0789"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201404-058"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Schneider Electric OPC Factory Server Product buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001905"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "1ab16a62-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-058"
}
],
"trust": 0.8
}
}
VAR-201402-0350
Vulnerability from variot - Updated: 2025-09-25 23:24Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Schneider Electric OFS Client. User interaction is required to exploit this vulnerability in that the target must load a malicious file.The specific flaw exists within the parsing of the configuration file. A crafted configuration file will result in an exploitable stack buffer overflow. An attacker can use this to execute arbitrary code in the context of the OFS Client. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. The SESU tool used by several of these products is used to update software on Windows PC systems. Failed exploit attempts will result in a denial-of-service condition. Schneider Electric OPC Factory Server (OFS) is a set of data communication editing software of French Schneider Electric (Schneider Electric). The software supports important information access, open page design, transparent architecture and interoperability, etc., enabling users to obtain good process and communication effects. The following versions are affected: Schneider Electric OFS TLXCDSUOFS33 - version 3.35, TLXCDSTOFS33 - version 3.35, TLXCDLUOFS33 - version 3.35, TLXCDLTOFS33 - version 3.35, TLXCDLFOFS33 - version 3.35
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "opc factory server",
"scope": "eq",
"trust": 2.4,
"vendor": "schneider electric",
"version": "3.35"
},
{
"_id": null,
"model": "ofs test client tlxcdsuofs33",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "3.35"
},
{
"_id": null,
"model": "ofs test client tlxcdstofs33",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "3.35"
},
{
"_id": null,
"model": "ofs test client tlxcdlfofs33",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "3.35"
},
{
"_id": null,
"model": "ofs test client tlxcdltofs33",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "3.35"
},
{
"_id": null,
"model": "ofs test client tlxcdluofs33",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "3.35"
},
{
"_id": null,
"model": "tlxcdlfofs33",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "3.35"
},
{
"_id": null,
"model": "tlxcdltofs33",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "3.35"
},
{
"_id": null,
"model": "tlxcdluofs33",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "3.35"
},
{
"_id": null,
"model": "tlxcdstofs33",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "3.35"
},
{
"_id": null,
"model": "tlxcdsuofs33",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "3.35"
},
{
"_id": null,
"model": "opc factory server",
"scope": null,
"trust": 0.7,
"vendor": "schneider electric",
"version": null
},
{
"_id": null,
"model": "electric opc factory server",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "3.35"
},
{
"_id": null,
"model": "electric ofs test client tlxcdlfofs33",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "3.35"
},
{
"_id": null,
"model": "electric ofs test client tlxcdltofs33",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "3.35"
},
{
"_id": null,
"model": "electric ofs test client tlxcdluofs33",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "3.35"
},
{
"_id": null,
"model": "electric ofs test client tlxcdstofs33",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "3.35"
},
{
"_id": null,
"model": "electric ofs test client tlxcdsuofs33",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "3.35"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ofs test client tlxcdlfofs33",
"version": "3.35"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ofs test client tlxcdltofs33",
"version": "3.35"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ofs test client tlxcdluofs33",
"version": "3.35"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ofs test client tlxcdstofs33",
"version": "3.35"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ofs test client tlxcdsuofs33",
"version": "3.35"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "opc factory server",
"version": "3.35"
}
],
"sources": [
{
"db": "IVD",
"id": "301bda5e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-054"
},
{
"db": "CNVD",
"id": "CNVD-2014-01433"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-480"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001524"
},
{
"db": "NVD",
"id": "CVE-2014-0774"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:opc_factory_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:ofs_test_client_tlxcdlfofs33",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:ofs_test_client_tlxcdltofs33",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:ofs_test_client_tlxcdluofs33",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:ofs_test_client_tlxcdstofs33",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:ofs_test_client_tlxcdsuofs33",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001524"
}
]
},
"credits": {
"_id": null,
"data": "0x7A240E67",
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-054"
}
],
"trust": 0.7
},
"cve": "CVE-2014-0774",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CVE-2014-0774",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.1,
"id": "CVE-2014-0774",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CNVD-2014-01433",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "301bda5e-2352-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "VHN-68267",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2014-0774",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2014-0774",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-0774",
"trust": 0.8,
"value": "Medium"
},
{
"author": "ZDI",
"id": "CVE-2014-0774",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-01433",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201402-480",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "301bda5e-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-68267",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "301bda5e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-054"
},
{
"db": "CNVD",
"id": "CNVD-2014-01433"
},
{
"db": "VULHUB",
"id": "VHN-68267"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-480"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001524"
},
{
"db": "NVD",
"id": "CVE-2014-0774"
},
{
"db": "NVD",
"id": "CVE-2014-0774"
}
]
},
"description": {
"_id": null,
"data": "Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Schneider Electric OFS Client. User interaction is required to exploit this vulnerability in that the target must load a malicious file.The specific flaw exists within the parsing of the configuration file. A crafted configuration file will result in an exploitable stack buffer overflow. An attacker can use this to execute arbitrary code in the context of the OFS Client. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. The SESU tool used by several of these products is used to update software on Windows PC systems. Failed exploit attempts will result in a denial-of-service condition. Schneider Electric OPC Factory Server (OFS) is a set of data communication editing software of French Schneider Electric (Schneider Electric). The software supports important information access, open page design, transparent architecture and interoperability, etc., enabling users to obtain good process and communication effects. The following versions are affected: Schneider Electric OFS TLXCDSUOFS33 - version 3.35, TLXCDSTOFS33 - version 3.35, TLXCDLUOFS33 - version 3.35, TLXCDLTOFS33 - version 3.35, TLXCDLFOFS33 - version 3.35",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0774"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001524"
},
{
"db": "ZDI",
"id": "ZDI-14-054"
},
{
"db": "CNVD",
"id": "CNVD-2014-01433"
},
{
"db": "BID",
"id": "65871"
},
{
"db": "IVD",
"id": "301bda5e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-68267"
}
],
"trust": 3.33
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2014-0774",
"trust": 4.3
},
{
"db": "ICS CERT",
"id": "ICSA-14-058-02",
"trust": 2.5
},
{
"db": "BID",
"id": "65871",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201402-480",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-01433",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001524",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1881",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-054",
"trust": 0.7
},
{
"db": "IVD",
"id": "301BDA5E-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-68267",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "301bda5e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-054"
},
{
"db": "CNVD",
"id": "CNVD-2014-01433"
},
{
"db": "VULHUB",
"id": "VHN-68267"
},
{
"db": "BID",
"id": "65871"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-480"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001524"
},
{
"db": "NVD",
"id": "CVE-2014-0774"
}
]
},
"id": "VAR-201402-0350",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "301bda5e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-01433"
},
{
"db": "VULHUB",
"id": "VHN-68267"
}
],
"trust": 1.7333333333333334
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "301bda5e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-01433"
}
]
},
"last_update_date": "2025-09-25T23:24:13.357000Z",
"patch": {
"_id": null,
"data": [
{
"title": "SEVD 2014-031-01",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01"
},
{
"title": "Schneider Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-058-02"
},
{
"title": "Patch for Schneider Electric OPC Factory Server Privilege Escalation Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/44015"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-054"
},
{
"db": "CNVD",
"id": "CNVD-2014-01433"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001524"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
},
{
"problemtype": "CWE-121",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68267"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001524"
},
{
"db": "NVD",
"id": "CVE-2014-0774"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.2,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-058-02"
},
{
"trust": 2.7,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd%202014-031-01"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0774"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/65871"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-058-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0774"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-054"
},
{
"db": "CNVD",
"id": "CNVD-2014-01433"
},
{
"db": "VULHUB",
"id": "VHN-68267"
},
{
"db": "BID",
"id": "65871"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-480"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001524"
},
{
"db": "NVD",
"id": "CVE-2014-0774"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "301bda5e-2352-11e6-abef-000c29c66e3d",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-14-054",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2014-01433",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-68267",
"ident": null
},
{
"db": "BID",
"id": "65871",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201402-480",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001524",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2014-0774",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2014-03-05T00:00:00",
"db": "IVD",
"id": "301bda5e-2352-11e6-abef-000c29c66e3d",
"ident": null
},
{
"date": "2014-04-03T00:00:00",
"db": "ZDI",
"id": "ZDI-14-054",
"ident": null
},
{
"date": "2014-03-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01433",
"ident": null
},
{
"date": "2014-02-28T00:00:00",
"db": "VULHUB",
"id": "VHN-68267",
"ident": null
},
{
"date": "2014-02-27T00:00:00",
"db": "BID",
"id": "65871",
"ident": null
},
{
"date": "2014-02-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201402-480",
"ident": null
},
{
"date": "2014-03-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001524",
"ident": null
},
{
"date": "2014-02-28T06:18:54.277000",
"db": "NVD",
"id": "CVE-2014-0774",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2014-04-03T00:00:00",
"db": "ZDI",
"id": "ZDI-14-054",
"ident": null
},
{
"date": "2014-03-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01433",
"ident": null
},
{
"date": "2015-10-16T00:00:00",
"db": "VULHUB",
"id": "VHN-68267",
"ident": null
},
{
"date": "2014-08-01T00:02:00",
"db": "BID",
"id": "65871",
"ident": null
},
{
"date": "2014-03-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201402-480",
"ident": null
},
{
"date": "2014-03-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001524",
"ident": null
},
{
"date": "2025-09-24T22:15:34.533000",
"db": "NVD",
"id": "CVE-2014-0774",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "BID",
"id": "65871"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-480"
}
],
"trust": 0.9
},
"title": {
"_id": null,
"data": "Schneider Electric OPC Factory Server of C++ Sample client stack-based buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001524"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "301bda5e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-480"
}
],
"trust": 0.8
}
}
VAR-201403-0444
Vulnerability from variot - Updated: 2025-09-25 23:18The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider-Electric ClearSCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of OPF files. The issue lies in a failure to validate a length specifier before using it as an index into an array. An attacker can leverage this vulnerability to execute code under the context of the current process. Schneider Electric ClearSCADA is an open software platform that enables remote management of critical architectures. Schneider ClearSCADA has security holes in the implementation of parsing project files. To exploit this vulnerability you need to install the \"PLC Driver\". Schneider Electric ClearSCADA is prone to a remote code-execution vulnerability. Failed exploit attempts may result in a denial-of-service condition. 1a build 73.4903, 2013 R1.2 build 73.4955, 2013 R2 build 74.5094
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201403-0444",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clearscada",
"scope": "eq",
"trust": 1.6,
"vendor": "aveva",
"version": "2013"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "clearscada",
"version": "2013"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "clearscada",
"version": "2010"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r2 (build 71.4165)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r2.1 (build 71.4325)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3 (build 72.4560)"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2010 r3.1 (build 72.4644)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1 (build 73.4729)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1 (build 73.4832)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.1a (build 73.4903)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r1.2 (build 73.4955)"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2013 r2 (build 74.5094)"
},
{
"model": "clearscada",
"scope": null,
"trust": 0.7,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "2013"
},
{
"model": "electric clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "2010"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2010"
},
{
"model": "scada expert clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2013"
}
],
"sources": [
{
"db": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"db": "CNVD",
"id": "CNVD-2014-01024"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-250"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
},
{
"db": "NVD",
"id": "CVE-2014-0779"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:clearscada",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:scada_expert_clearscada",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrew Brooks",
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"db": "BID",
"id": "65476"
}
],
"trust": 1.0
},
"cve": "CVE-2014-0779",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2014-0779",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 3.5,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-01024",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "285fdc02-2352-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-68272",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2014-0779",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2014-0779",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-0779",
"trust": 0.8,
"value": "Medium"
},
{
"author": "ZDI",
"id": "CVE-2014-0779",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-01024",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201403-250",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-68272",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"db": "CNVD",
"id": "CNVD-2014-01024"
},
{
"db": "VULHUB",
"id": "VHN-68272"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-250"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
},
{
"db": "NVD",
"id": "CVE-2014-0779"
},
{
"db": "NVD",
"id": "CVE-2014-0779"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider-Electric ClearSCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of OPF files. The issue lies in a failure to validate a length specifier before using it as an index into an array. An attacker can leverage this vulnerability to execute code under the context of the current process. Schneider Electric ClearSCADA is an open software platform that enables remote management of critical architectures. Schneider ClearSCADA has security holes in the implementation of parsing project files. To exploit this vulnerability you need to install the \\\"PLC Driver\\\". Schneider Electric ClearSCADA is prone to a remote code-execution vulnerability. Failed exploit attempts may result in a denial-of-service condition. 1a build 73.4903, 2013 R1.2 build 73.4955, 2013 R2 build 74.5094",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0779"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
},
{
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"db": "CNVD",
"id": "CNVD-2014-01024"
},
{
"db": "BID",
"id": "65476"
},
{
"db": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-68272"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0779",
"trust": 4.3
},
{
"db": "ICS CERT",
"id": "ICSA-14-072-01",
"trust": 2.5
},
{
"db": "BID",
"id": "65476",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201403-250",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-01024",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001653",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1876",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-059",
"trust": 0.7
},
{
"db": "IVD",
"id": "285FDC02-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-68272",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"db": "CNVD",
"id": "CNVD-2014-01024"
},
{
"db": "VULHUB",
"id": "VHN-68272"
},
{
"db": "BID",
"id": "65476"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-250"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
},
{
"db": "NVD",
"id": "CVE-2014-0779"
}
]
},
"id": "VAR-201403-0444",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-01024"
},
{
"db": "VULHUB",
"id": "VHN-68272"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-01024"
}
]
},
"last_update_date": "2025-09-25T23:18:43.147000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD 2014-024-01",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01"
},
{
"title": "Schneider Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-072-01"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68272"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
},
{
"db": "NVD",
"id": "CVE-2014-0779"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-072-01"
},
{
"trust": 1.7,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-024-01"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-072-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0779"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0779"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/65476"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"db": "CNVD",
"id": "CNVD-2014-01024"
},
{
"db": "VULHUB",
"id": "VHN-68272"
},
{
"db": "BID",
"id": "65476"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-250"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
},
{
"db": "NVD",
"id": "CVE-2014-0779"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"db": "CNVD",
"id": "CNVD-2014-01024"
},
{
"db": "VULHUB",
"id": "VHN-68272"
},
{
"db": "BID",
"id": "65476"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-250"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
},
{
"db": "NVD",
"id": "CVE-2014-0779"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-02-18T00:00:00",
"db": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2014-04-03T00:00:00",
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"date": "2014-02-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01024"
},
{
"date": "2014-03-14T00:00:00",
"db": "VULHUB",
"id": "VHN-68272"
},
{
"date": "2014-01-24T00:00:00",
"db": "BID",
"id": "65476"
},
{
"date": "2014-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-250"
},
{
"date": "2014-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001653"
},
{
"date": "2014-03-14T10:55:05.803000",
"db": "NVD",
"id": "CVE-2014-0779"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-03T00:00:00",
"db": "ZDI",
"id": "ZDI-14-059"
},
{
"date": "2014-02-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01024"
},
{
"date": "2018-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-68272"
},
{
"date": "2015-03-19T09:33:00",
"db": "BID",
"id": "65476"
},
{
"date": "2014-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-250"
},
{
"date": "2014-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001653"
},
{
"date": "2025-09-24T22:15:35.147000",
"db": "NVD",
"id": "CVE-2014-0779"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201403-250"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric StruxureWare SCADA Expert ClearSCADA of Kepware KepServerEX 4 Component ServerMain.exe Inside PLC Service disruption in drivers (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001653"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "285fdc02-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-250"
}
],
"trust": 0.8
}
}
VAR-201402-0349
Vulnerability from variot - Updated: 2025-09-20 23:07Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character. Supplementary information : CWE Vulnerability type by CWE-428: Unquoted Search Path or Element ( Unquoted search path or element ) Has been identified. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. The SESU tool used by several of these products is used to update software on Windows PC systems. Attackers can leverage this issue to gain escalated privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201402-0349",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "floating license manager",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "1.0.0"
},
{
"model": "floating license manager",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "1.4.0"
},
{
"model": "floating license manager",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "1.0.0 to 1.4.0"
},
{
"model": "electric floating license manager",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "1.0.0-1.4.0"
},
{
"model": "floating license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.4"
},
{
"model": "floating license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.3"
},
{
"model": "floating license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.2"
},
{
"model": "floating license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.1"
},
{
"model": "floating license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "floating license manager",
"version": "1.0.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "floating license manager",
"version": "1.4.0"
}
],
"sources": [
{
"db": "IVD",
"id": "302331f0-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-01407"
},
{
"db": "BID",
"id": "65873"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-479"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001523"
},
{
"db": "NVD",
"id": "CVE-2014-0759"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:floating_license_manager",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001523"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "65873"
}
],
"trust": 0.3
},
"cve": "CVE-2014-0759",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CVE-2014-0759",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 2.9,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CNVD-2014-01407",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "302331f0-2352-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "VHN-68252",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2014-0759",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2014-0759",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-0759",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-01407",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201402-479",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "302331f0-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-68252",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2014-0759",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "302331f0-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-01407"
},
{
"db": "VULHUB",
"id": "VHN-68252"
},
{
"db": "VULMON",
"id": "CVE-2014-0759"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-479"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001523"
},
{
"db": "NVD",
"id": "CVE-2014-0759"
},
{
"db": "NVD",
"id": "CVE-2014-0759"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character. Supplementary information : CWE Vulnerability type by CWE-428: Unquoted Search Path or Element ( Unquoted search path or element ) Has been identified. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. The SESU tool used by several of these products is used to update software on Windows PC systems. \nAttackers can leverage this issue to gain escalated privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0759"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001523"
},
{
"db": "CNVD",
"id": "CNVD-2014-01407"
},
{
"db": "BID",
"id": "65873"
},
{
"db": "IVD",
"id": "302331f0-2352-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-68252"
},
{
"db": "VULMON",
"id": "CVE-2014-0759"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0759",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-14-058-01",
"trust": 3.5
},
{
"db": "BID",
"id": "65873",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201402-479",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-01407",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001523",
"trust": 0.8
},
{
"db": "IVD",
"id": "302331F0-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-68252",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-0759",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "302331f0-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-01407"
},
{
"db": "VULHUB",
"id": "VHN-68252"
},
{
"db": "VULMON",
"id": "CVE-2014-0759"
},
{
"db": "BID",
"id": "65873"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-479"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001523"
},
{
"db": "NVD",
"id": "CVE-2014-0759"
}
]
},
"id": "VAR-201402-0349",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "302331f0-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-01407"
},
{
"db": "VULHUB",
"id": "VHN-68252"
}
],
"trust": 1.4916666699999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "302331f0-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-01407"
}
]
},
"last_update_date": "2025-09-20T23:07:13.028000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2014-015-01",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-015-01"
},
{
"title": "Patch for Schneider Electric Floating License Manager Privilege Escalation Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/44006"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Ontothecloud/cwe-428 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Ontothecloud/CWE-428 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01407"
},
{
"db": "VULMON",
"id": "CVE-2014-0759"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001523"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-428",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001523"
},
{
"db": "NVD",
"id": "CVE-2014-0759"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-058-01"
},
{
"trust": 1.8,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-015-01"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-058-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0759"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0759"
},
{
"trust": 0.3,
"url": "www.controlmicrosystems.com"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://github.com/ontothecloud/cwe-428"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01407"
},
{
"db": "VULHUB",
"id": "VHN-68252"
},
{
"db": "VULMON",
"id": "CVE-2014-0759"
},
{
"db": "BID",
"id": "65873"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-479"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001523"
},
{
"db": "NVD",
"id": "CVE-2014-0759"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "302331f0-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-01407"
},
{
"db": "VULHUB",
"id": "VHN-68252"
},
{
"db": "VULMON",
"id": "CVE-2014-0759"
},
{
"db": "BID",
"id": "65873"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-479"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001523"
},
{
"db": "NVD",
"id": "CVE-2014-0759"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-03-04T00:00:00",
"db": "IVD",
"id": "302331f0-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2014-03-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01407"
},
{
"date": "2014-02-28T00:00:00",
"db": "VULHUB",
"id": "VHN-68252"
},
{
"date": "2014-02-28T00:00:00",
"db": "VULMON",
"id": "CVE-2014-0759"
},
{
"date": "2014-02-27T00:00:00",
"db": "BID",
"id": "65873"
},
{
"date": "2014-02-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201402-479"
},
{
"date": "2014-03-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001523"
},
{
"date": "2014-02-28T06:18:54.260000",
"db": "NVD",
"id": "CVE-2014-0759"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-03-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01407"
},
{
"date": "2014-02-28T00:00:00",
"db": "VULHUB",
"id": "VHN-68252"
},
{
"date": "2014-02-28T00:00:00",
"db": "VULMON",
"id": "CVE-2014-0759"
},
{
"date": "2014-02-27T00:00:00",
"db": "BID",
"id": "65873"
},
{
"date": "2014-03-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201402-479"
},
{
"date": "2014-03-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001523"
},
{
"date": "2025-09-19T19:15:36.973000",
"db": "NVD",
"id": "CVE-2014-0759"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "65873"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-479"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Floating License Manager Privilege Escalation Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01407"
},
{
"db": "BID",
"id": "65873"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "302331f0-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-479"
}
],
"trust": 0.8
}
}
VAR-202406-0502
Vulnerability from variot - Updated: 2025-09-19 23:13CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behavior of the webserver when specific files or directories are removed from the filesystem. Schneider Electric of Modicon M340 firmware, BMXNOE0100 firmware, BMXNOE0110 Firmware contains vulnerabilities related to externally accessible files or directories.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Schneider Electric Modicon M340 is a medium-range PLC (programmable logic controller) for industrial processes and infrastructure from Schneider Electric, a French company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202406-0502",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bmxnoe0110",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "bmxnoe0100",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "bmxnoe0100",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0110",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m340",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-29560"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-006466"
},
{
"db": "NVD",
"id": "CVE-2024-5056"
}
]
},
"cve": "CVE-2024-5056",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2024-29560",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2024-5056",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2024-5056",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-5056",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cybersecurity@se.com",
"id": "CVE-2024-5056",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2024-5056",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2024-29560",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-29560"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-006466"
},
{
"db": "NVD",
"id": "CVE-2024-5056"
},
{
"db": "NVD",
"id": "CVE-2024-5056"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may\nprevent user to update the device firmware and prevent proper behavior of the webserver when\nspecific files or directories are removed from the filesystem. Schneider Electric of Modicon M340 firmware, BMXNOE0100 firmware, BMXNOE0110 Firmware contains vulnerabilities related to externally accessible files or directories.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Schneider Electric Modicon M340 is a medium-range PLC (programmable logic controller) for industrial processes and infrastructure from Schneider Electric, a French company",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-5056"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-006466"
},
{
"db": "CNVD",
"id": "CNVD-2024-29560"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-5056",
"trust": 3.2
},
{
"db": "SCHNEIDER",
"id": "SEVD-2024-163-01",
"trust": 2.4
},
{
"db": "ICS CERT",
"id": "ICSA-25-254-09",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU90637001",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-006466",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-29560",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-29560"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-006466"
},
{
"db": "NVD",
"id": "CVE-2024-5056"
}
]
},
"id": "VAR-202406-0502",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-29560"
}
],
"trust": 1.5935065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-29560"
}
]
},
"last_update_date": "2025-09-19T23:13:14.015000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Schneider Electric Modicon M340 Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/563691"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-29560"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-552",
"trust": 1.0
},
{
"problemtype": "Externally accessible file or directory (CWE-552) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-006466"
},
{
"db": "NVD",
"id": "CVE-2024-5056"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2024-163-01\u0026p_endoctype=security+and+safety+notice\u0026p_file_name=sevd-2024-163-01.pdf"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90637001/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-5056"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-254-09"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-29560"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-006466"
},
{
"db": "NVD",
"id": "CVE-2024-5056"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-29560"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-006466"
},
{
"db": "NVD",
"id": "CVE-2024-5056"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-06-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-29560"
},
{
"date": "2024-08-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-006466"
},
{
"date": "2024-06-12T12:15:10.233000",
"db": "NVD",
"id": "CVE-2024-5056"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-06-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-29560"
},
{
"date": "2025-09-16T05:16:00",
"db": "JVNDB",
"id": "JVNDB-2024-006466"
},
{
"date": "2024-08-23T16:04:14.643000",
"db": "NVD",
"id": "CVE-2024-5056"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Schneider\u00a0Electric\u00a0 Vulnerabilities related to externally accessible files or directories in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-006466"
}
],
"trust": 0.8
}
}
VAR-201502-0244
Vulnerability from variot - Updated: 2025-09-07 23:20Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library 1.0.0 and earlier, EM X80 Gateway DTM (MB TCP/SL), Advantys DTM for OTB, Advantys DTM for STB, KINOS DTM, SOLO DTM, and Xantrex DTMs allows remote attackers to execute arbitrary code via unspecified vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric SoMove Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the IsObjectModel.ModelObject.1 ActiveX control in isObjectModel.dll. The control does not check the length of an attacker-supplied string in the RemoveParameter method before copying it into a fixed length buffer on the stack. This allows an attacker to execute arbitrary code in the context of the browser process. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Failed exploit attempts will result in a denial-of-service condition. Schneider Electric Unity Pro, etc. are all products of French Schneider Electric (Schneider Electric). Schneider Electric Unity Pro is a set of development software for testing, debugging and managing applications; SoMachine is a set of original equipment manufacturer (OEM) automation platform integrated with Vijeo-Designer (human machine interface HMI development software); SoMove is a Installation software for motor control equipment
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201502-0244",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "somachine",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "somove lite",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "unity pro",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "somove",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "somove lite",
"scope": null,
"trust": 1.5,
"vendor": "schneider electric",
"version": null
},
{
"model": "somachine",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "somove",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "unity pro",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric unity pro",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric somachine",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric somove lite",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric somove",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modbus communication library",
"scope": "lte",
"trust": 0.6,
"vendor": "schneider",
"version": "\u003c=2.2.6"
},
{
"model": "electric canopen communication library",
"scope": "lte",
"trust": 0.6,
"vendor": "schneider",
"version": "\u003c=1.0.2"
},
{
"model": "electric ethernet/ip communication librar",
"scope": "lte",
"trust": 0.6,
"vendor": "schneider",
"version": "\u003c=1.0.0"
},
{
"model": "electric xantrex dtms",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric solo dtm",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric advantys dtms",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric em gateway dtm",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "x80"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "somachine",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "somove",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "somove lite",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "unity pro",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "a52677d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-040"
},
{
"db": "CNVD",
"id": "CNVD-2015-00775"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-005"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007827"
},
{
"db": "NVD",
"id": "CVE-2014-9200"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:somachine",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:somove",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:somove_lite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:unity_pro",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007827"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ariele Caltabiano (kimiya)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-040"
},
{
"db": "BID",
"id": "72335"
}
],
"trust": 1.0
},
"cve": "CVE-2014-9200",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-9200",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 3.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-00775",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "a52677d8-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-77145",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2014-9200",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2014-9200",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-9200",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2014-9200",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-00775",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201502-005",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "a52677d8-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-77145",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a52677d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-040"
},
{
"db": "CNVD",
"id": "CNVD-2015-00775"
},
{
"db": "VULHUB",
"id": "VHN-77145"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-005"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007827"
},
{
"db": "NVD",
"id": "CVE-2014-9200"
},
{
"db": "NVD",
"id": "CVE-2014-9200"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library 1.0.0 and earlier, EM X80 Gateway DTM (MB TCP/SL), Advantys DTM for OTB, Advantys DTM for STB, KINOS DTM, SOLO DTM, and Xantrex DTMs allows remote attackers to execute arbitrary code via unspecified vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric SoMove Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the IsObjectModel.ModelObject.1 ActiveX control in isObjectModel.dll. The control does not check the length of an attacker-supplied string in the RemoveParameter method before copying it into a fixed length buffer on the stack. This allows an attacker to execute arbitrary code in the context of the browser process. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Failed exploit attempts will result in a denial-of-service condition. Schneider Electric Unity Pro, etc. are all products of French Schneider Electric (Schneider Electric). Schneider Electric Unity Pro is a set of development software for testing, debugging and managing applications; SoMachine is a set of original equipment manufacturer (OEM) automation platform integrated with Vijeo-Designer (human machine interface HMI development software); SoMove is a Installation software for motor control equipment",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9200"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007827"
},
{
"db": "ZDI",
"id": "ZDI-15-040"
},
{
"db": "CNVD",
"id": "CNVD-2015-00775"
},
{
"db": "BID",
"id": "72335"
},
{
"db": "IVD",
"id": "a52677d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-77145"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-9200",
"trust": 4.3
},
{
"db": "ICS CERT",
"id": "ICSA-15-027-02",
"trust": 3.1
},
{
"db": "BID",
"id": "72335",
"trust": 2.0
},
{
"db": "SCHNEIDER",
"id": "SEVD-2015-009-01",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201502-005",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-00775",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007827",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2478",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-15-040",
"trust": 0.7
},
{
"db": "IVD",
"id": "A52677D8-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-77145",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "a52677d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-040"
},
{
"db": "CNVD",
"id": "CNVD-2015-00775"
},
{
"db": "VULHUB",
"id": "VHN-77145"
},
{
"db": "BID",
"id": "72335"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-005"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007827"
},
{
"db": "NVD",
"id": "CVE-2014-9200"
}
]
},
"id": "VAR-201502-0244",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a52677d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00775"
},
{
"db": "VULHUB",
"id": "VHN-77145"
}
],
"trust": 1.84333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "a52677d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00775"
}
]
},
"last_update_date": "2025-09-07T23:20:15.580000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2015-009-01",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-009-01"
},
{
"title": "Schneider Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-027-02"
},
{
"title": "Patch for multiple Schneider Electric product stack buffer overflow vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/54843"
},
{
"title": "FDT1 DLL Removal Patch",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53580"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-040"
},
{
"db": "CNVD",
"id": "CNVD-2015-00775"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-005"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007827"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
},
{
"problemtype": "CWE-121",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77145"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007827"
},
{
"db": "NVD",
"id": "CVE-2014-9200"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-027-02"
},
{
"trust": 2.7,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd-2015-009-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/72335"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-027-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9200"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9200"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-040"
},
{
"db": "CNVD",
"id": "CNVD-2015-00775"
},
{
"db": "VULHUB",
"id": "VHN-77145"
},
{
"db": "BID",
"id": "72335"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-005"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007827"
},
{
"db": "NVD",
"id": "CVE-2014-9200"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a52677d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-040"
},
{
"db": "CNVD",
"id": "CNVD-2015-00775"
},
{
"db": "VULHUB",
"id": "VHN-77145"
},
{
"db": "BID",
"id": "72335"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-005"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007827"
},
{
"db": "NVD",
"id": "CVE-2014-9200"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-02T00:00:00",
"db": "IVD",
"id": "a52677d8-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-02-10T00:00:00",
"db": "ZDI",
"id": "ZDI-15-040"
},
{
"date": "2015-01-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00775"
},
{
"date": "2015-02-01T00:00:00",
"db": "VULHUB",
"id": "VHN-77145"
},
{
"date": "2015-01-09T00:00:00",
"db": "BID",
"id": "72335"
},
{
"date": "2015-02-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-005"
},
{
"date": "2015-02-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007827"
},
{
"date": "2015-02-01T15:59:06.197000",
"db": "NVD",
"id": "CVE-2014-9200"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-10T00:00:00",
"db": "ZDI",
"id": "ZDI-15-040"
},
{
"date": "2015-02-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00775"
},
{
"date": "2016-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-77145"
},
{
"date": "2015-07-15T00:14:00",
"db": "BID",
"id": "72335"
},
{
"date": "2015-02-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-005"
},
{
"date": "2015-02-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007827"
},
{
"date": "2025-09-05T22:15:33.803000",
"db": "NVD",
"id": "CVE-2014-9200"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-005"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Schneider Electric Product DTM Unspecified development kit DLL File stack-based buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007827"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "a52677d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-005"
}
],
"trust": 0.8
}
}
VAR-201501-0403
Vulnerability from variot - Updated: 2025-09-07 23:19The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session. Schneider Electric ETG3000 FactoryCast HMI Gateway is a new intelligent web gateway. This BID is being retired as a duplicate of BID 72258. This may aid in further attacks. This vulnerability stems from the lack of an effective trust management mechanism in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201501-0403",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tsxetg3022",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxetg3021",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxetg3010",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxetg3000",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric etg3000 factorycast hmi gateway",
"scope": null,
"trust": 1.2,
"vendor": "schneider",
"version": null
},
{
"model": "etg3000 factorycast hmi gateway",
"scope": "eq",
"trust": 1.2,
"vendor": "schneider electric",
"version": "1.60.4"
},
{
"model": "etg3000 factorycast hmi gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "1.60.4"
},
{
"model": "etg3000 factorycast hmi gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "1.60 ir 04"
},
{
"model": "tsxetg3000",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxetg3010",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxetg3021",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxetg3022",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "etg3000 factorycast hmi gateway tsxetg3022",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "etg3000 factorycast hmi gateway tsxetg3021",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "etg3000 factorycast hmi gateway tsxetg3010",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "etg3000 factorycast hmi gateway tsxetg3000",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "etg3000 factorycast hmi gateway ir",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.6004"
},
{
"model": "factorycast hmi gateway",
"scope": "eq",
"trust": 0.2,
"vendor": "etg3000",
"version": "3.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxetg3021",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxetg3000",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "etg3000 factorycast hmi gateway",
"version": "1.60.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxetg3022",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxetg3010",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "1d9bbecc-1e97-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a629a808-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00498"
},
{
"db": "CNVD",
"id": "CNVD-2015-00647"
},
{
"db": "BID",
"id": "77765"
},
{
"db": "BID",
"id": "72258"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-634"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007804"
},
{
"db": "NVD",
"id": "CVE-2014-9198"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:etg3000_factorycast_hmi_gateway_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:tsxetg3000",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:tsxetg3010",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:tsxetg3021",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:tsxetg3022",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007804"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown,Narendra Shinde of Qualys Security",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201501-613"
}
],
"trust": 0.6
},
"cve": "CVE-2014-9198",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-9198",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 2.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-00498",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-00647",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "1d9bbecc-1e97-11e6-abef-000c29c66e3d",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "a629a808-2351-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-77143",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2014-9198",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2014-9198",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-9198",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-00498",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-00647",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201501-613",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201501-634",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "1d9bbecc-1e97-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "a629a808-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-77143",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "1d9bbecc-1e97-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a629a808-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00498"
},
{
"db": "CNVD",
"id": "CNVD-2015-00647"
},
{
"db": "VULHUB",
"id": "VHN-77143"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-613"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-634"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007804"
},
{
"db": "NVD",
"id": "CVE-2014-9198"
},
{
"db": "NVD",
"id": "CVE-2014-9198"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session. Schneider Electric ETG3000 FactoryCast HMI Gateway is a new intelligent web gateway. This BID is being retired as a duplicate of BID 72258. This may aid in further attacks. This vulnerability stems from the lack of an effective trust management mechanism in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9198"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007804"
},
{
"db": "CNVD",
"id": "CNVD-2015-00498"
},
{
"db": "CNVD",
"id": "CNVD-2015-00647"
},
{
"db": "BID",
"id": "77765"
},
{
"db": "BID",
"id": "72258"
},
{
"db": "IVD",
"id": "1d9bbecc-1e97-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a629a808-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-77143"
}
],
"trust": 3.69
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-9198",
"trust": 4.7
},
{
"db": "ICS CERT",
"id": "ICSA-15-020-02",
"trust": 4.3
},
{
"db": "BID",
"id": "72258",
"trust": 2.6
},
{
"db": "BID",
"id": "77765",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201501-613",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2015-00647",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-00498",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007804",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201501-634",
"trust": 0.7
},
{
"db": "IVD",
"id": "1D9BBECC-1E97-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "A629A808-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-77143",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "1d9bbecc-1e97-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a629a808-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00498"
},
{
"db": "CNVD",
"id": "CNVD-2015-00647"
},
{
"db": "VULHUB",
"id": "VHN-77143"
},
{
"db": "BID",
"id": "77765"
},
{
"db": "BID",
"id": "72258"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-613"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-634"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007804"
},
{
"db": "NVD",
"id": "CVE-2014-9198"
}
]
},
"id": "VAR-201501-0403",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "1d9bbecc-1e97-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a629a808-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00498"
},
{
"db": "CNVD",
"id": "CNVD-2015-00647"
},
{
"db": "VULHUB",
"id": "VHN-77143"
}
],
"trust": 2.5181818
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 1.2
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.4
}
],
"sources": [
{
"db": "IVD",
"id": "1d9bbecc-1e97-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a629a808-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00498"
},
{
"db": "CNVD",
"id": "CNVD-2015-00647"
}
]
},
"last_update_date": "2025-09-07T23:19:23.715000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "TSX ETG 30xx V1.60 IR04",
"trust": 0.8,
"url": "http://www.schneider-electric.com/download/WW/EN/details/681790255-TSXETG30xx-V160-IR4/?showAsIframe=true\u0026amp;reference=ETG30xxV160-IR04"
},
{
"title": "Schneider Electric ETG3000 FactoryCast HMI Gateway FTP built-in password vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/54452"
},
{
"title": "Schneider Electric ETG3000 FactoryCast HMI Gateway verifies patches for bypassing vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/54278"
},
{
"title": "ETG30xx_V1.60.4_UpgradeFw",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53568"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00498"
},
{
"db": "CNVD",
"id": "CNVD-2015-00647"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-634"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007804"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
},
{
"problemtype": "CWE-798",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77143"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007804"
},
{
"db": "NVD",
"id": "CVE-2014-9198"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-020-02"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/72258"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/77765"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9198"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-020-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9198"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00498"
},
{
"db": "CNVD",
"id": "CNVD-2015-00647"
},
{
"db": "VULHUB",
"id": "VHN-77143"
},
{
"db": "BID",
"id": "77765"
},
{
"db": "BID",
"id": "72258"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-613"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-634"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007804"
},
{
"db": "NVD",
"id": "CVE-2014-9198"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "1d9bbecc-1e97-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a629a808-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00498"
},
{
"db": "CNVD",
"id": "CNVD-2015-00647"
},
{
"db": "VULHUB",
"id": "VHN-77143"
},
{
"db": "BID",
"id": "77765"
},
{
"db": "BID",
"id": "72258"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-613"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-634"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007804"
},
{
"db": "NVD",
"id": "CVE-2014-9198"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-27T00:00:00",
"db": "IVD",
"id": "1d9bbecc-1e97-11e6-abef-000c29c66e3d"
},
{
"date": "2015-01-23T00:00:00",
"db": "IVD",
"id": "a629a808-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-01-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00498"
},
{
"date": "2015-01-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00647"
},
{
"date": "2015-01-27T00:00:00",
"db": "VULHUB",
"id": "VHN-77143"
},
{
"date": "2015-01-27T00:00:00",
"db": "BID",
"id": "77765"
},
{
"date": "2015-01-21T00:00:00",
"db": "BID",
"id": "72258"
},
{
"date": "2015-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-613"
},
{
"date": "2015-01-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-634"
},
{
"date": "2015-01-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007804"
},
{
"date": "2015-01-27T19:59:10.810000",
"db": "NVD",
"id": "CVE-2014-9198"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00498"
},
{
"date": "2015-01-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00647"
},
{
"date": "2019-04-15T00:00:00",
"db": "VULHUB",
"id": "VHN-77143"
},
{
"date": "2019-04-12T18:00:00",
"db": "BID",
"id": "77765"
},
{
"date": "2019-04-12T19:00:00",
"db": "BID",
"id": "72258"
},
{
"date": "2019-04-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-613"
},
{
"date": "2021-09-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-634"
},
{
"date": "2015-01-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007804"
},
{
"date": "2025-09-05T22:15:33.430000",
"db": "NVD",
"id": "CVE-2014-9198"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "77765"
},
{
"db": "BID",
"id": "72258"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric ETG3000 FactoryCast HMI Gateway FTP Built-in password vulnerability",
"sources": [
{
"db": "IVD",
"id": "a629a808-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00498"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201501-613"
}
],
"trust": 0.6
}
}
VAR-201501-0402
Vulnerability from variot - Updated: 2025-09-07 23:19The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. Schneider Electric ETG3000 FactoryCast HMI Gateway is a web-based SCADA system. The vulnerability is caused by the program not enforcing adequate access controls when storing the rde.jar file in the web root directory
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201501-0402",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "etg3000 factorycast hmi gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "1.60.2"
},
{
"model": "tsxetg3022",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxetg3021",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxetg3000",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxetg3010",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "etg3000 factorycast hmi gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "1.60 ir 04"
},
{
"model": "tsxetg3000",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxetg3010",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxetg3021",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxetg3022",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric etg3000 factorycast hmi gateway",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "etg3000 factorycast hmi gateway tsxetg3022",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "etg3000 factorycast hmi gateway tsxetg3021",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "etg3000 factorycast hmi gateway tsxetg3010",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "etg3000 factorycast hmi gateway tsxetg3000",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "etg3000 factorycast hmi gateway",
"version": "1.60.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxetg3000",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxetg3010",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxetg3021",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxetg3022",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "a627b6e2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00648"
},
{
"db": "BID",
"id": "72254"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-616"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007803"
},
{
"db": "NVD",
"id": "CVE-2014-9197"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:etg3000_factorycast_hmi_gateway_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:tsxetg3000",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:tsxetg3010",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:tsxetg3021",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:tsxetg3022",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007803"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Narendra Shinde of Qualys Security",
"sources": [
{
"db": "BID",
"id": "72254"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-616"
}
],
"trust": 0.9
},
"cve": "CVE-2014-9197",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-9197",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-9197",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-00648",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "a627b6e2-2351-11e6-abef-000c29c66e3d",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-77142",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2014-9197",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2014-9197",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-9197",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-00648",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201501-616",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "a627b6e2-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-77142",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a627b6e2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00648"
},
{
"db": "VULHUB",
"id": "VHN-77142"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-616"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007803"
},
{
"db": "NVD",
"id": "CVE-2014-9197"
},
{
"db": "NVD",
"id": "CVE-2014-9197"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. Schneider Electric ETG3000 FactoryCast HMI Gateway is a web-based SCADA system. The vulnerability is caused by the program not enforcing adequate access controls when storing the rde.jar file in the web root directory",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9197"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007803"
},
{
"db": "CNVD",
"id": "CNVD-2015-00648"
},
{
"db": "BID",
"id": "72254"
},
{
"db": "IVD",
"id": "a627b6e2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-77142"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-9197",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-020-02",
"trust": 2.8
},
{
"db": "BID",
"id": "72254",
"trust": 1.6
},
{
"db": "CNNVD",
"id": "CNNVD-201501-616",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-00648",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007803",
"trust": 0.8
},
{
"db": "IVD",
"id": "A627B6E2-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-77142",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "a627b6e2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00648"
},
{
"db": "VULHUB",
"id": "VHN-77142"
},
{
"db": "BID",
"id": "72254"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-616"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007803"
},
{
"db": "NVD",
"id": "CVE-2014-9197"
}
]
},
"id": "VAR-201501-0402",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a627b6e2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00648"
},
{
"db": "VULHUB",
"id": "VHN-77142"
}
],
"trust": 1.7181818
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "a627b6e2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00648"
}
]
},
"last_update_date": "2025-09-07T23:19:23.671000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "TSX ETG 30xx V1.60 IR04",
"trust": 0.8,
"url": "http://www.schneider-electric.com/download/WW/EN/details/681790255-TSXETG30xx-V160-IR4/?showAsIframe=true\u0026amp;reference=ETG30xxV160-IR04"
},
{
"title": "Schneider Electric ETG3000 FactoryCast HMI Gateway Unauthorized Access Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/54277"
},
{
"title": "ETG30xx_V1.60.4_UpgradeFw",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53568"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00648"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-616"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007803"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.1
},
{
"problemtype": "CWE-306",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77142"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007803"
},
{
"db": "NVD",
"id": "CVE-2014-9197"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-020-02"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/72254"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-020-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9197"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9197"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00648"
},
{
"db": "VULHUB",
"id": "VHN-77142"
},
{
"db": "BID",
"id": "72254"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-616"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007803"
},
{
"db": "NVD",
"id": "CVE-2014-9197"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a627b6e2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00648"
},
{
"db": "VULHUB",
"id": "VHN-77142"
},
{
"db": "BID",
"id": "72254"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-616"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007803"
},
{
"db": "NVD",
"id": "CVE-2014-9197"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-27T00:00:00",
"db": "IVD",
"id": "a627b6e2-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-01-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00648"
},
{
"date": "2015-01-27T00:00:00",
"db": "VULHUB",
"id": "VHN-77142"
},
{
"date": "2015-01-20T00:00:00",
"db": "BID",
"id": "72254"
},
{
"date": "2015-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-616"
},
{
"date": "2015-01-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007803"
},
{
"date": "2015-01-27T19:59:00.040000",
"db": "NVD",
"id": "CVE-2014-9197"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00648"
},
{
"date": "2015-01-28T00:00:00",
"db": "VULHUB",
"id": "VHN-77142"
},
{
"date": "2015-01-20T00:00:00",
"db": "BID",
"id": "72254"
},
{
"date": "2015-01-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-616"
},
{
"date": "2015-01-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007803"
},
{
"date": "2025-09-05T22:15:33.210000",
"db": "NVD",
"id": "CVE-2014-9197"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201501-616"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric ETG3000 FactoryCast HMI Gateway Unauthorized Access Vulnerability",
"sources": [
{
"db": "IVD",
"id": "a627b6e2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00648"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201501-616"
}
],
"trust": 0.6
}
}
VAR-201410-1134
Vulnerability from variot - Updated: 2025-08-26 23:21Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request. Schneider Electric provides products and services in the areas of energy and infrastructure, industry, data centers and networks, buildings and residential. Exploiting this issue can allow an attacker to gain access to arbitrary files. Information harvested may aid in launching further attacks. Schneider Electric Modicon PLC Ethernet is an Ethernet programmable controller produced by French Schneider Electric (Schneider Electric). The following versions are affected: Schneider Electric Modicon PLC Ethernet modules 140CPU65x Version, 140NOC78x Version, 140NOE77x Version, BMXNOC0401 Version, BMXNOC0402 Version, BMXNOE0100 Version, BMXNOE0110x Version, TSXETC101 Version, TSXETC0101 Version, TSXETY4103x Version, TSXETY5103x Version, TSXP57x Version, TSXP57x Version
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201410-1134",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tsxp574823m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp572634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxety5103c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxety110ws",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "171ccc96020c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp574823mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxety5103",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342020h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "stbnic2212",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "171ccc98030",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxetz410",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342030h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "171ccc96030c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp574634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxety4103",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxnoe0110h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxety110wsc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp573634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580 bmxnoc0402",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxetz510",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "stbnip2212",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "171ccc98020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxwmy100c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxetc0101",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxntp100",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxnoe0110",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxnoc0401",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxwmy100",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxnoe0100",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp574823am",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp573623mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxetc100",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342030",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxety4103c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp576634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxnor0200h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "171ccc96030",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp575634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "171ccc96020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp571634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon plc ethernet communication module",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "140cpu65x exec 5.5"
},
{
"model": "modicon plc ethernet communication module",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "140noc78x exec 1.62"
},
{
"model": "modicon plc ethernet communication module",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "140noe77x exec 6.2"
},
{
"model": "modicon plc ethernet communication module",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "bmxnoc0401 2.05"
},
{
"model": "modicon plc ethernet communication module",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "bmxnoe0100 2.9"
},
{
"model": "modicon plc ethernet communication module",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "bmxnoe0110x exec 6.0"
},
{
"model": "modicon plc ethernet communication module",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "tsxetc101 exec 2.04"
},
{
"model": "modicon plc ethernet communication module",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "tsxety4103x exec 5.7"
},
{
"model": "modicon plc ethernet communication module",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "tsxety5103x exec 5.9"
},
{
"model": "modicon plc ethernet communication module",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "tsxp57x ethernet copro exec 5.5"
},
{
"model": "modicon plc ethernet communication module",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "tsxp57x etyport exec 5.7"
},
{
"model": "electric modicon plc ethernet module",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "modicon plc ethernet module",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "bmxp3420302h"
},
{
"model": "modicon plc ethernet module",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "bmxp342030h"
},
{
"model": "modicon plc ethernet module",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "tsxp573634m"
},
{
"model": "modicon plc ethernet module",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "140cpu65160"
},
{
"model": "modicon plc ethernet module",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "tsxp572623mc"
},
{
"model": "modicon plc ethernet module",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "tsxp572623m"
},
{
"model": "modicon plc ethernet module",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "140cpu65150"
},
{
"model": "modicon plc ethernet module",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "171ccc96020"
},
{
"model": "modicon plc ethernet module",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "140cpu65260"
},
{
"model": "modicon plc ethernet module",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "171ccc96020c"
},
{
"model": "tsxwmy100",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxwmy10",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp576634",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp575634",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp574823m",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp574823a",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp574823",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp574634",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp573634",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp573623m",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp573623a",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp573623",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp572823m",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp572823",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp572634",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp572623mc",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp572623m",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp571634m",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxntp100",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxetz510",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxetz410",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxety5103c",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxety5103",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxety4103c",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxety4103",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxety110wsc",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxety110ws",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxetc100",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxetc0101",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "bmxprmxxxx",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "bmxp342030h",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "bmxp3420302h",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "bmxp342030",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "bmxp342020h",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "bmxp342020",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "bmxnor0200h",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "bmxnoe0110h",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "bmxnoe0110",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "bmxnoe0100",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "bmxnoc0402",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "bmxnoc0401",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "bmx noe",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "01100"
},
{
"model": "171ccc98030",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "171ccc98020",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "171ccc96030c",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "171ccc96030",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "171ccc96020c",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "171ccc96020",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "170ent11002",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "170ent11001",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "140nwm10000",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "140noe77111c",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "140noe77111",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "140noe77110",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "140noe77101c",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "140noe77101",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "140noe77100",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "140noc78100",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "140noc78000",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "140noc77100",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "140cpu65260",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "140cpu65160",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "140cpu65150",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "bmxnor0200h",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "140cpu65150",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "140cpu65160",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "140cpu65260",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "140noc77100",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "140noc78000",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "140noe77100",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "140noe77101",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "140noe77101c",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "140noe77110",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "140noe77111",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "140noe77111c",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "140nwm10000",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "170ent11001",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "170ent11002",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "170ent11002c",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "171ccc96020",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "171ccc96020c",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "171ccc96030",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "171ccc96030c",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "171ccc98020",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "171ccc98030",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "bmxnoc0401",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "bmxnoc0402",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "bmxnoe0100",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "bmxnoe0110",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "bmxnoe0110h",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "bmxp342020",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "bmxp342020h",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "bmxp342030",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "bmxp342030h",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "bmxp3420302",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "bmxp3420302h",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "bmxprmxxxx",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "stbnic2212",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "stbnip2212",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxetc100",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxetc0101",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxety110ws",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxety110wsc",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxety4103",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxety4103c",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxety5103",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxety5103c",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxetz410",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxetz510",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxntp100",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxp571634m",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxp572623m",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxp572623mc",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxp572823m",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxp572823mc",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxp573623am",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxp573623m",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxp573623mc",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxp573634m",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxp574634m",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxp574823am",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxp574823m",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxp574823mc",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxp575634m",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxp576634m",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxwmy100",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxwmy100c",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "cce5fe38-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06695"
},
{
"db": "BID",
"id": "70193"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004531"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-075"
},
{
"db": "NVD",
"id": "CVE-2014-0754"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:schneider_electric:modicon_plc_ethernet_module",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004531"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Billy Rios",
"sources": [
{
"db": "BID",
"id": "70193"
}
],
"trust": 0.3
},
"cve": "CVE-2014-0754",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-0754",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 2.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-06695",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "cce5fe38-2351-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-68247",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2014-0754",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2014-0754",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-0754",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-06695",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201410-075",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "cce5fe38-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-68247",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "cce5fe38-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06695"
},
{
"db": "VULHUB",
"id": "VHN-68247"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004531"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-075"
},
{
"db": "NVD",
"id": "CVE-2014-0754"
},
{
"db": "NVD",
"id": "CVE-2014-0754"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request. Schneider Electric provides products and services in the areas of energy and infrastructure, industry, data centers and networks, buildings and residential. \nExploiting this issue can allow an attacker to gain access to arbitrary files. Information harvested may aid in launching further attacks. Schneider Electric Modicon PLC Ethernet is an Ethernet programmable controller produced by French Schneider Electric (Schneider Electric). The following versions are affected: Schneider Electric Modicon PLC Ethernet modules 140CPU65x Version, 140NOC78x Version, 140NOE77x Version, BMXNOC0401 Version, BMXNOC0402 Version, BMXNOE0100 Version, BMXNOE0110x Version, TSXETC101 Version, TSXETC0101 Version, TSXETY4103x Version, TSXETY5103x Version, TSXP57x Version, TSXP57x Version",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0754"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004531"
},
{
"db": "CNVD",
"id": "CNVD-2014-06695"
},
{
"db": "BID",
"id": "70193"
},
{
"db": "IVD",
"id": "cce5fe38-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-68247"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0754",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-14-273-01",
"trust": 3.4
},
{
"db": "BID",
"id": "70193",
"trust": 2.6
},
{
"db": "SCHNEIDER",
"id": "SEVD-2014-260-01",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201410-075",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-06695",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004531",
"trust": 0.8
},
{
"db": "IVD",
"id": "CCE5FE38-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-68247",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "cce5fe38-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06695"
},
{
"db": "VULHUB",
"id": "VHN-68247"
},
{
"db": "BID",
"id": "70193"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004531"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-075"
},
{
"db": "NVD",
"id": "CVE-2014-0754"
}
]
},
"id": "VAR-201410-1134",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "cce5fe38-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06695"
},
{
"db": "VULHUB",
"id": "VHN-68247"
}
],
"trust": 1.691666675
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "cce5fe38-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06695"
}
]
},
"last_update_date": "2025-08-26T23:21:37.378000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Modicon PLC Ethernet Communication Modules",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01\u0026p_EnDocType=Software%20-%20Updates\u0026p_File_Id=608959359\u0026p_File_Name=SEVD-2014-260-01.pdf"
},
{
"title": "Patches for multiple Schneider Electric product catalog traversal vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/50841"
},
{
"title": "BMXNOE0100+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54170"
},
{
"title": "BMXNOE0110+Web+and+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54171"
},
{
"title": "140NOE77101+Exec+For+Unity+Users",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54184"
},
{
"title": "140NOE77101+Exec+For+Non+Unity+Users",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54183"
},
{
"title": "140NOE77111+Exec+For+Unity+and+Non+Unity+Users",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54185"
},
{
"title": "140CPU65260+Quantum+Copro+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54180"
},
{
"title": "140CPU65160+Quantum+Copro+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54179"
},
{
"title": "140CPU65150+Quantum+CoPro+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54178"
},
{
"title": "140NOC78000+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54181"
},
{
"title": "TSXP575634M+Premium+Copro+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54176"
},
{
"title": "TSXP574634M+Premium+Copro+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54175"
},
{
"title": "TSXP576634M+Premium+Copro+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54177"
},
{
"title": "TSXETC101+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54172"
},
{
"title": "140NOC78100+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54182"
},
{
"title": "TSXP573634M+ETY+Port+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54188"
},
{
"title": "TSXP572634M+ETY+Port+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54187"
},
{
"title": "TSXETY5103+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54174"
},
{
"title": "TSXP571634M+ETY+Port+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54186"
},
{
"title": "TSXETY4103+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54173"
},
{
"title": "BMXNOC0401+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54169"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06695"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004531"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-075"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68247"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004531"
},
{
"db": "NVD",
"id": "CVE-2014-0754"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-273-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/70193"
},
{
"trust": 1.6,
"url": "http://download.schneider-electric.com/files?p_reference=sevd-2014-260-01\u0026p_endoctype=software%20-%20updates\u0026p_file_id=608959359\u0026p_file_name=sevd-2014-260-01.pdf"
},
{
"trust": 1.3,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2014-260-01"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-273-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0754"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0754"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
},
{
"trust": 0.1,
"url": "http://download.schneider-electric.com/files?p_reference=sevd-2014-260-01\u0026amp;p_endoctype=software%20-%20updates\u0026amp;p_file_id=608959359\u0026amp;p_file_name=sevd-2014-260-01.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06695"
},
{
"db": "VULHUB",
"id": "VHN-68247"
},
{
"db": "BID",
"id": "70193"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004531"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-075"
},
{
"db": "NVD",
"id": "CVE-2014-0754"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "cce5fe38-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06695"
},
{
"db": "VULHUB",
"id": "VHN-68247"
},
{
"db": "BID",
"id": "70193"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004531"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-075"
},
{
"db": "NVD",
"id": "CVE-2014-0754"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-14T00:00:00",
"db": "IVD",
"id": "cce5fe38-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-10-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06695"
},
{
"date": "2014-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-68247"
},
{
"date": "2014-09-30T00:00:00",
"db": "BID",
"id": "70193"
},
{
"date": "2014-10-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004531"
},
{
"date": "2014-10-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-075"
},
{
"date": "2014-10-03T18:55:06.017000",
"db": "NVD",
"id": "CVE-2014-0754"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06695"
},
{
"date": "2016-04-04T00:00:00",
"db": "VULHUB",
"id": "VHN-68247"
},
{
"date": "2014-09-30T00:00:00",
"db": "BID",
"id": "70193"
},
{
"date": "2014-10-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004531"
},
{
"date": "2022-02-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-075"
},
{
"date": "2025-08-26T00:15:30.757000",
"db": "NVD",
"id": "CVE-2014-0754"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-075"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Modicon PLC Ethernet Module SchneiderWEB Vulnerable to directory traversal",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004531"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "cce5fe38-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-075"
}
],
"trust": 0.8
}
}
VAR-201501-0398
Vulnerability from variot - Updated: 2025-07-26 23:17Stack-based buffer overflow in Schneider Electric Wonderware InTouch Access Anywhere Server 10.6 and 11.0 allows remote attackers to execute arbitrary code via a request for a filename that does not exist. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Attackers can exploit this issue to execute arbitrary code in the context of the affected system. Failed exploit attempts will likely result in denial-of-service conditions. Wonderware InTouch Access Anywhere Server 10.6 and 11.0 are vulnerable; other versions may also be affected. Schneider Electric Wonderware InTouch is an open, scalable HMI and SCADA monitoring solution from Schneider Electric, France, that creates standardized, reusable visualization applications
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201501-0398",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wonderware intouch access anywhere server",
"scope": "eq",
"trust": 2.4,
"vendor": "schneider electric",
"version": "10.6"
},
{
"model": "wonderware intouch access anywhere server",
"scope": "eq",
"trust": 2.4,
"vendor": "schneider electric",
"version": "11.0"
},
{
"model": "electric wonderware intouch access anywhere server",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "10.6"
},
{
"model": "electric wonderware intouch access anywhere server",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "11.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wonderware intouch access anywhere server",
"version": "10.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wonderware intouch access anywhere server",
"version": "11.0"
}
],
"sources": [
{
"db": "IVD",
"id": "aad6dba0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00342"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007575"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-201"
},
{
"db": "NVD",
"id": "CVE-2014-9190"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:wonderware_intouch_access_anywhere_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007575"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "71951"
}
],
"trust": 0.3
},
"cve": "CVE-2014-9190",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-9190",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 2.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-00342",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "aad6dba0-2351-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-77135",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2014-9190",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2014-9190",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-9190",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-00342",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201501-201",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "aad6dba0-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-77135",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "aad6dba0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00342"
},
{
"db": "VULHUB",
"id": "VHN-77135"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007575"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-201"
},
{
"db": "NVD",
"id": "CVE-2014-9190"
},
{
"db": "NVD",
"id": "CVE-2014-9190"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in Schneider Electric Wonderware InTouch Access Anywhere Server 10.6 and 11.0 allows remote attackers to execute arbitrary code via a request for a filename that does not exist. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. \nAttackers can exploit this issue to execute arbitrary code in the context of the affected system. Failed exploit attempts will likely result in denial-of-service conditions. \nWonderware InTouch Access Anywhere Server 10.6 and 11.0 are vulnerable; other versions may also be affected. Schneider Electric Wonderware InTouch is an open, scalable HMI and SCADA monitoring solution from Schneider Electric, France, that creates standardized, reusable visualization applications",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9190"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007575"
},
{
"db": "CNVD",
"id": "CNVD-2015-00342"
},
{
"db": "BID",
"id": "71951"
},
{
"db": "IVD",
"id": "aad6dba0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-77135"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-9190",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-008-02",
"trust": 3.1
},
{
"db": "BID",
"id": "71951",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201501-201",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-00342",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007575",
"trust": 0.8
},
{
"db": "IVD",
"id": "AAD6DBA0-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-77135",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "aad6dba0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00342"
},
{
"db": "VULHUB",
"id": "VHN-77135"
},
{
"db": "BID",
"id": "71951"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007575"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-201"
},
{
"db": "NVD",
"id": "CVE-2014-9190"
}
]
},
"id": "VAR-201501-0398",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "aad6dba0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00342"
},
{
"db": "VULHUB",
"id": "VHN-77135"
}
],
"trust": 1.775
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "aad6dba0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00342"
}
]
},
"last_update_date": "2025-07-26T23:17:49.365000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Web HMI and Mobile SCADA: Wonderware InTouch Access Anywhere",
"trust": 0.8,
"url": "http://software.invensys.com/products/wonderware/hmi-and-supervisory-control/intouch-access-anywhere/"
},
{
"title": "Schneider Electric Wonderware InTouch Access Anywhere Server Buffer Overflow Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/53978"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00342"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007575"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
},
{
"problemtype": "CWE-121",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77135"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007575"
},
{
"db": "NVD",
"id": "CVE-2014-9190"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-008-02"
},
{
"trust": 1.7,
"url": "https://wdnresource.wonderware.com/support/docs/_securitybulletins/security_bulletin_lfsec00000104.pdf"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9190"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-008-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9190"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/71951/"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00342"
},
{
"db": "VULHUB",
"id": "VHN-77135"
},
{
"db": "BID",
"id": "71951"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007575"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-201"
},
{
"db": "NVD",
"id": "CVE-2014-9190"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "aad6dba0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00342"
},
{
"db": "VULHUB",
"id": "VHN-77135"
},
{
"db": "BID",
"id": "71951"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007575"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-201"
},
{
"db": "NVD",
"id": "CVE-2014-9190"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-15T00:00:00",
"db": "IVD",
"id": "aad6dba0-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-01-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00342"
},
{
"date": "2015-01-10T00:00:00",
"db": "VULHUB",
"id": "VHN-77135"
},
{
"date": "2015-01-08T00:00:00",
"db": "BID",
"id": "71951"
},
{
"date": "2015-01-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007575"
},
{
"date": "2015-01-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-201"
},
{
"date": "2015-01-10T02:59:33.693000",
"db": "NVD",
"id": "CVE-2014-9190"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00342"
},
{
"date": "2015-01-12T00:00:00",
"db": "VULHUB",
"id": "VHN-77135"
},
{
"date": "2015-03-19T08:13:00",
"db": "BID",
"id": "71951"
},
{
"date": "2015-01-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007575"
},
{
"date": "2015-01-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-201"
},
{
"date": "2025-07-24T23:15:25.860000",
"db": "NVD",
"id": "CVE-2014-9190"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201501-201"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Wonderware InTouch Access Anywhere Server Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "aad6dba0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00342"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "aad6dba0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-201"
}
],
"trust": 0.8
}
}
VAR-201412-0411
Vulnerability from variot - Updated: 2025-07-26 23:05Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514. NOTE: this may be clarified later based on details provided by researchers. This vulnerability CVE-2014-8513 and CVE-2014-8514 Is a different vulnerability. The details of this issue may become clear in the future based on information provided by researchers.A third party may execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the MetaDraw ActiveX control's ArrangeObjects method. The control dereferences an attacker-supplied memory address and redirects execution flow to the resulting address. An attacker can exploit this condition to achieve code execution under the context of the browser process. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Failed exploit attempts will likely result in denial-of-service conditions. ProClima 6.0.1 and prior are vulnerable. Schneider Electric ProClima is a set of thermal calculation software from Schneider Electric, France
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "proclima",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "6.0.1"
},
{
"_id": null,
"model": "proclima",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "6.1.7"
},
{
"_id": null,
"model": "proclima",
"scope": null,
"trust": 0.7,
"vendor": "schneider electric",
"version": null
},
{
"_id": null,
"model": "electric proclima",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "6.0.1"
},
{
"_id": null,
"model": "proclima",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "6.0.1"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "proclima",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "ae18d5ca-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-005"
},
{
"db": "CNVD",
"id": "CNVD-2014-09022"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007424"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-573"
},
{
"db": "NVD",
"id": "CVE-2014-9188"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:proclima",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007424"
}
]
},
"credits": {
"_id": null,
"data": "Andrea Micalizzi (rgod)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-005"
}
],
"trust": 0.7
},
"cve": "CVE-2014-9188",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-9188",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-9188",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-9188",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-09022",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "ae18d5ca-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-77133",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2014-9188",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2014-9188",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-9188",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2014-9188",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-09022",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201412-573",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "ae18d5ca-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-77133",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2014-9188",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ae18d5ca-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-005"
},
{
"db": "CNVD",
"id": "CNVD-2014-09022"
},
{
"db": "VULHUB",
"id": "VHN-77133"
},
{
"db": "VULMON",
"id": "CVE-2014-9188"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007424"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-573"
},
{
"db": "NVD",
"id": "CVE-2014-9188"
},
{
"db": "NVD",
"id": "CVE-2014-9188"
}
]
},
"description": {
"_id": null,
"data": "Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514. NOTE: this may be clarified later based on details provided by researchers. This vulnerability CVE-2014-8513 and CVE-2014-8514 Is a different vulnerability. The details of this issue may become clear in the future based on information provided by researchers.A third party may execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the MetaDraw ActiveX control\u0027s ArrangeObjects method. The control dereferences an attacker-supplied memory address and redirects execution flow to the resulting address. An attacker can exploit this condition to achieve code execution under the context of the browser process. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Failed exploit attempts will likely result in denial-of-service conditions. \nProClima 6.0.1 and prior are vulnerable. Schneider Electric ProClima is a set of thermal calculation software from Schneider Electric, France",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9188"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007424"
},
{
"db": "ZDI",
"id": "ZDI-15-005"
},
{
"db": "CNVD",
"id": "CNVD-2014-09022"
},
{
"db": "BID",
"id": "71713"
},
{
"db": "IVD",
"id": "ae18d5ca-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-77133"
},
{
"db": "VULMON",
"id": "CVE-2014-9188"
}
],
"trust": 3.42
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2014-9188",
"trust": 4.4
},
{
"db": "ICS CERT",
"id": "ICSA-14-350-01",
"trust": 2.6
},
{
"db": "BID",
"id": "71713",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201412-573",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-09022",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007424",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2524",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-15-005",
"trust": 0.7
},
{
"db": "IVD",
"id": "AE18D5CA-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-77133",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-9188",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "ae18d5ca-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-005"
},
{
"db": "CNVD",
"id": "CNVD-2014-09022"
},
{
"db": "VULHUB",
"id": "VHN-77133"
},
{
"db": "VULMON",
"id": "CVE-2014-9188"
},
{
"db": "BID",
"id": "71713"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007424"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-573"
},
{
"db": "NVD",
"id": "CVE-2014-9188"
}
]
},
"id": "VAR-201412-0411",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "ae18d5ca-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-09022"
},
{
"db": "VULHUB",
"id": "VHN-77133"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "ae18d5ca-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-09022"
}
]
},
"last_update_date": "2025-07-26T23:05:10.289000Z",
"patch": {
"_id": null,
"data": [
{
"title": "ProClima Software Vulnerability Disclosure",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01"
},
{
"title": "Schneider Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01"
},
{
"title": "Patch for Schneider Electric ProClima Remote Buffer Overflow Vulnerability (CNVD-2014-09022)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/52961"
},
{
"title": "ProClima_v6.1.8_setup",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53033"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-005"
},
{
"db": "CNVD",
"id": "CNVD-2014-09022"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007424"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-573"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
},
{
"problemtype": "CWE-77",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77133"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007424"
},
{
"db": "NVD",
"id": "CVE-2014-9188"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-350-01"
},
{
"trust": 1.8,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-344-01"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-350-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9188"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9188"
},
{
"trust": 0.7,
"url": "http://www.securityfocus.com/bid/71713"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=36781"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-005"
},
{
"db": "CNVD",
"id": "CNVD-2014-09022"
},
{
"db": "VULHUB",
"id": "VHN-77133"
},
{
"db": "VULMON",
"id": "CVE-2014-9188"
},
{
"db": "BID",
"id": "71713"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007424"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-573"
},
{
"db": "NVD",
"id": "CVE-2014-9188"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "ae18d5ca-2351-11e6-abef-000c29c66e3d",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-15-005",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2014-09022",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-77133",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2014-9188",
"ident": null
},
{
"db": "BID",
"id": "71713",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007424",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201412-573",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2014-9188",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2014-12-19T00:00:00",
"db": "IVD",
"id": "ae18d5ca-2351-11e6-abef-000c29c66e3d",
"ident": null
},
{
"date": "2015-01-07T00:00:00",
"db": "ZDI",
"id": "ZDI-15-005",
"ident": null
},
{
"date": "2014-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-09022",
"ident": null
},
{
"date": "2014-12-27T00:00:00",
"db": "VULHUB",
"id": "VHN-77133",
"ident": null
},
{
"date": "2014-12-27T00:00:00",
"db": "VULMON",
"id": "CVE-2014-9188",
"ident": null
},
{
"date": "2014-12-10T00:00:00",
"db": "BID",
"id": "71713",
"ident": null
},
{
"date": "2015-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007424",
"ident": null
},
{
"date": "2014-12-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-573",
"ident": null
},
{
"date": "2014-12-27T15:59:04.887000",
"db": "NVD",
"id": "CVE-2014-9188",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2015-01-07T00:00:00",
"db": "ZDI",
"id": "ZDI-15-005",
"ident": null
},
{
"date": "2014-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-09022",
"ident": null
},
{
"date": "2014-12-29T00:00:00",
"db": "VULHUB",
"id": "VHN-77133",
"ident": null
},
{
"date": "2014-12-29T00:00:00",
"db": "VULMON",
"id": "CVE-2014-9188",
"ident": null
},
{
"date": "2015-01-12T00:02:00",
"db": "BID",
"id": "71713",
"ident": null
},
{
"date": "2015-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007424",
"ident": null
},
{
"date": "2015-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-573",
"ident": null
},
{
"date": "2025-07-24T23:15:24.770000",
"db": "NVD",
"id": "CVE-2014-9188",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-573"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Schneider Electric ProClima of MDraw30.ocx of ActiveX Control buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007424"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "ae18d5ca-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-573"
}
],
"trust": 0.8
}
}
VAR-202506-0484
Vulnerability from variot - Updated: 2025-07-10 22:55CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file reads from the charging station. The exploitation of this vulnerability does require an authenticated session of the web server. Schneider Electric EVLink WallBox is a home charging station from Schneider Electric of France. Attackers can exploit this vulnerability to cause arbitrary file reading
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202506-0484",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "electric evlink wallbox",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15345"
}
]
},
"cve": "CVE-2025-5741",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.4,
"id": "CNVD-2025-15345",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:M/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cybersecurity@se.com",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2025-5741",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "cybersecurity@se.com",
"id": "CVE-2025-5741",
"trust": 1.0,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2025-15345",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15345"
},
{
"db": "NVD",
"id": "CVE-2025-5741"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability exists that\ncould cause arbitrary file reads from the charging station. The exploitation of this vulnerability does require an\nauthenticated session of the web server. Schneider Electric EVLink WallBox is a home charging station from Schneider Electric of France. Attackers can exploit this vulnerability to cause arbitrary file reading",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-5741"
},
{
"db": "CNVD",
"id": "CNVD-2025-15345"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-5741",
"trust": 1.6
},
{
"db": "SCHNEIDER",
"id": "SEVD-2025-161-03",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2025-15345",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15345"
},
{
"db": "NVD",
"id": "CVE-2025-5741"
}
]
},
"id": "VAR-202506-0484",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15345"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15345"
}
]
},
"last_update_date": "2025-07-10T22:55:23.894000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Schneider Electric EVLink WallBox Path Traversal Vulnerability (CNVD-2025-15345)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/706296"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15345"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-5741"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2025-161-03\u0026p_endoctype=security+and+safety+notice\u0026p_file_name=sevd-2025-161-03.pdf"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-5741"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15345"
},
{
"db": "NVD",
"id": "CVE-2025-5741"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-15345"
},
{
"db": "NVD",
"id": "CVE-2025-5741"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-07-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-15345"
},
{
"date": "2025-06-10T09:15:25.290000",
"db": "NVD",
"id": "CVE-2025-5741"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-07-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-15345"
},
{
"date": "2025-06-12T16:06:39.330000",
"db": "NVD",
"id": "CVE-2025-5741"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric EVLink WallBox Path Traversal Vulnerability (CNVD-2025-15345)",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15345"
}
],
"trust": 0.6
}
}
VAR-202506-0482
Vulnerability from variot - Updated: 2025-07-10 22:55CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists when an authenticated user modifies configuration parameters on the web server. Schneider Electric EVLink WallBox is a home charging station from Schneider Electric of France. No detailed vulnerability details are currently provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202506-0482",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "electric evlink wallbox",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15346"
}
]
},
"cve": "CVE-2025-5742",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2025-15346",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cybersecurity@se.com",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"id": "CVE-2025-5742",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "cybersecurity@se.com",
"id": "CVE-2025-5742",
"trust": 1.0,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2025-15346",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15346"
},
{
"db": "NVD",
"id": "CVE-2025-5742"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u2018Cross-site Scripting\u2019)\nvulnerability exists when an authenticated user modifies configuration parameters on the web server. Schneider Electric EVLink WallBox is a home charging station from Schneider Electric of France. No detailed vulnerability details are currently provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-5742"
},
{
"db": "CNVD",
"id": "CNVD-2025-15346"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-5742",
"trust": 1.6
},
{
"db": "SCHNEIDER",
"id": "SEVD-2025-161-03",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2025-15346",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15346"
},
{
"db": "NVD",
"id": "CVE-2025-5742"
}
]
},
"id": "VAR-202506-0482",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15346"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15346"
}
]
},
"last_update_date": "2025-07-10T22:55:23.863000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Schneider Electric EVLink WallBox Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/706301"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15346"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-5742"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2025-161-03\u0026p_endoctype=security+and+safety+notice\u0026p_file_name=sevd-2025-161-03.pdf"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-5742"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15346"
},
{
"db": "NVD",
"id": "CVE-2025-5742"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-15346"
},
{
"db": "NVD",
"id": "CVE-2025-5742"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-07-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-15346"
},
{
"date": "2025-06-10T09:15:25.493000",
"db": "NVD",
"id": "CVE-2025-5742"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-07-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-15346"
},
{
"date": "2025-06-12T16:06:39.330000",
"db": "NVD",
"id": "CVE-2025-5742"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric EVLink WallBox Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15346"
}
],
"trust": 0.6
}
}
VAR-202506-0444
Vulnerability from variot - Updated: 2025-07-10 22:48CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists impacting PLC system variables that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser. Schneider Electric Modicon Controllers is a series of Modicon series programmable logic controllers from Schneider Electric of France
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202506-0444",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "electric modicon controllersm241/m251",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "5.3.12.51"
},
{
"model": "electric modicon controllers m258 /lmc058",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15353"
}
]
},
"cve": "CVE-2025-3905",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2025-15353",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cybersecurity@se.com",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"id": "CVE-2025-3905",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "cybersecurity@se.com",
"id": "CVE-2025-3905",
"trust": 1.0,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2025-15353",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15353"
},
{
"db": "NVD",
"id": "CVE-2025-3905"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability\nexists impacting PLC system variables that could cause an unvalidated data injected by authenticated\nmalicious user leading to modify or read data in a victim\u2019s browser. Schneider Electric Modicon Controllers is a series of Modicon series programmable logic controllers from Schneider Electric of France",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-3905"
},
{
"db": "CNVD",
"id": "CNVD-2025-15353"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-3905",
"trust": 1.6
},
{
"db": "SCHNEIDER",
"id": "SEVD-2025-161-02",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2025-15353",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15353"
},
{
"db": "NVD",
"id": "CVE-2025-3905"
}
]
},
"id": "VAR-202506-0444",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15353"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15353"
}
]
},
"last_update_date": "2025-07-10T22:48:27.877000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Schneider Electric Modicon Controllers Cross-Site Scripting Vulnerability (CNVD-2025-15353)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/706346"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15353"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-3905"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2025-161-02\u0026p_endoctype=security+and+safety+notice\u0026p_file_name=sevd-2025-161-02.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15353"
},
{
"db": "NVD",
"id": "CVE-2025-3905"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-15353"
},
{
"db": "NVD",
"id": "CVE-2025-3905"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-07-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-15353"
},
{
"date": "2025-06-10T09:15:24.543000",
"db": "NVD",
"id": "CVE-2025-3905"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-07-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-15353"
},
{
"date": "2025-06-12T16:06:39.330000",
"db": "NVD",
"id": "CVE-2025-3905"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Modicon Controllers Cross-Site Scripting Vulnerability (CNVD-2025-15353)",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15353"
}
],
"trust": 0.6
}
}
VAR-202506-0441
Vulnerability from variot - Updated: 2025-07-10 22:48CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in Certificates page on Webserver that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser. Schneider Electric Modicon Controllers is a series of Modicon series programmable logic controllers from Schneider Electric of France
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202506-0441",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "electric modicon controllersm241/m251",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "5.3.12.51"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15350"
}
]
},
"cve": "CVE-2025-3899",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2025-15350",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cybersecurity@se.com",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"id": "CVE-2025-3899",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "cybersecurity@se.com",
"id": "CVE-2025-3899",
"trust": 1.0,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2025-15350",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15350"
},
{
"db": "NVD",
"id": "CVE-2025-3899"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability\nexists in Certificates page on Webserver that could cause an unvalidated data injected by authenticated\nmalicious user leading to modify or read data in a victim\u2019s browser. Schneider Electric Modicon Controllers is a series of Modicon series programmable logic controllers from Schneider Electric of France",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-3899"
},
{
"db": "CNVD",
"id": "CNVD-2025-15350"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-3899",
"trust": 1.6
},
{
"db": "SCHNEIDER",
"id": "SEVD-2025-161-02",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2025-15350",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15350"
},
{
"db": "NVD",
"id": "CVE-2025-3899"
}
]
},
"id": "VAR-202506-0441",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15350"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15350"
}
]
},
"last_update_date": "2025-07-10T22:48:27.862000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Schneider Electric Modicon Controllers Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/706331"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15350"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-3899"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2025-161-02\u0026p_endoctype=security+and+safety+notice\u0026p_file_name=sevd-2025-161-02.pdf"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-3899"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15350"
},
{
"db": "NVD",
"id": "CVE-2025-3899"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-15350"
},
{
"db": "NVD",
"id": "CVE-2025-3899"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-07-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-15350"
},
{
"date": "2025-06-10T09:15:24.333000",
"db": "NVD",
"id": "CVE-2025-3899"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-07-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-15350"
},
{
"date": "2025-06-12T16:06:39.330000",
"db": "NVD",
"id": "CVE-2025-3899"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Modicon Controllers Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15350"
}
],
"trust": 0.6
}
}
VAR-202506-0445
Vulnerability from variot - Updated: 2025-07-10 22:48CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends HTTPS request containing invalid data type to the webserver. Schneider Electric Modicon Controllers is a series of Modicon series programmable logic controllers from Schneider Electric of France.
Schneider Electric Modicon Controllers has an input validation error vulnerability. The vulnerability is caused by improper input validation. Attackers can exploit this vulnerability to cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202506-0445",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "electric modicon controllersm241/m251",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "5.3.12.51"
},
{
"model": "electric modicon controllers m262",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "5.3.9.18"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15352"
}
]
},
"cve": "CVE-2025-3898",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2025-15352",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cybersecurity@se.com",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2025-3898",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "cybersecurity@se.com",
"id": "CVE-2025-3898",
"trust": 1.0,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-15352",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15352"
},
{
"db": "NVD",
"id": "CVE-2025-3898"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an\nauthenticated malicious user sends HTTPS request containing invalid data type to the webserver. Schneider Electric Modicon Controllers is a series of Modicon series programmable logic controllers from Schneider Electric of France. \n\nSchneider Electric Modicon Controllers has an input validation error vulnerability. The vulnerability is caused by improper input validation. Attackers can exploit this vulnerability to cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-3898"
},
{
"db": "CNVD",
"id": "CNVD-2025-15352"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SCHNEIDER",
"id": "SEVD-2025-161-02",
"trust": 1.6
},
{
"db": "NVD",
"id": "CVE-2025-3898",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2025-15352",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15352"
},
{
"db": "NVD",
"id": "CVE-2025-3898"
}
]
},
"id": "VAR-202506-0445",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15352"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15352"
}
]
},
"last_update_date": "2025-07-10T22:48:27.845000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Schneider Electric Modicon Controllers Input Validation Error Vulnerability (CNVD-2025-15352)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/706341"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15352"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-3898"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2025-161-02\u0026p_endoctype=security+and+safety+notice\u0026p_file_name=sevd-2025-161-02.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15352"
},
{
"db": "NVD",
"id": "CVE-2025-3898"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-15352"
},
{
"db": "NVD",
"id": "CVE-2025-3898"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-07-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-15352"
},
{
"date": "2025-06-10T09:15:24.137000",
"db": "NVD",
"id": "CVE-2025-3898"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-07-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-15352"
},
{
"date": "2025-06-12T16:06:39.330000",
"db": "NVD",
"id": "CVE-2025-3898"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Modicon Controllers Input Validation Error Vulnerability (CNVD-2025-15352)",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15352"
}
],
"trust": 0.6
}
}
VAR-202506-0443
Vulnerability from variot - Updated: 2025-07-10 22:48CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists impacting configuration file paths that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser. Schneider Electric Modicon Controllers is a series of Modicon series programmable logic controllers from Schneider Electric of France
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202506-0443",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "electric modicon controllersm241/m251",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "5.3.12.51"
},
{
"model": "electric modicon controllers m258 /lmc058",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon controllers m262",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "5.3.9.18"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15351"
}
]
},
"cve": "CVE-2025-3117",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2025-15351",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cybersecurity@se.com",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"id": "CVE-2025-3117",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "cybersecurity@se.com",
"id": "CVE-2025-3117",
"trust": 1.0,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2025-15351",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15351"
},
{
"db": "NVD",
"id": "CVE-2025-3117"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability\nexists impacting configuration file paths that could cause an unvalidated data injected by authenticated\nmalicious user leading to modify or read data in a victim\u2019s browser. Schneider Electric Modicon Controllers is a series of Modicon series programmable logic controllers from Schneider Electric of France",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-3117"
},
{
"db": "CNVD",
"id": "CNVD-2025-15351"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-3117",
"trust": 1.6
},
{
"db": "SCHNEIDER",
"id": "SEVD-2025-161-02",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2025-15351",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15351"
},
{
"db": "NVD",
"id": "CVE-2025-3117"
}
]
},
"id": "VAR-202506-0443",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15351"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15351"
}
]
},
"last_update_date": "2025-07-10T22:48:27.830000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Schneider Electric Modicon Controllers Cross-Site Scripting Vulnerability (CNVD-2025-15351)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/706336"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15351"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-3117"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2025-161-02\u0026p_endoctype=security+and+safety+notice\u0026p_file_name=sevd-2025-161-02.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15351"
},
{
"db": "NVD",
"id": "CVE-2025-3117"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-15351"
},
{
"db": "NVD",
"id": "CVE-2025-3117"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-07-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-15351"
},
{
"date": "2025-06-10T09:15:23.873000",
"db": "NVD",
"id": "CVE-2025-3117"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-07-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-15351"
},
{
"date": "2025-06-12T16:06:39.330000",
"db": "NVD",
"id": "CVE-2025-3117"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Modicon Controllers Cross-Site Scripting Vulnerability (CNVD-2025-15351)",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15351"
}
],
"trust": 0.6
}
}
VAR-202506-0440
Vulnerability from variot - Updated: 2025-07-10 22:48CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends special malformed HTTPS request containing improper formatted body data to the controller. Schneider Electric Modicon Controllers is a series of Modicon series programmable logic controllers from Schneider Electric of France.
Schneider Electric Modicon Controllers has an input validation error vulnerability. The vulnerability is caused by improper input validation. Attackers can exploit this vulnerability to cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202506-0440",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "electric modicon controllersm241/m251",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "5.3.12.51"
},
{
"model": "electric modicon controllers m258 /lmc058",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15349"
}
]
},
"cve": "CVE-2025-3116",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2025-15349",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cybersecurity@se.com",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2025-3116",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "cybersecurity@se.com",
"id": "CVE-2025-3116",
"trust": 1.0,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-15349",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15349"
},
{
"db": "NVD",
"id": "CVE-2025-3116"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an\nauthenticated malicious user sends special malformed HTTPS request containing improper formatted body\ndata to the controller. Schneider Electric Modicon Controllers is a series of Modicon series programmable logic controllers from Schneider Electric of France. \n\nSchneider Electric Modicon Controllers has an input validation error vulnerability. The vulnerability is caused by improper input validation. Attackers can exploit this vulnerability to cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-3116"
},
{
"db": "CNVD",
"id": "CNVD-2025-15349"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SCHNEIDER",
"id": "SEVD-2025-161-02",
"trust": 1.6
},
{
"db": "NVD",
"id": "CVE-2025-3116",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2025-15349",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15349"
},
{
"db": "NVD",
"id": "CVE-2025-3116"
}
]
},
"id": "VAR-202506-0440",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15349"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15349"
}
]
},
"last_update_date": "2025-07-10T22:48:27.813000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Schneider Electric Modicon Controllers Input Validation Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/706311"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15349"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-3116"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2025-161-02\u0026p_endoctype=security+and+safety+notice\u0026p_file_name=sevd-2025-161-02.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15349"
},
{
"db": "NVD",
"id": "CVE-2025-3116"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-15349"
},
{
"db": "NVD",
"id": "CVE-2025-3116"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-07-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-15349"
},
{
"date": "2025-06-10T09:15:23.657000",
"db": "NVD",
"id": "CVE-2025-3116"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-07-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-15349"
},
{
"date": "2025-06-12T16:06:39.330000",
"db": "NVD",
"id": "CVE-2025-3116"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Modicon Controllers Input Validation Error Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15349"
}
],
"trust": 0.6
}
}
VAR-202504-0860
Vulnerability from variot - Updated: 2025-07-10 22:47CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could lead to loss of confidentiality when a malicious user, having physical access, sets the radio in factory default mode where the product does not correctly initialize all data. Schneider Electric Trio Q Licensed Data Radio is a radio produced by Schneider Electric of France.
Schneider Electric Trio Q Licensed Data Radio has an information leakage vulnerability. The vulnerability is caused by insecure resource initialization. Attackers can exploit this vulnerability to obtain sensitive information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202504-0860",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "electric trio q licensed data radio",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "2.7.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15354"
}
]
},
"cve": "CVE-2025-2441",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2025-15354",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "cybersecurity@se.com",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2025-2441",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "cybersecurity@se.com",
"id": "CVE-2025-2441",
"trust": 1.0,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2025-15354",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15354"
},
{
"db": "NVD",
"id": "CVE-2025-2441"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could lead to loss of\nconfidentiality when a malicious user, having physical access, sets the radio in factory default mode where the\nproduct does not correctly initialize all data. Schneider Electric Trio Q Licensed Data Radio is a radio produced by Schneider Electric of France. \n\nSchneider Electric Trio Q Licensed Data Radio has an information leakage vulnerability. The vulnerability is caused by insecure resource initialization. Attackers can exploit this vulnerability to obtain sensitive information",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-2441"
},
{
"db": "CNVD",
"id": "CNVD-2025-15354"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-2441",
"trust": 1.6
},
{
"db": "SCHNEIDER",
"id": "SEVD-2025-098-02",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2025-15354",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15354"
},
{
"db": "NVD",
"id": "CVE-2025-2441"
}
]
},
"id": "VAR-202504-0860",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15354"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15354"
}
]
},
"last_update_date": "2025-07-10T22:47:06.942000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Schneider Electric Trio Q Licensed Data Radio Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/706351"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15354"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-1188",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-2441"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2025-098-02\u0026p_endoctype=security+and+safety+notice\u0026p_file_name=sevd-2025-098-02.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15354"
},
{
"db": "NVD",
"id": "CVE-2025-2441"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-15354"
},
{
"db": "NVD",
"id": "CVE-2025-2441"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-07-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-15354"
},
{
"date": "2025-04-09T11:15:42.730000",
"db": "NVD",
"id": "CVE-2025-2441"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-07-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-15354"
},
{
"date": "2025-04-09T20:02:41.860000",
"db": "NVD",
"id": "CVE-2025-2441"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Trio Q Licensed Data Radio Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15354"
}
],
"trust": 0.6
}
}
VAR-202506-0442
Vulnerability from variot - Updated: 2025-07-01 19:32CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause Denial of Service when an authenticated malicious user sends manipulated HTTPS Content-Length header to the webserver. Schneider Electric Modicon Controllers are a series of Modicon series programmable logic controllers from Schneider Electric of France.
Schneider Electric Modicon Controllers have a resource management error vulnerability, which is caused by uncontrolled resource consumption. Attackers can exploit this vulnerability to cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202506-0442",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "electric modicon controllers",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-14267"
}
]
},
"cve": "CVE-2025-3112",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2025-14267",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cybersecurity@se.com",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2025-3112",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "cybersecurity@se.com",
"id": "CVE-2025-3112",
"trust": 1.0,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-14267",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-14267"
},
{
"db": "NVD",
"id": "CVE-2025-3112"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause Denial of Service when an\nauthenticated malicious user sends manipulated HTTPS Content-Length header to the webserver. Schneider Electric Modicon Controllers are a series of Modicon series programmable logic controllers from Schneider Electric of France. \n\nSchneider Electric Modicon Controllers have a resource management error vulnerability, which is caused by uncontrolled resource consumption. Attackers can exploit this vulnerability to cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-3112"
},
{
"db": "CNVD",
"id": "CNVD-2025-14267"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-3112",
"trust": 1.6
},
{
"db": "SCHNEIDER",
"id": "SEVD-2025-161-02",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2025-14267",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-14267"
},
{
"db": "NVD",
"id": "CVE-2025-3112"
}
]
},
"id": "VAR-202506-0442",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-14267"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-14267"
}
]
},
"last_update_date": "2025-07-01T19:32:54.288000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Schneider Electric Modicon Controllers Resource Management Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/701576"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-14267"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-3112"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2025-161-02\u0026p_endoctype=security+and+safety+notice\u0026p_file_name=sevd-2025-161-02.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-14267"
},
{
"db": "NVD",
"id": "CVE-2025-3112"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-14267"
},
{
"db": "NVD",
"id": "CVE-2025-3112"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-14267"
},
{
"date": "2025-06-10T09:15:23.437000",
"db": "NVD",
"id": "CVE-2025-3112"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-14267"
},
{
"date": "2025-06-12T16:06:39.330000",
"db": "NVD",
"id": "CVE-2025-3112"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Modicon Controllers Resource Management Error Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-14267"
}
],
"trust": 0.6
}
}
VAR-202505-1714
Vulnerability from variot - Updated: 2025-06-15 23:45CWE-121: Stack-based Buffer Overflow vulnerability exists that could cause local attackers being able to exploit these issues to potentially execute arbitrary code while the end user opens a malicious project file (SSD file) provided by the attacker. Schneider Electric EcoStruxure Power Build Rapsody is a power monitoring platform of Schneider Electric of France
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202505-1714",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "electric ecostruxure power build rapsody fr",
"scope": "lte",
"trust": 0.6,
"vendor": "schneider",
"version": "\u003c=v2.7.12"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12302"
}
]
},
"cve": "CVE-2025-3916",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2025-12302",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "cybersecurity@se.com",
"id": "CVE-2025-3916",
"trust": 1.0,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2025-12302",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12302"
},
{
"db": "NVD",
"id": "CVE-2025-3916"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CWE-121: Stack-based Buffer Overflow\u2009vulnerability exists\u2009that could cause\u2009local attackers being able to\nexploit these issues to potentially execute arbitrary code\u2009while the end user opens a malicious project file (SSD\nfile) provided by the attacker. Schneider Electric EcoStruxure Power Build Rapsody is a power monitoring platform of Schneider Electric of France",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-3916"
},
{
"db": "CNVD",
"id": "CNVD-2025-12302"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-3916",
"trust": 1.6
},
{
"db": "SCHNEIDER",
"id": "SEVD-2025-133-03",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2025-12302",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12302"
},
{
"db": "NVD",
"id": "CVE-2025-3916"
}
]
},
"id": "VAR-202505-1714",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12302"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12302"
}
]
},
"last_update_date": "2025-06-15T23:45:49.851000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Schneider Electric EcoStruxure Power Build Rapsody Stack Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/696111"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12302"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-3916"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2025-133-03\u0026p_endoctype=security+and+safety+notice\u0026p_file_name=sevd-2025-133-03.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12302"
},
{
"db": "NVD",
"id": "CVE-2025-3916"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-12302"
},
{
"db": "NVD",
"id": "CVE-2025-3916"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-12302"
},
{
"date": "2025-05-13T09:15:21.027000",
"db": "NVD",
"id": "CVE-2025-3916"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-12302"
},
{
"date": "2025-05-13T19:35:18.080000",
"db": "NVD",
"id": "CVE-2025-3916"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric EcoStruxure Power Build Rapsody Stack Buffer Overflow Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12302"
}
],
"trust": 0.6
}
}
VAR-202503-0471
Vulnerability from variot - Updated: 2025-06-15 23:44CWE-287: Improper Authentication vulnerability exists that could cause an Authentication Bypass when an unauthorized user without permission rights has physical access to the EPAS-UI computer and is able to reboot the workstation and interrupt the normal boot process. Schneider Electric EcoStruxure Power Automation System User Interface is a user interface software for power automation systems developed by Schneider Electric of France. It is used for operators to interact with power automation systems to improve operational efficiency.
Schneider Electric EcoStruxure Power Automation System User Interface has an authorization vulnerability. The vulnerability is caused by improper authentication
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202503-0471",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "electric schneider electric ecostruxure power automation system user interface",
"scope": "gte",
"trust": 0.6,
"vendor": "schneider",
"version": "v2.1,\u003c=v2.9"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12361"
}
]
},
"cve": "CVE-2025-0813",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2025-12361",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "cybersecurity@se.com",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2025-0813",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "cybersecurity@se.com",
"id": "CVE-2025-0813",
"trust": 1.0,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-12361",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12361"
},
{
"db": "NVD",
"id": "CVE-2025-0813"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CWE-287: Improper Authentication vulnerability exists that could cause an Authentication Bypass when an\nunauthorized user without permission rights has physical access to the EPAS-UI computer and is able to\nreboot the workstation and interrupt the normal boot process. Schneider Electric EcoStruxure Power Automation System User Interface is a user interface software for power automation systems developed by Schneider Electric of France. It is used for operators to interact with power automation systems to improve operational efficiency. \n\nSchneider Electric EcoStruxure Power Automation System User Interface has an authorization vulnerability. The vulnerability is caused by improper authentication",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-0813"
},
{
"db": "CNVD",
"id": "CNVD-2025-12361"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-0813",
"trust": 1.6
},
{
"db": "SCHNEIDER",
"id": "SEVD-2025-070-02",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2025-12361",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12361"
},
{
"db": "NVD",
"id": "CVE-2025-0813"
}
]
},
"id": "VAR-202503-0471",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12361"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12361"
}
]
},
"last_update_date": "2025-06-15T23:44:08.784000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Schneider Electric EcoStruxure Power Automation System User Interface Authorization Issue Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/696116"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12361"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-0813"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2025-070-02\u0026p_endoctype=security+and+safety+notice\u0026p_file_name=sevd-2025-070-02.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12361"
},
{
"db": "NVD",
"id": "CVE-2025-0813"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-12361"
},
{
"db": "NVD",
"id": "CVE-2025-0813"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-12361"
},
{
"date": "2025-03-12T16:15:20.183000",
"db": "NVD",
"id": "CVE-2025-0813"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-12361"
},
{
"date": "2025-03-12T16:15:20.183000",
"db": "NVD",
"id": "CVE-2025-0813"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric EcoStruxure Power Automation System User Interface Authorization Issue Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12361"
}
],
"trust": 0.6
}
}
VAR-201905-1031
Vulnerability from variot - Updated: 2025-05-01 23:12A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause a possible Denial of Service due to improper data integrity check when sending files the controller over Modbus. plural Modicon The product contains an exceptional state handling vulnerability.Service operation interruption (DoS) It may be in a state. Schneider Electric Modicon M580 and other products are products of Schneider Electric (France). Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions.
Several Schneider Electric products have input validation error vulnerabilities. An attacker could use this vulnerability to cause a denial of service. The following products and versions are affected: Schneider Electric Modicon M580 (all versions); Modicon M340 (all versions); Modicon Quantum (all versions); Modicon Premium (all versions)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1031",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon premium",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon quantum",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m580",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m580",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon quantum plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon premium plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m340",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m580",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon premium",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m580",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m340",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon quantum",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon premium",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "b64fc880-1acf-4ff9-b621-6d507dd1fedf"
},
{
"db": "CNVD",
"id": "CNVD-2019-34827"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015476"
},
{
"db": "NVD",
"id": "CVE-2018-7849"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Jared Rittle of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-922"
}
],
"trust": 0.6
},
"cve": "CVE-2018-7849",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7849",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-34827",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "b64fc880-1acf-4ff9-b621-6d507dd1fedf",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-137881",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7849",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-7849",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7849",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-7849",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-34827",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-922",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "b64fc880-1acf-4ff9-b621-6d507dd1fedf",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-137881",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-7849",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b64fc880-1acf-4ff9-b621-6d507dd1fedf"
},
{
"db": "CNVD",
"id": "CNVD-2019-34827"
},
{
"db": "VULHUB",
"id": "VHN-137881"
},
{
"db": "VULMON",
"id": "CVE-2018-7849"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015476"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-922"
},
{
"db": "NVD",
"id": "CVE-2018-7849"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause a possible Denial of Service due to improper data integrity check when sending files the controller over Modbus. plural Modicon The product contains an exceptional state handling vulnerability.Service operation interruption (DoS) It may be in a state. Schneider Electric Modicon M580 and other products are products of Schneider Electric (France). Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. \n\nSeveral Schneider Electric products have input validation error vulnerabilities. An attacker could use this vulnerability to cause a denial of service. The following products and versions are affected: Schneider Electric Modicon M580 (all versions); Modicon M340 (all versions); Modicon Quantum (all versions); Modicon Premium (all versions)",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7849"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015476"
},
{
"db": "CNVD",
"id": "CNVD-2019-34827"
},
{
"db": "IVD",
"id": "b64fc880-1acf-4ff9-b621-6d507dd1fedf"
},
{
"db": "VULHUB",
"id": "VHN-137881"
},
{
"db": "VULMON",
"id": "CVE-2018-7849"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7849",
"trust": 4.2
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-134-11",
"trust": 1.8
},
{
"db": "TALOS",
"id": "TALOS-2018-0737",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-922",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-34827",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU92254859",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-25-114-01",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015476",
"trust": 0.8
},
{
"db": "IVD",
"id": "B64FC880-1ACF-4FF9-B621-6D507DD1FEDF",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137881",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-7849",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "b64fc880-1acf-4ff9-b621-6d507dd1fedf"
},
{
"db": "CNVD",
"id": "CNVD-2019-34827"
},
{
"db": "VULHUB",
"id": "VHN-137881"
},
{
"db": "VULMON",
"id": "CVE-2018-7849"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015476"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-922"
},
{
"db": "NVD",
"id": "CVE-2018-7849"
}
]
},
"id": "VAR-201905-1031",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b64fc880-1acf-4ff9-b621-6d507dd1fedf"
},
{
"db": "CNVD",
"id": "CNVD-2019-34827"
},
{
"db": "VULHUB",
"id": "VHN-137881"
}
],
"trust": 1.8935065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "b64fc880-1acf-4ff9-b621-6d507dd1fedf"
},
{
"db": "CNVD",
"id": "CNVD-2019-34827"
}
]
},
"last_update_date": "2025-05-01T23:12:49.674000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-134-11",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/yanissec/CVE-2018-7849 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-7849"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015476"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-755",
"trust": 1.1
},
{
"problemtype": "Improper handling in exceptional conditions (CWE-755) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-20",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137881"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015476"
},
{
"db": "NVD",
"id": "CVE-2018-7849"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7849"
},
{
"trust": 1.8,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-134-11/"
},
{
"trust": 1.8,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2018-0737"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92254859/index.html"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-01"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2018-0737"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/755.html"
},
{
"trust": 0.1,
"url": "https://github.com/yanissec/cve-2018-7849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34827"
},
{
"db": "VULHUB",
"id": "VHN-137881"
},
{
"db": "VULMON",
"id": "CVE-2018-7849"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015476"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-922"
},
{
"db": "NVD",
"id": "CVE-2018-7849"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b64fc880-1acf-4ff9-b621-6d507dd1fedf"
},
{
"db": "CNVD",
"id": "CNVD-2019-34827"
},
{
"db": "VULHUB",
"id": "VHN-137881"
},
{
"db": "VULMON",
"id": "CVE-2018-7849"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015476"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-922"
},
{
"db": "NVD",
"id": "CVE-2018-7849"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-12T00:00:00",
"db": "IVD",
"id": "b64fc880-1acf-4ff9-b621-6d507dd1fedf"
},
{
"date": "2019-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34827"
},
{
"date": "2019-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-137881"
},
{
"date": "2019-05-22T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7849"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015476"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-922"
},
{
"date": "2019-05-22T20:29:01.777000",
"db": "NVD",
"id": "CVE-2018-7849"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34827"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-137881"
},
{
"date": "2022-02-03T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7849"
},
{
"date": "2025-04-30T01:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015476"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-922"
},
{
"date": "2024-11-21T04:12:52.480000",
"db": "NVD",
"id": "CVE-2018-7849"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-922"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Modicon\u00a0 Product Exceptional State Handling Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015476"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation error",
"sources": [
{
"db": "IVD",
"id": "b64fc880-1acf-4ff9-b621-6d507dd1fedf"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-922"
}
],
"trust": 0.8
}
}