Search

Find a vulnerability

Search criteria

    450 vulnerabilities by Schneider

    VAR-201409-0722

    Vulnerability from variot - Updated: 2025-11-19 23:15

    Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. ClearSCADA is an integrated SCADA host platform that includes a rotation training engine, real-time database, web server, alarm processor and reporting software. A cross-site scripting vulnerability exists in the ClearSCADA WEB interface that allows an attacker to exploit a vulnerability to construct a malicious URI, to induce user resolution, and to perform system management operations. Scada Expert Clearscada is prone to a cross-site scripting vulnerability. Schneider Electric StruxureWare SCADA Expert ClearSCADA is a set of energy efficiency management software monitoring platform of French Schneider Electric (Schneider Electric). The platform is primarily used for remote management of critical infrastructure

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201409-0722",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": null,
            "scope": "eq",
            "trust": 2.0,
            "vendor": "clearscada",
            "version": "2013"
          },
          {
            "model": "scada expert clearscada",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "schneider electric",
            "version": "2014"
          },
          {
            "model": "scada expert clearscada",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "schneider electric",
            "version": "2013"
          },
          {
            "model": "clearscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "aveva",
            "version": "2013"
          },
          {
            "model": "clearscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "aveva",
            "version": "2010"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.8,
            "vendor": "clearscada",
            "version": "2010"
          },
          {
            "model": "clearscada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "2010 r3 (build 72.4560)"
          },
          {
            "model": "clearscada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "2010 r3.1 (build 72.4644)"
          },
          {
            "model": "scada expert clearscada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "2013 r1 (build 73.4729)"
          },
          {
            "model": "scada expert clearscada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "2013 r1.1 (build 73.4832)"
          },
          {
            "model": "scada expert clearscada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "2013 r1.1a (build 73.4903)"
          },
          {
            "model": "scada expert clearscada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "2013 r1.2 (build 73.4955)"
          },
          {
            "model": "scada expert clearscada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "2013 r2 (build 74.5094)"
          },
          {
            "model": "scada expert clearscada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "2013 r2.1 (build 74.5192)"
          },
          {
            "model": "scada expert clearscada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "2014 r1 (build 75.5210)"
          },
          {
            "model": "electric clearscada r3 (build",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider",
            "version": "201072.4560)"
          },
          {
            "model": "electric clearscada r3.1 (build",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider",
            "version": "201072.4644)"
          },
          {
            "model": "electric scada expert clearscada r1 (build",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider",
            "version": "201373.4729)"
          },
          {
            "model": "electric scada expert clearscada r1.1 (build",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider",
            "version": "201373.4832)"
          },
          {
            "model": "electric scada expert clearscada r1.1a (build",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider",
            "version": "201373.4903)"
          },
          {
            "model": "electric scada expert clearscada r1.2 (build",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider",
            "version": "201373.4955)"
          },
          {
            "model": "electric scada expert clearscada r2 (build",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider",
            "version": "201374.5094)"
          },
          {
            "model": "electric scada expert clearscada r2.1 (build",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider",
            "version": "201374.5192)"
          },
          {
            "model": "electric scada expert clearscada r1 (build",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider",
            "version": "201475.5210)"
          },
          {
            "model": "clearscada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider electric",
            "version": "2010"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "scada expert clearscada",
            "version": "2013"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "scada expert clearscada",
            "version": "2014"
          },
          {
            "model": "scada expert clearscada r1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "2014"
          },
          {
            "model": "scada expert clearscada r2.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "2013"
          },
          {
            "model": "scada expert clearscada r2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "2013"
          },
          {
            "model": "scada expert clearscada r1.2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "2013"
          },
          {
            "model": "scada expert clearscada r1.1a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "2013"
          },
          {
            "model": "scada expert clearscada r1.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "2013"
          },
          {
            "model": "scada expert clearscada r1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "2013"
          },
          {
            "model": "clearscada r3.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "2010"
          },
          {
            "model": "clearscada r3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "2010"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06196"
          },
          {
            "db": "BID",
            "id": "80073"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-656"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004282"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5411"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:schneider_electric:clearscada",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:schneider_electric:scada_expert_clearscada",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004282"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Unknown",
        "sources": [
          {
            "db": "BID",
            "id": "80073"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2014-5411",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CVE-2014-5411",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "ics-cert@hq.dhs.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 4.9,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2014-5411",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CNVD-2014-06196",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "770608ec-1eb9-11e6-abef-000c29c66e3d",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "dcdeebb0-2351-11e6-abef-000c29c66e3d",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "VHN-73352",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2014-5411",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-5411",
                "trust": 1.0,
                "value": "LOW"
              },
              {
                "author": "NVD",
                "id": "CVE-2014-5411",
                "trust": 0.8,
                "value": "Low"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2014-06196",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201409-656",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "IVD",
                "id": "770608ec-1eb9-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "LOW"
              },
              {
                "author": "IVD",
                "id": "dcdeebb0-2351-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "LOW"
              },
              {
                "author": "VULHUB",
                "id": "VHN-73352",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06196"
          },
          {
            "db": "VULHUB",
            "id": "VHN-73352"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-656"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004282"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5411"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5411"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. ClearSCADA is an integrated SCADA host platform that includes a rotation training engine, real-time database, web server, alarm processor and reporting software. A cross-site scripting vulnerability exists in the ClearSCADA WEB interface that allows an attacker to exploit a vulnerability to construct a malicious URI, to induce user resolution, and to perform system management operations. Scada Expert Clearscada is prone to a cross-site scripting vulnerability. Schneider Electric StruxureWare SCADA Expert ClearSCADA is a set of energy efficiency management software monitoring platform of French Schneider Electric (Schneider Electric). The platform is primarily used for remote management of critical infrastructure",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-5411"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004282"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06196"
          },
          {
            "db": "BID",
            "id": "80073"
          },
          {
            "db": "IVD",
            "id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "VULHUB",
            "id": "VHN-73352"
          }
        ],
        "trust": 2.88
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-5411",
            "trust": 3.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-14-259-01",
            "trust": 3.4
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06196",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-656",
            "trust": 1.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-14-259-01A",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004282",
            "trust": 0.8
          },
          {
            "db": "OSVDB",
            "id": "111238",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "80073",
            "trust": 0.4
          },
          {
            "db": "IVD",
            "id": "770608EC-1EB9-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "DCDEEBB0-2351-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-73352",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06196"
          },
          {
            "db": "VULHUB",
            "id": "VHN-73352"
          },
          {
            "db": "BID",
            "id": "80073"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-656"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004282"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5411"
          }
        ]
      },
      "id": "VAR-201409-0722",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06196"
          },
          {
            "db": "VULHUB",
            "id": "VHN-73352"
          }
        ],
        "trust": 2.0027777833333333
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06196"
          }
        ]
      },
      "last_update_date": "2025-11-19T23:15:03.200000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "StruxureWare SCADA Expert ClearSCADA",
            "trust": 0.8,
            "url": "http://www.schneider-electric.com/products/ww/en/5100-software/5135-operating-monitoring/61264-struxureware-scada-expert-clearscada/?xtmc=ClearSCADA\u0026xtcr=1"
          },
          {
            "title": "Patch for Schneider Electric ClearSCADA Cross-Site Scripting Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/50244"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-06196"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004282"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-73352"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004282"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5411"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-259-01"
          },
          {
            "trust": 1.4,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5411"
          },
          {
            "trust": 1.0,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/cisagov/csaf/blob/develop/csaf_files/ot/white/2014/icsa-14-259-01a.json"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5411"
          },
          {
            "trust": 0.6,
            "url": "http://osvdb.com/show/osvdb/111238"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-06196"
          },
          {
            "db": "VULHUB",
            "id": "VHN-73352"
          },
          {
            "db": "BID",
            "id": "80073"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-656"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004282"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5411"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06196"
          },
          {
            "db": "VULHUB",
            "id": "VHN-73352"
          },
          {
            "db": "BID",
            "id": "80073"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-656"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004282"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5411"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-09-23T00:00:00",
            "db": "IVD",
            "id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2014-09-23T00:00:00",
            "db": "IVD",
            "id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2014-09-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-06196"
          },
          {
            "date": "2014-09-18T00:00:00",
            "db": "VULHUB",
            "id": "VHN-73352"
          },
          {
            "date": "2014-09-18T00:00:00",
            "db": "BID",
            "id": "80073"
          },
          {
            "date": "2014-09-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201409-656"
          },
          {
            "date": "2014-09-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-004282"
          },
          {
            "date": "2014-09-18T10:55:11.640000",
            "db": "NVD",
            "id": "CVE-2014-5411"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-09-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-06196"
          },
          {
            "date": "2018-12-31T00:00:00",
            "db": "VULHUB",
            "id": "VHN-73352"
          },
          {
            "date": "2014-09-18T00:00:00",
            "db": "BID",
            "id": "80073"
          },
          {
            "date": "2014-09-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201409-656"
          },
          {
            "date": "2014-09-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-004282"
          },
          {
            "date": "2025-11-04T23:15:33.223000",
            "db": "NVD",
            "id": "CVE-2014-5411"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-656"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Schneider Electric ClearSCADA Cross-Site Scripting Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "770608ec-1eb9-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "dcdeebb0-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06196"
          }
        ],
        "trust": 1.0
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-656"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201409-0724

    Vulnerability from variot - Updated: 2025-11-19 23:15

    Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm. ClearSCADA is an integrated SCADA host platform. Schneider Electric ClearSCADA has a remote unknown vulnerability that allows an attacker to exploit the vulnerability to obtain sensitive information. Information obtained may lead to further attacks. Schneider Electric StruxureWare SCADA Expert ClearSCADA is a set of energy efficiency management software monitoring platform of French Schneider Electric (Schneider Electric). The platform is primarily used for remote management of critical infrastructure. There is an encryption issue vulnerability in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 to 2014 R1

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201409-0724",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "scada expert clearscada",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "schneider electric",
            "version": "2014"
          },
          {
            "model": "scada expert clearscada",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "schneider electric",
            "version": "2013"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 1.0,
            "vendor": "clearscada",
            "version": "2013"
          },
          {
            "model": "clearscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "aveva",
            "version": "2013"
          },
          {
            "model": "clearscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "aveva",
            "version": "2010"
          },
          {
            "model": "clearscada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "2010 r3 (build 72.4560)"
          },
          {
            "model": "clearscada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "2010 r3.1 (build 72.4644)"
          },
          {
            "model": "scada expert clearscada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "2013 r1 (build 73.4729)"
          },
          {
            "model": "scada expert clearscada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "2013 r1.1 (build 73.4832)"
          },
          {
            "model": "scada expert clearscada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "2013 r1.1a (build 73.4903)"
          },
          {
            "model": "scada expert clearscada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "2013 r1.2 (build 73.4955)"
          },
          {
            "model": "scada expert clearscada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "2013 r2 (build 74.5094)"
          },
          {
            "model": "scada expert clearscada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "2013 r2.1 (build 74.5192)"
          },
          {
            "model": "scada expert clearscada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "2014 r1 (build 75.5210)"
          },
          {
            "model": "electric clearscada r3-2014 r1",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider",
            "version": "2010"
          },
          {
            "model": "clearscada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider electric",
            "version": "2010"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "clearscada",
            "version": "2010"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada expert clearscada",
            "version": "2013"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada expert clearscada",
            "version": "2014"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06121"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-658"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004284"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5413"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:schneider_electric:clearscada",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:schneider_electric:scada_expert_clearscada",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004284"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Aditya Sood",
        "sources": [
          {
            "db": "BID",
            "id": "69842"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2014-5413",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ics-cert@hq.dhs.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2014-5413",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2014-5413",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2014-5413",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2014-06121",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "dcfe0734-2351-11e6-abef-000c29c66e3d",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-73354",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2014-5413",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-5413",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2014-5413",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2014-06121",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201409-658",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "dcfe0734-2351-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-73354",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06121"
          },
          {
            "db": "VULHUB",
            "id": "VHN-73354"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-658"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004284"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5413"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5413"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm. ClearSCADA is an integrated SCADA host platform. Schneider Electric ClearSCADA has a remote unknown vulnerability that allows an attacker to exploit the vulnerability to obtain sensitive information. Information obtained may lead to further attacks. Schneider Electric StruxureWare SCADA Expert ClearSCADA is a set of energy efficiency management software monitoring platform of French Schneider Electric (Schneider Electric). The platform is primarily used for remote management of critical infrastructure. There is an encryption issue vulnerability in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 to 2014 R1",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-5413"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004284"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06121"
          },
          {
            "db": "BID",
            "id": "69842"
          },
          {
            "db": "IVD",
            "id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "VULHUB",
            "id": "VHN-73354"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-5413",
            "trust": 3.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-14-259-01",
            "trust": 2.5
          },
          {
            "db": "BID",
            "id": "69842",
            "trust": 1.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-14-259-01A",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-658",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06121",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004284",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "DCFE0734-2351-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-73354",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06121"
          },
          {
            "db": "VULHUB",
            "id": "VHN-73354"
          },
          {
            "db": "BID",
            "id": "69842"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-658"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004284"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5413"
          }
        ]
      },
      "id": "VAR-201409-0724",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06121"
          },
          {
            "db": "VULHUB",
            "id": "VHN-73354"
          }
        ],
        "trust": 1.9
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06121"
          }
        ]
      },
      "last_update_date": "2025-11-19T23:15:03.156000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "StruxureWare SCADA Expert ClearSCADA",
            "trust": 0.8,
            "url": "http://www.schneider-electric.com/products/ww/en/5100-software/5135-operating-monitoring/61264-struxureware-scada-expert-clearscada/?xtmc=ClearSCADA\u0026xtcr=1"
          },
          {
            "title": "Schneider Electric ClearSCADA has patches for remote unknown vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/50145"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-06121"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004284"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-310",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-73354"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004284"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5413"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-259-01"
          },
          {
            "trust": 1.0,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/cisagov/csaf/blob/develop/csaf_files/ot/white/2014/icsa-14-259-01a.json"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5413"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5413"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/69842/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-06121"
          },
          {
            "db": "VULHUB",
            "id": "VHN-73354"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-658"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004284"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5413"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06121"
          },
          {
            "db": "VULHUB",
            "id": "VHN-73354"
          },
          {
            "db": "BID",
            "id": "69842"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-658"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004284"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5413"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-09-22T00:00:00",
            "db": "IVD",
            "id": "dcfe0734-2351-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2014-09-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-06121"
          },
          {
            "date": "2014-09-18T00:00:00",
            "db": "VULHUB",
            "id": "VHN-73354"
          },
          {
            "date": "2014-09-16T00:00:00",
            "db": "BID",
            "id": "69842"
          },
          {
            "date": "2014-09-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201409-658"
          },
          {
            "date": "2014-09-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-004284"
          },
          {
            "date": "2014-09-18T10:55:11.733000",
            "db": "NVD",
            "id": "CVE-2014-5413"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-09-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-06121"
          },
          {
            "date": "2018-12-31T00:00:00",
            "db": "VULHUB",
            "id": "VHN-73354"
          },
          {
            "date": "2014-10-08T07:00:00",
            "db": "BID",
            "id": "69842"
          },
          {
            "date": "2014-09-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201409-658"
          },
          {
            "date": "2014-09-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-004284"
          },
          {
            "date": "2025-11-04T23:15:33.543000",
            "db": "NVD",
            "id": "CVE-2014-5413"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-658"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Schneider Electric StruxureWare SCADA Expert ClearSCADA Vulnerable to server impersonation",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004284"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "encryption problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-658"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201409-0723

    Vulnerability from variot - Updated: 2025-11-18 15:15

    Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account. ClearSCADA is an integrated SCADA host platform. Schneider Electric ClearSCADA has a remote security bypass vulnerability that allows an attacker to exploit this vulnerability to bypass security restrictions and perform unauthorized operations. Schneider Electric ClearSCADA is prone to a remote security-bypass vulnerability. The platform is primarily used for remote management of critical infrastructure

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201409-0723",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "scada expert clearscada",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "schneider electric",
            "version": "2014"
          },
          {
            "model": "scada expert clearscada",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "schneider electric",
            "version": "2013"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 1.0,
            "vendor": "clearscada",
            "version": "2013"
          },
          {
            "model": "clearscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "aveva",
            "version": "2013"
          },
          {
            "model": "clearscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "aveva",
            "version": "2010"
          },
          {
            "model": "clearscada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "2010 r3 (build 72.4560)"
          },
          {
            "model": "clearscada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "2010 r3.1 (build 72.4644)"
          },
          {
            "model": "scada expert clearscada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "2013 r1 (build 73.4729)"
          },
          {
            "model": "scada expert clearscada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "2013 r1.1 (build 73.4832)"
          },
          {
            "model": "scada expert clearscada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "2013 r1.1a (build 73.4903)"
          },
          {
            "model": "scada expert clearscada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "2013 r1.2 (build 73.4955)"
          },
          {
            "model": "scada expert clearscada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "2013 r2 (build 74.5094)"
          },
          {
            "model": "scada expert clearscada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "2013 r2.1 (build 74.5192)"
          },
          {
            "model": "scada expert clearscada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "2014 r1 (build 75.5210)"
          },
          {
            "model": "electric clearscada",
            "scope": null,
            "trust": 0.6,
            "vendor": "schneider",
            "version": null
          },
          {
            "model": "clearscada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider electric",
            "version": "2010"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "clearscada",
            "version": "2010"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada expert clearscada",
            "version": "2013"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada expert clearscada",
            "version": "2014"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06087"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-657"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004283"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5412"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:schneider_electric:clearscada",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:schneider_electric:scada_expert_clearscada",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004283"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "CERT",
        "sources": [
          {
            "db": "BID",
            "id": "69840"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2014-5412",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2014-5412",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ics-cert@hq.dhs.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2014-5412",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2014-06087",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "dcf002d8-2351-11e6-abef-000c29c66e3d",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-73353",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2014-5412",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-5412",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2014-5412",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2014-06087",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201409-657",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "dcf002d8-2351-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-73353",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06087"
          },
          {
            "db": "VULHUB",
            "id": "VHN-73353"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-657"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004283"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5412"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5412"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account. ClearSCADA is an integrated SCADA host platform. Schneider Electric ClearSCADA has a remote security bypass vulnerability that allows an attacker to exploit this vulnerability to bypass security restrictions and perform unauthorized operations. Schneider Electric ClearSCADA is prone to a remote security-bypass vulnerability. The platform is primarily used for remote management of critical infrastructure",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-5412"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004283"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06087"
          },
          {
            "db": "BID",
            "id": "69840"
          },
          {
            "db": "IVD",
            "id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "VULHUB",
            "id": "VHN-73353"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-5412",
            "trust": 3.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-14-259-01",
            "trust": 2.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-14-259-01A",
            "trust": 1.3
          },
          {
            "db": "BID",
            "id": "69840",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-657",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06087",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004283",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "DCF002D8-2351-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-73353",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06087"
          },
          {
            "db": "VULHUB",
            "id": "VHN-73353"
          },
          {
            "db": "BID",
            "id": "69840"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-657"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004283"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5412"
          }
        ]
      },
      "id": "VAR-201409-0723",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06087"
          },
          {
            "db": "VULHUB",
            "id": "VHN-73353"
          }
        ],
        "trust": 1.9
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06087"
          }
        ]
      },
      "last_update_date": "2025-11-18T15:15:10.874000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "StruxureWare SCADA Expert ClearSCADA",
            "trust": 0.8,
            "url": "http://www.schneider-electric.com/products/ww/en/5100-software/5135-operating-monitoring/61264-struxureware-scada-expert-clearscada/?xtmc=ClearSCADA\u0026xtcr=1"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004283"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-264",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-287",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-73353"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004283"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5412"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-259-01"
          },
          {
            "trust": 1.0,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/cisagov/csaf/blob/develop/csaf_files/ot/white/2014/icsa-14-259-01a.json"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5412"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5412"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/69840"
          },
          {
            "trust": 0.3,
            "url": "http://www.schneider-electric.com/products/ww/en/"
          },
          {
            "trust": 0.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-259-01a"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-06087"
          },
          {
            "db": "VULHUB",
            "id": "VHN-73353"
          },
          {
            "db": "BID",
            "id": "69840"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-657"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004283"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5412"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06087"
          },
          {
            "db": "VULHUB",
            "id": "VHN-73353"
          },
          {
            "db": "BID",
            "id": "69840"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-657"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004283"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5412"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-09-19T00:00:00",
            "db": "IVD",
            "id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2014-09-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-06087"
          },
          {
            "date": "2014-09-18T00:00:00",
            "db": "VULHUB",
            "id": "VHN-73353"
          },
          {
            "date": "2014-09-16T00:00:00",
            "db": "BID",
            "id": "69840"
          },
          {
            "date": "2014-09-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201409-657"
          },
          {
            "date": "2014-09-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-004283"
          },
          {
            "date": "2014-09-18T10:55:11.687000",
            "db": "NVD",
            "id": "CVE-2014-5412"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-09-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-06087"
          },
          {
            "date": "2018-12-31T00:00:00",
            "db": "VULHUB",
            "id": "VHN-73353"
          },
          {
            "date": "2015-03-19T08:46:00",
            "db": "BID",
            "id": "69840"
          },
          {
            "date": "2014-09-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201409-657"
          },
          {
            "date": "2014-09-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-004283"
          },
          {
            "date": "2025-11-04T23:15:33.393000",
            "db": "NVD",
            "id": "CVE-2014-5412"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-657"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Schneider Electric ClearSCADA Remote Security Bypass Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "dcf002d8-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06087"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-657"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201905-1044

    Vulnerability from variot - Updated: 2025-11-18 15:14

    A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered. U.motionBuilder is a generator product from Schneider Electric of France. A security vulnerability exists in SchneiderElectricU.MotionBuildertrack_import_export.phpobject_id. The vulnerability is due to an application failing to properly validate and filter this parameter, and an attacker could exploit the vulnerability to insert arbitrary commands

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201905-1044",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "u.motion builder",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": "1.3.4"
          },
          {
            "model": "u.motion builder software",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "1.3.4"
          },
          {
            "model": "electric u.motion builder",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "schneider",
            "version": "\u003c=1.3.4"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "u motion builder",
            "version": "1.3.4"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "ab58dace-bec4-420e-bb16-b855ccecebc0"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-14275"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015483"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7841"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:schneider_electric:u.motion_builder",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015483"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Julien Ahrens",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-612"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2018-7841",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-7841",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-14275",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "ab58dace-bec4-420e-bb16-b855ccecebc0",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-7841",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-7841",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-7841",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2018-7841",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-7841",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-14275",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201905-612",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "ab58dace-bec4-420e-bb16-b855ccecebc0",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-7841",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "ab58dace-bec4-420e-bb16-b855ccecebc0"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-14275"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-7841"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-612"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015483"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7841"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7841"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered. U.motionBuilder is a generator product from Schneider Electric of France. A security vulnerability exists in SchneiderElectricU.MotionBuildertrack_import_export.phpobject_id. The vulnerability is due to an application failing to properly validate and filter this parameter, and an attacker could exploit the vulnerability to insert arbitrary commands",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-7841"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015483"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-14275"
          },
          {
            "db": "IVD",
            "id": "ab58dace-bec4-420e-bb16-b855ccecebc0"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-7841"
          }
        ],
        "trust": 2.43
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=46846",
            "trust": 0.1,
            "type": "exploit"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2018-7841"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-7841",
            "trust": 3.3
          },
          {
            "db": "PACKETSTORM",
            "id": "152862",
            "trust": 1.7
          },
          {
            "db": "SCHNEIDER",
            "id": "SEVD-2019-071-02",
            "trust": 1.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-14275",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-612",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015483",
            "trust": 0.8
          },
          {
            "db": "EXPLOIT-DB",
            "id": "46846",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "AB58DACE-BEC4-420E-BB16-B855CCECEBC0",
            "trust": 0.2
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-7841",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "ab58dace-bec4-420e-bb16-b855ccecebc0"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-14275"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-7841"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-612"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015483"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7841"
          }
        ]
      },
      "id": "VAR-201905-1044",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "ab58dace-bec4-420e-bb16-b855ccecebc0"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-14275"
          }
        ],
        "trust": 1.8
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "ab58dace-bec4-420e-bb16-b855ccecebc0"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-14275"
          }
        ]
      },
      "last_update_date": "2025-11-18T15:14:19.529000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "SEVD-2019-071-02",
            "trust": 0.8,
            "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-071-02/"
          },
          {
            "title": "advisories",
            "trust": 0.1,
            "url": "https://github.com/MrTuxracer/advisories "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2018-7841"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015483"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015483"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7841"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "http://seclists.org/fulldisclosure/2019/may/26"
          },
          {
            "trust": 2.3,
            "url": "http://packetstormsecurity.com/files/152862/schneider-electric-u.motion-builder-1.3.4-command-injection.html"
          },
          {
            "trust": 1.7,
            "url": "https://www.schneider-electric.com/ww/en/download/document/sevd-2019-071-02"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7841"
          },
          {
            "trust": 1.0,
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2018-7841"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7841"
          },
          {
            "trust": 0.7,
            "url": "https://www.exploit-db.com/exploits/46846"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/89.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-14275"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-7841"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-612"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015483"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7841"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "ab58dace-bec4-420e-bb16-b855ccecebc0"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-14275"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-7841"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-612"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015483"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7841"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-05-15T00:00:00",
            "db": "IVD",
            "id": "ab58dace-bec4-420e-bb16-b855ccecebc0"
          },
          {
            "date": "2019-05-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-14275"
          },
          {
            "date": "2019-05-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-7841"
          },
          {
            "date": "2019-05-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201905-612"
          },
          {
            "date": "2019-06-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-015483"
          },
          {
            "date": "2019-05-22T20:29:01.480000",
            "db": "NVD",
            "id": "CVE-2018-7841"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-05-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-14275"
          },
          {
            "date": "2019-05-23T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-7841"
          },
          {
            "date": "2019-05-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201905-612"
          },
          {
            "date": "2019-06-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-015483"
          },
          {
            "date": "2025-11-03T18:59:49.653000",
            "db": "NVD",
            "id": "CVE-2018-7841"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-612"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Schneider Electric U.Motion Builder track_import_export.php object_id Unverified command injection vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "ab58dace-bec4-420e-bb16-b855ccecebc0"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-14275"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "IVD",
            "id": "ab58dace-bec4-420e-bb16-b855ccecebc0"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-612"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201409-0721

    Vulnerability from variot - Updated: 2025-11-18 15:07

    Multiple stack-based buffer overflows in Schneider Electric VAMPSET 2.2.136 and earlier allow local users to cause a denial of service (application halt) via a malformed (1) setting file or (2) disturbance recording file. Schneider Electric VAMPSET is a free device management software for parameter setting and configuration relaying of VAMP relay protection. Schneider Electric VAMPSET has a local stack buffer overflow vulnerability that fails to properly check for user-entered data as it is copied to the buffer. An attacker could exploit this vulnerability to execute arbitrary code in the context of an application. Failed exploit attempts will result in a denial-of-service condition. VAMPSET 2.2.136 and prior versions are vulnerable. Schneider Electric VAMPSET is a set of software deployed in the energy industry by the French company Schneider Electric to configure and maintain multiple relays and arc monitors

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201409-0721",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "vampset",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "schneider electric",
            "version": "2.2.136"
          },
          {
            "model": "electric vampset",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "schneider",
            "version": "\u003c=2.2.136"
          },
          {
            "model": "vampset",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider electric",
            "version": "2.2.136"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vampset",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "dce1bf8e-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06017"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-523"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004190"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5407"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:schneider_electric:vampset",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004190"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Aivar Liimets of Martem AS",
        "sources": [
          {
            "db": "BID",
            "id": "69764"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2014-5407",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.4,
                "id": "CVE-2014-5407",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "LOCAL",
                "authentication": "SINGLE",
                "author": "ics-cert@hq.dhs.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.1,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 2.7,
                "id": "CVE-2014-5407",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:L/AC:M/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.4,
                "id": "CNVD-2014-06017",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.4,
                "id": "dce1bf8e-2351-11e6-abef-000c29c66e3d",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.4,
                "id": "VHN-73348",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:L/AC:M/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2014-5407",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-5407",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2014-5407",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2014-06017",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201409-523",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "dce1bf8e-2351-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-73348",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "dce1bf8e-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06017"
          },
          {
            "db": "VULHUB",
            "id": "VHN-73348"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-523"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004190"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5407"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5407"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple stack-based buffer overflows in Schneider Electric VAMPSET 2.2.136 and earlier allow local users to cause a denial of service (application halt) via a malformed (1) setting file or (2) disturbance recording file. Schneider Electric VAMPSET is a free device management software for parameter setting and configuration relaying of VAMP relay protection. Schneider Electric VAMPSET has a local stack buffer overflow vulnerability that fails to properly check for user-entered data as it is copied to the buffer. An attacker could exploit this vulnerability to execute arbitrary code in the context of an application. Failed exploit attempts will result in a denial-of-service condition. \nVAMPSET 2.2.136 and prior versions are vulnerable. Schneider Electric VAMPSET is a set of software deployed in the energy industry by the French company Schneider Electric to configure and maintain multiple relays and arc monitors",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-5407"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004190"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06017"
          },
          {
            "db": "BID",
            "id": "69764"
          },
          {
            "db": "IVD",
            "id": "dce1bf8e-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "VULHUB",
            "id": "VHN-73348"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-5407",
            "trust": 3.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-14-254-01",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "69764",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-523",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06017",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004190",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "DCE1BF8E-2351-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-73348",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "dce1bf8e-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06017"
          },
          {
            "db": "VULHUB",
            "id": "VHN-73348"
          },
          {
            "db": "BID",
            "id": "69764"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-523"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004190"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5407"
          }
        ]
      },
      "id": "VAR-201409-0721",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "dce1bf8e-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06017"
          },
          {
            "db": "VULHUB",
            "id": "VHN-73348"
          }
        ],
        "trust": 1.721428565
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "dce1bf8e-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06017"
          }
        ]
      },
      "last_update_date": "2025-11-18T15:07:13.689000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Vamp Software",
            "trust": 0.8,
            "url": "http://www.schneider-electric.com/products/ww/en/2300-ied-user-software/2320-vamp-user-software/62050-vamp-software/"
          },
          {
            "title": "Schneider Electric VAMPSET Local Stack Buffer Overflow Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/50100"
          },
          {
            "title": "VAMP 50 default setting for VAMPSET",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51646"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-06017"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-523"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004190"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-73348"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004190"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5407"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-254-01"
          },
          {
            "trust": 1.4,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5407"
          },
          {
            "trust": 1.0,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-254-01"
          },
          {
            "trust": 1.0,
            "url": "http://www.schneider-electric.com/products/ww/en/2300-ied-user-software/2320-vamp-user-software/62050-vamp-software/"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/cisagov/csaf/blob/develop/csaf_files/ot/white/2014/icsa-14-254-01.json"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5407"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/69764"
          },
          {
            "trust": 0.3,
            "url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-06017"
          },
          {
            "db": "VULHUB",
            "id": "VHN-73348"
          },
          {
            "db": "BID",
            "id": "69764"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-523"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004190"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5407"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "dce1bf8e-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06017"
          },
          {
            "db": "VULHUB",
            "id": "VHN-73348"
          },
          {
            "db": "BID",
            "id": "69764"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-523"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004190"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5407"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-09-18T00:00:00",
            "db": "IVD",
            "id": "dce1bf8e-2351-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2014-09-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-06017"
          },
          {
            "date": "2014-09-15T00:00:00",
            "db": "VULHUB",
            "id": "VHN-73348"
          },
          {
            "date": "2014-09-11T00:00:00",
            "db": "BID",
            "id": "69764"
          },
          {
            "date": "2014-09-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201409-523"
          },
          {
            "date": "2014-09-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-004190"
          },
          {
            "date": "2014-09-15T14:55:11.697000",
            "db": "NVD",
            "id": "CVE-2014-5407"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-09-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-06017"
          },
          {
            "date": "2014-09-15T00:00:00",
            "db": "VULHUB",
            "id": "VHN-73348"
          },
          {
            "date": "2015-03-19T08:44:00",
            "db": "BID",
            "id": "69764"
          },
          {
            "date": "2014-09-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201409-523"
          },
          {
            "date": "2014-09-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-004190"
          },
          {
            "date": "2025-11-03T19:15:38.683000",
            "db": "NVD",
            "id": "CVE-2014-5407"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "BID",
            "id": "69764"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-523"
          }
        ],
        "trust": 0.9
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Schneider Electric VAMPSET Local Stack Buffer Overflow Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "dce1bf8e-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06017"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer overflow",
        "sources": [
          {
            "db": "IVD",
            "id": "dce1bf8e-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201409-523"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202506-0483

    Vulnerability from variot - Updated: 2025-10-07 22:57

    CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote control over the charging station when an authenticated user modifies configuration parameters on the web server. Schneider Electric EVLink WallBox is a home charging station from Schneider Electric of France.

    Schneider Electric EVLink WallBox has an operating system command injection vulnerability. Attackers can exploit this vulnerability to remotely control the charging station

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202506-0483",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "electric evlink wallbox",
            "scope": null,
            "trust": 0.6,
            "vendor": "schneider",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15347"
          }
        ]
      },
      "cve": "CVE-2025-5743",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "MULTIPLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.4,
                "id": "CNVD-2025-15347",
                "impactScore": 7.8,
                "integrityImpact": "COMPLETE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:M/C:P/I:C/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cybersecurity@se.com",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.2,
                "id": "CVE-2025-5743",
                "impactScore": 4.2,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "cybersecurity@se.com",
                "id": "CVE-2025-5743",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-15347",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15347"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5743"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\nvulnerability exists that could cause remote control over the charging station when an authenticated user\nmodifies configuration parameters on the web server. Schneider Electric EVLink WallBox is a home charging station from Schneider Electric of France. \n\nSchneider Electric EVLink WallBox has an operating system command injection vulnerability. Attackers can exploit this vulnerability to remotely control the charging station",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-5743"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15347"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-5743",
            "trust": 1.6
          },
          {
            "db": "SCHNEIDER",
            "id": "SEVD-2025-161-03",
            "trust": 1.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15347",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15347"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5743"
          }
        ]
      },
      "id": "VAR-202506-0483",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15347"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15347"
          }
        ]
      },
      "last_update_date": "2025-10-07T22:57:56.359000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for Schneider Electric EVLink WallBox OS Command Injection Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/706306"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15347"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-5743"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.0,
            "url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2025-161-03\u0026p_endoctype=security+and+safety+notice\u0026p_file_name=sevd-2025-161-03.pdf"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-5743"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15347"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5743"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15347"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5743"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15347"
          },
          {
            "date": "2025-06-10T09:15:25.703000",
            "db": "NVD",
            "id": "CVE-2025-5743"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15347"
          },
          {
            "date": "2025-10-07T04:16:18.733000",
            "db": "NVD",
            "id": "CVE-2025-5743"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Schneider Electric EVLink WallBox OS Command Injection Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15347"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202506-0485

    Vulnerability from variot - Updated: 2025-10-07 22:57

    CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file writes when an authenticated user on the web server manipulates file path. Schneider Electric EVLink WallBox is a home charging station from Schneider Electric of France.

    Schneider Electric EVLink WallBox has a path traversal vulnerability, which is caused by improper path name restriction

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202506-0485",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "electric evlink wallbox",
            "scope": null,
            "trust": 0.6,
            "vendor": "schneider",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15348"
          }
        ]
      },
      "cve": "CVE-2025-5740",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "MULTIPLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.4,
                "id": "CNVD-2025-15348",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cybersecurity@se.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2025-5740",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "cybersecurity@se.com",
                "id": "CVE-2025-5740",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-15348",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15348"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5740"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability exists that could cause arbitrary file writes when an authenticated user on the web server manipulates file path. Schneider Electric EVLink WallBox is a home charging station from Schneider Electric of France. \n\nSchneider Electric EVLink WallBox has a path traversal vulnerability, which is caused by improper path name restriction",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-5740"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15348"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-5740",
            "trust": 1.6
          },
          {
            "db": "SCHNEIDER",
            "id": "SEVD-2025-161-03",
            "trust": 1.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15348",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15348"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5740"
          }
        ]
      },
      "id": "VAR-202506-0485",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15348"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15348"
          }
        ]
      },
      "last_update_date": "2025-10-07T22:57:56.343000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for Schneider Electric EVLink WallBox Path Traversal Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/706291"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15348"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-22",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-5740"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.0,
            "url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2025-161-03\u0026p_endoctype=security+and+safety+notice\u0026p_file_name=sevd-2025-161-03.pdf"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-5740"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15348"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5740"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15348"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5740"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15348"
          },
          {
            "date": "2025-06-10T09:15:25.093000",
            "db": "NVD",
            "id": "CVE-2025-5740"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15348"
          },
          {
            "date": "2025-10-07T04:16:18.470000",
            "db": "NVD",
            "id": "CVE-2025-5740"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Schneider Electric EVLink WallBox Path Traversal Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15348"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201404-0553

    Vulnerability from variot - Updated: 2025-09-26 23:41

    Multiple buffer overflows in the OPC Automation 2.0 Server Object ActiveX control in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 3.5 and earlier, TLXCDSTOFS33 3.5 and earlier, TLXCDLUOFS33 3.5 and earlier, TLXCDLTOFS33 3.5 and earlier, and TLXCDLFOFS33 3.5 and earlier allow remote attackers to cause a denial of service via long arguments to unspecified functions. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Zone overflow vulnerability. Allowing a remote attacker to cause a denial of service through the \342\200\230long\342\200\231 parameter. Multiple Schneider Electric Products are prone to a remote buffer-overflow vulnerability because it fails to properly validate user-supplied input. Attackers can exploit this issue to cause a denial-of-service condition. The following products are vulnerable: TLXCDSUOFS33 3.5 and prior TLXCDSTOFS33 3.5 and prior TLXCDLUOFS33 3.5 and prior TLXCDLTOFS33 3.5 and prior TLXCDLFOFS33 3.5 and prior. The application features easy integration, custom interface and more

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201404-0553",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "opc factory server tlxcdstofs",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": "3.35"
          },
          {
            "model": "opc factory server tlxcdluofs",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": "3.35"
          },
          {
            "model": "opc factory server tlxcdlfofs",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": "3.35"
          },
          {
            "model": "opc factory server tlxcdltofs",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": "3.35"
          },
          {
            "model": "opc factory server tlxcdsuofs",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": "3.35"
          },
          {
            "model": "tlxcdlfofs",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "33 - v3.5"
          },
          {
            "model": "tlxcdltofs",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "33 - v3.5"
          },
          {
            "model": "tlxcdluofs",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "33 - v3.5"
          },
          {
            "model": "tlxcdstofs",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "33 - v3.5"
          },
          {
            "model": "tlxcdsuofs",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "33 - v3.5"
          },
          {
            "model": "electric tlxcdsuofs33",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider",
            "version": "3.5"
          },
          {
            "model": "electric tlxcdstofs33",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider",
            "version": "3.5"
          },
          {
            "model": "electric tlxcdluofs33",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider",
            "version": "3.5"
          },
          {
            "model": "electric tlxcdlfofs33",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider",
            "version": "3.5"
          },
          {
            "model": "opc factory server tlxcdluofs",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider electric",
            "version": "3.35"
          },
          {
            "model": "opc factory server tlxcdstofs",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider electric",
            "version": "3.35"
          },
          {
            "model": "opc factory server tlxcdlfofs",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider electric",
            "version": "3.35"
          },
          {
            "model": "opc factory server tlxcdsuofs",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider electric",
            "version": "3.35"
          },
          {
            "model": "opc factory server tlxcdltofs",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider electric",
            "version": "3.35"
          },
          {
            "model": "opc factory server tlxcdsuofs33",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "3.5"
          },
          {
            "model": "opc factory server tlxcdstofs33",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "3.5"
          },
          {
            "model": "opc factory server tlxcdluofs33",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "3.5"
          },
          {
            "model": "opc factory server tlxcdltofs33",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "3.5"
          },
          {
            "model": "opc factory server tlxcdlfofs33",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "3.5"
          },
          {
            "model": "opc factory server sp1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "3.5"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "opc factory server tlxcdlfofs",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "opc factory server tlxcdltofs",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "opc factory server tlxcdluofs",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "opc factory server tlxcdstofs",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "opc factory server tlxcdsuofs",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "1ab16a62-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-02181"
          },
          {
            "db": "BID",
            "id": "66643"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-058"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001905"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0789"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:schneider_electric:opc_factory_server_tlxcdlfofs",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:schneider_electric:opc_factory_server_tlxcdltofs",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:schneider_electric:opc_factory_server_tlxcdluofs",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:schneider_electric:opc_factory_server_tlxcdstofs",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:schneider_electric:opc_factory_server_tlxcdsuofs",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001905"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Wei Gao",
        "sources": [
          {
            "db": "BID",
            "id": "66643"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2014-0789",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2014-0789",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ics-cert@hq.dhs.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2014-0789",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2014-02181",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "1ab16a62-2352-11e6-abef-000c29c66e3d",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-68282",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2014-0789",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-0789",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2014-0789",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2014-02181",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201404-058",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "1ab16a62-2352-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-68282",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "1ab16a62-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-02181"
          },
          {
            "db": "VULHUB",
            "id": "VHN-68282"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-058"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001905"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0789"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0789"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple buffer overflows in the OPC Automation 2.0 Server Object ActiveX control in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 3.5 and earlier, TLXCDSTOFS33 3.5 and earlier, TLXCDLUOFS33 3.5 and earlier, TLXCDLTOFS33 3.5 and earlier, and TLXCDLFOFS33 3.5 and earlier allow remote attackers to cause a denial of service via long arguments to unspecified functions. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Zone overflow vulnerability. Allowing a remote attacker to cause a denial of service through the \\342\\200\\230long\\342\\200\\231 parameter. Multiple Schneider Electric Products are prone to a remote buffer-overflow vulnerability because it fails to properly validate user-supplied input. \nAttackers can exploit this issue to cause a denial-of-service condition. \nThe following products are vulnerable:\nTLXCDSUOFS33 3.5 and prior\nTLXCDSTOFS33 3.5 and prior\nTLXCDLUOFS33 3.5 and prior\nTLXCDLTOFS33 3.5 and prior\nTLXCDLFOFS33 3.5 and prior. The application features easy integration, custom interface and more",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-0789"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001905"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-02181"
          },
          {
            "db": "BID",
            "id": "66643"
          },
          {
            "db": "IVD",
            "id": "1ab16a62-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "VULHUB",
            "id": "VHN-68282"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-0789",
            "trust": 3.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-14-093-01",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "66643",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-058",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-02181",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001905",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "1AB16A62-2352-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-68282",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "1ab16a62-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-02181"
          },
          {
            "db": "VULHUB",
            "id": "VHN-68282"
          },
          {
            "db": "BID",
            "id": "66643"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-058"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001905"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0789"
          }
        ]
      },
      "id": "VAR-201404-0553",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "1ab16a62-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-02181"
          },
          {
            "db": "VULHUB",
            "id": "VHN-68282"
          }
        ],
        "trust": 1.9
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "1ab16a62-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-02181"
          }
        ]
      },
      "last_update_date": "2025-09-26T23:41:12.986000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Vulnerability Disclosure - OPC Factory Server Buffer Overflow (SEVD 2014-084-01)",
            "trust": 0.8,
            "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-084-01"
          },
          {
            "title": "Cybersecurity News",
            "trust": 0.8,
            "url": "http://www.schneider-electric.com/corporate/en/support/cybersecurity/viewer-news.page?c_filepath=/templatedata/Content/News/data/en/local/cybersecurity/general_information/2014/03/20140325_vulnerability_disclosure_opc_factory_server.xml"
          },
          {
            "title": "Patch for multiple Schneider Electric product heap buffer overflow vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/44691"
          },
          {
            "title": "OFS_CD2906_V350_SP1",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49093"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-02181"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-058"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001905"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-122",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-68282"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001905"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0789"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-093-01"
          },
          {
            "trust": 1.7,
            "url": "http://www.schneider-electric.com/corporate/en/support/cybersecurity/viewer-news.page?c_filepath=/templatedata/content/news/data/en/local/cybersecurity/general_information/2014/03/20140325_vulnerability_disclosure_opc_factory_server.xml"
          },
          {
            "trust": 1.4,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0789"
          },
          {
            "trust": 1.0,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-093-01"
          },
          {
            "trust": 1.0,
            "url": "http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cybersecurity.page"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0789"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/66643"
          },
          {
            "trust": 0.3,
            "url": "http://chemical-facility-security-news.blogspot.com/2014/04/yet-another-schneider-advisory-from-ics.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
          },
          {
            "trust": 0.3,
            "url": "http://www2.schneider-electric.com/corporate/en/support/cybersecurity/viewer-news.page?c_filepath=/templatedata/content/news/data/en/local/cybersecurity/general_information/2014/03/20140325_vulnerabil"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-02181"
          },
          {
            "db": "VULHUB",
            "id": "VHN-68282"
          },
          {
            "db": "BID",
            "id": "66643"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-058"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001905"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0789"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "1ab16a62-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-02181"
          },
          {
            "db": "VULHUB",
            "id": "VHN-68282"
          },
          {
            "db": "BID",
            "id": "66643"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-058"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001905"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0789"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-04-10T00:00:00",
            "db": "IVD",
            "id": "1ab16a62-2352-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2014-04-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-02181"
          },
          {
            "date": "2014-04-04T00:00:00",
            "db": "VULHUB",
            "id": "VHN-68282"
          },
          {
            "date": "2014-03-25T00:00:00",
            "db": "BID",
            "id": "66643"
          },
          {
            "date": "2014-04-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201404-058"
          },
          {
            "date": "2014-04-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-001905"
          },
          {
            "date": "2014-04-04T15:09:45.917000",
            "db": "NVD",
            "id": "CVE-2014-0789"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-04-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-02181"
          },
          {
            "date": "2014-04-04T00:00:00",
            "db": "VULHUB",
            "id": "VHN-68282"
          },
          {
            "date": "2014-03-25T00:00:00",
            "db": "BID",
            "id": "66643"
          },
          {
            "date": "2014-04-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201404-058"
          },
          {
            "date": "2014-04-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-001905"
          },
          {
            "date": "2025-09-25T18:15:36.177000",
            "db": "NVD",
            "id": "CVE-2014-0789"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-058"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Schneider Electric OPC Factory Server Product buffer overflow vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001905"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer overflow",
        "sources": [
          {
            "db": "IVD",
            "id": "1ab16a62-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-058"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201402-0350

    Vulnerability from variot - Updated: 2025-09-25 23:24

    Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Schneider Electric OFS Client. User interaction is required to exploit this vulnerability in that the target must load a malicious file.The specific flaw exists within the parsing of the configuration file. A crafted configuration file will result in an exploitable stack buffer overflow. An attacker can use this to execute arbitrary code in the context of the OFS Client. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. The SESU tool used by several of these products is used to update software on Windows PC systems. Failed exploit attempts will result in a denial-of-service condition. Schneider Electric OPC Factory Server (OFS) is a set of data communication editing software of French Schneider Electric (Schneider Electric). The software supports important information access, open page design, transparent architecture and interoperability, etc., enabling users to obtain good process and communication effects. The following versions are affected: Schneider Electric OFS TLXCDSUOFS33 - version 3.35, TLXCDSTOFS33 - version 3.35, TLXCDLUOFS33 - version 3.35, TLXCDLTOFS33 - version 3.35, TLXCDLFOFS33 - version 3.35

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "opc factory server",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "schneider electric",
            "version": "3.35"
          },
          {
            "_id": null,
            "model": "ofs test client tlxcdsuofs33",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "schneider electric",
            "version": "3.35"
          },
          {
            "_id": null,
            "model": "ofs test client tlxcdstofs33",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "schneider electric",
            "version": "3.35"
          },
          {
            "_id": null,
            "model": "ofs test client tlxcdlfofs33",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "schneider electric",
            "version": "3.35"
          },
          {
            "_id": null,
            "model": "ofs test client tlxcdltofs33",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "schneider electric",
            "version": "3.35"
          },
          {
            "_id": null,
            "model": "ofs test client tlxcdluofs33",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "schneider electric",
            "version": "3.35"
          },
          {
            "_id": null,
            "model": "tlxcdlfofs33",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "3.35"
          },
          {
            "_id": null,
            "model": "tlxcdltofs33",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "3.35"
          },
          {
            "_id": null,
            "model": "tlxcdluofs33",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "3.35"
          },
          {
            "_id": null,
            "model": "tlxcdstofs33",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "3.35"
          },
          {
            "_id": null,
            "model": "tlxcdsuofs33",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "3.35"
          },
          {
            "_id": null,
            "model": "opc factory server",
            "scope": null,
            "trust": 0.7,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "_id": null,
            "model": "electric opc factory server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider",
            "version": "3.35"
          },
          {
            "_id": null,
            "model": "electric ofs test client tlxcdlfofs33",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider",
            "version": "3.35"
          },
          {
            "_id": null,
            "model": "electric ofs test client tlxcdltofs33",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider",
            "version": "3.35"
          },
          {
            "_id": null,
            "model": "electric ofs test client tlxcdluofs33",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider",
            "version": "3.35"
          },
          {
            "_id": null,
            "model": "electric ofs test client tlxcdstofs33",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider",
            "version": "3.35"
          },
          {
            "_id": null,
            "model": "electric ofs test client tlxcdsuofs33",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider",
            "version": "3.35"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ofs test client tlxcdlfofs33",
            "version": "3.35"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ofs test client tlxcdltofs33",
            "version": "3.35"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ofs test client tlxcdluofs33",
            "version": "3.35"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ofs test client tlxcdstofs33",
            "version": "3.35"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ofs test client tlxcdsuofs33",
            "version": "3.35"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "opc factory server",
            "version": "3.35"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "301bda5e-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "ZDI",
            "id": "ZDI-14-054"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01433"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-480"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001524"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0774"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:schneider_electric:opc_factory_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:schneider_electric:ofs_test_client_tlxcdlfofs33",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:schneider_electric:ofs_test_client_tlxcdltofs33",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:schneider_electric:ofs_test_client_tlxcdluofs33",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:schneider_electric:ofs_test_client_tlxcdstofs33",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:schneider_electric:ofs_test_client_tlxcdsuofs33",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001524"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "0x7A240E67",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-14-054"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2014-0774",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.9,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.4,
                "id": "CVE-2014-0774",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "SINGLE",
                "author": "ics-cert@hq.dhs.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.1,
                "id": "CVE-2014-0774",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "MEDIUM",
                "trust": 1.7,
                "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.9,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.4,
                "id": "CNVD-2014-01433",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.9,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.4,
                "id": "301bda5e-2352-11e6-abef-000c29c66e3d",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.9,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.4,
                "id": "VHN-68267",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2014-0774",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-0774",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2014-0774",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "ZDI",
                "id": "CVE-2014-0774",
                "trust": 0.7,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2014-01433",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201402-480",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "301bda5e-2352-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-68267",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "301bda5e-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "ZDI",
            "id": "ZDI-14-054"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01433"
          },
          {
            "db": "VULHUB",
            "id": "VHN-68267"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-480"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001524"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0774"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0774"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Schneider Electric OFS Client. User interaction is required to exploit this vulnerability in that the target must load a malicious file.The specific flaw exists within the parsing of the configuration file. A crafted configuration file will result in an exploitable stack buffer overflow. An attacker can use this to execute arbitrary code in the context of the OFS Client. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. The SESU tool used by several of these products is used to update software on Windows PC systems. Failed exploit attempts will result in a denial-of-service condition. Schneider Electric OPC Factory Server (OFS) is a set of data communication editing software of French Schneider Electric (Schneider Electric). The software supports important information access, open page design, transparent architecture and interoperability, etc., enabling users to obtain good process and communication effects. The following versions are affected: Schneider Electric OFS TLXCDSUOFS33 - version 3.35, TLXCDSTOFS33 - version 3.35, TLXCDLUOFS33 - version 3.35, TLXCDLTOFS33 - version 3.35, TLXCDLFOFS33 - version 3.35",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-0774"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001524"
          },
          {
            "db": "ZDI",
            "id": "ZDI-14-054"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01433"
          },
          {
            "db": "BID",
            "id": "65871"
          },
          {
            "db": "IVD",
            "id": "301bda5e-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "VULHUB",
            "id": "VHN-68267"
          }
        ],
        "trust": 3.33
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-0774",
            "trust": 4.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-14-058-02",
            "trust": 2.5
          },
          {
            "db": "BID",
            "id": "65871",
            "trust": 1.4
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-480",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01433",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001524",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-1881",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-14-054",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "301BDA5E-2352-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-68267",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "301bda5e-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "ZDI",
            "id": "ZDI-14-054"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01433"
          },
          {
            "db": "VULHUB",
            "id": "VHN-68267"
          },
          {
            "db": "BID",
            "id": "65871"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-480"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001524"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0774"
          }
        ]
      },
      "id": "VAR-201402-0350",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "301bda5e-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01433"
          },
          {
            "db": "VULHUB",
            "id": "VHN-68267"
          }
        ],
        "trust": 1.7333333333333334
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "301bda5e-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01433"
          }
        ]
      },
      "last_update_date": "2025-09-25T23:24:13.357000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "SEVD 2014-031-01",
            "trust": 0.8,
            "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01"
          },
          {
            "title": "Schneider Electric has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-058-02"
          },
          {
            "title": "Patch for Schneider Electric OPC Factory Server Privilege Escalation Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/44015"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-14-054"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01433"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001524"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-68267"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001524"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0774"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 3.2,
            "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-058-02"
          },
          {
            "trust": 2.7,
            "url": "https://download.schneider-electric.com/files?p_doc_ref=sevd%202014-031-01"
          },
          {
            "trust": 1.4,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0774"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/bid/65871"
          },
          {
            "trust": 1.0,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-058-02"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0774"
          },
          {
            "trust": 0.3,
            "url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-14-054"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01433"
          },
          {
            "db": "VULHUB",
            "id": "VHN-68267"
          },
          {
            "db": "BID",
            "id": "65871"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-480"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001524"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0774"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "IVD",
            "id": "301bda5e-2352-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-14-054",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01433",
            "ident": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-68267",
            "ident": null
          },
          {
            "db": "BID",
            "id": "65871",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-480",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001524",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0774",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2014-03-05T00:00:00",
            "db": "IVD",
            "id": "301bda5e-2352-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "date": "2014-04-03T00:00:00",
            "db": "ZDI",
            "id": "ZDI-14-054",
            "ident": null
          },
          {
            "date": "2014-03-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-01433",
            "ident": null
          },
          {
            "date": "2014-02-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-68267",
            "ident": null
          },
          {
            "date": "2014-02-27T00:00:00",
            "db": "BID",
            "id": "65871",
            "ident": null
          },
          {
            "date": "2014-02-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201402-480",
            "ident": null
          },
          {
            "date": "2014-03-03T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-001524",
            "ident": null
          },
          {
            "date": "2014-02-28T06:18:54.277000",
            "db": "NVD",
            "id": "CVE-2014-0774",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2014-04-03T00:00:00",
            "db": "ZDI",
            "id": "ZDI-14-054",
            "ident": null
          },
          {
            "date": "2014-03-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-01433",
            "ident": null
          },
          {
            "date": "2015-10-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-68267",
            "ident": null
          },
          {
            "date": "2014-08-01T00:02:00",
            "db": "BID",
            "id": "65871",
            "ident": null
          },
          {
            "date": "2014-03-03T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201402-480",
            "ident": null
          },
          {
            "date": "2014-03-03T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-001524",
            "ident": null
          },
          {
            "date": "2025-09-24T22:15:34.533000",
            "db": "NVD",
            "id": "CVE-2014-0774",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "local",
        "sources": [
          {
            "db": "BID",
            "id": "65871"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-480"
          }
        ],
        "trust": 0.9
      },
      "title": {
        "_id": null,
        "data": "Schneider Electric OPC Factory Server of  C++ Sample client stack-based buffer overflow vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001524"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "Buffer overflow",
        "sources": [
          {
            "db": "IVD",
            "id": "301bda5e-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-480"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201403-0444

    Vulnerability from variot - Updated: 2025-09-25 23:18

    The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider-Electric ClearSCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of OPF files. The issue lies in a failure to validate a length specifier before using it as an index into an array. An attacker can leverage this vulnerability to execute code under the context of the current process. Schneider Electric ClearSCADA is an open software platform that enables remote management of critical architectures. Schneider ClearSCADA has security holes in the implementation of parsing project files. To exploit this vulnerability you need to install the \"PLC Driver\". Schneider Electric ClearSCADA is prone to a remote code-execution vulnerability. Failed exploit attempts may result in a denial-of-service condition. 1a build 73.4903, 2013 R1.2 build 73.4955, 2013 R2 build 74.5094

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201403-0444",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "clearscada",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "aveva",
            "version": "2013"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 1.0,
            "vendor": "clearscada",
            "version": "2013"
          },
          {
            "model": "clearscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "aveva",
            "version": "2010"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.8,
            "vendor": "clearscada",
            "version": "2010"
          },
          {
            "model": "clearscada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "2010 r2 (build 71.4165)"
          },
          {
            "model": "clearscada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "2010 r2.1 (build 71.4325)"
          },
          {
            "model": "clearscada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "2010 r3 (build 72.4560)"
          },
          {
            "model": "clearscada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "2010 r3.1 (build 72.4644)"
          },
          {
            "model": "scada expert clearscada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "2013 r1 (build 73.4729)"
          },
          {
            "model": "scada expert clearscada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "2013 r1.1 (build 73.4832)"
          },
          {
            "model": "scada expert clearscada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "2013 r1.1a (build 73.4903)"
          },
          {
            "model": "scada expert clearscada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "2013 r1.2 (build 73.4955)"
          },
          {
            "model": "scada expert clearscada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "2013 r2 (build 74.5094)"
          },
          {
            "model": "clearscada",
            "scope": null,
            "trust": 0.7,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "electric clearscada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider",
            "version": "2013"
          },
          {
            "model": "electric clearscada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider",
            "version": "2010"
          },
          {
            "model": "clearscada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider electric",
            "version": "2010"
          },
          {
            "model": "scada expert clearscada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider electric",
            "version": "2013"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "285fdc02-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "ZDI",
            "id": "ZDI-14-059"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01024"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201403-250"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001653"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0779"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:schneider_electric:clearscada",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:schneider_electric:scada_expert_clearscada",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001653"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Andrew Brooks",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-14-059"
          },
          {
            "db": "BID",
            "id": "65476"
          }
        ],
        "trust": 1.0
      },
      "cve": "CVE-2014-0779",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ics-cert@hq.dhs.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2014-0779",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 3.5,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2014-01024",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "285fdc02-2352-11e6-abef-000c29c66e3d",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-68272",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2014-0779",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-0779",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2014-0779",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "ZDI",
                "id": "CVE-2014-0779",
                "trust": 0.7,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2014-01024",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201403-250",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "285fdc02-2352-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-68272",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "285fdc02-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "ZDI",
            "id": "ZDI-14-059"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01024"
          },
          {
            "db": "VULHUB",
            "id": "VHN-68272"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201403-250"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001653"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0779"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0779"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider-Electric ClearSCADA.  User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of OPF files.  The issue lies in a failure to validate a length specifier before using it as an index into an array.  An attacker can leverage this vulnerability to execute code under the context of the current process. Schneider Electric ClearSCADA is an open software platform that enables remote management of critical architectures. Schneider ClearSCADA has security holes in the implementation of parsing project files. To exploit this vulnerability you need to install the \\\"PLC Driver\\\". Schneider Electric ClearSCADA is prone to a remote code-execution vulnerability. Failed exploit attempts may result in a denial-of-service condition. 1a build 73.4903, 2013 R1.2 build 73.4955, 2013 R2 build 74.5094",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-0779"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001653"
          },
          {
            "db": "ZDI",
            "id": "ZDI-14-059"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01024"
          },
          {
            "db": "BID",
            "id": "65476"
          },
          {
            "db": "IVD",
            "id": "285fdc02-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "VULHUB",
            "id": "VHN-68272"
          }
        ],
        "trust": 3.33
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-0779",
            "trust": 4.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-14-072-01",
            "trust": 2.5
          },
          {
            "db": "BID",
            "id": "65476",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201403-250",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01024",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001653",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-1876",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-14-059",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "285FDC02-2352-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-68272",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "285fdc02-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "ZDI",
            "id": "ZDI-14-059"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01024"
          },
          {
            "db": "VULHUB",
            "id": "VHN-68272"
          },
          {
            "db": "BID",
            "id": "65476"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201403-250"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001653"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0779"
          }
        ]
      },
      "id": "VAR-201403-0444",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "285fdc02-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01024"
          },
          {
            "db": "VULHUB",
            "id": "VHN-68272"
          }
        ],
        "trust": 1.9
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "285fdc02-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01024"
          }
        ]
      },
      "last_update_date": "2025-09-25T23:18:43.147000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "SEVD 2014-024-01",
            "trust": 0.8,
            "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01"
          },
          {
            "title": "Schneider Electric has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-072-01"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-14-059"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001653"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-68272"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001653"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0779"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.2,
            "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-072-01"
          },
          {
            "trust": 1.7,
            "url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-024-01"
          },
          {
            "trust": 1.0,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-072-01"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0779"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0779"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/65476"
          },
          {
            "trust": 0.3,
            "url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-14-059"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01024"
          },
          {
            "db": "VULHUB",
            "id": "VHN-68272"
          },
          {
            "db": "BID",
            "id": "65476"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201403-250"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001653"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0779"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "285fdc02-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "ZDI",
            "id": "ZDI-14-059"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01024"
          },
          {
            "db": "VULHUB",
            "id": "VHN-68272"
          },
          {
            "db": "BID",
            "id": "65476"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201403-250"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001653"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0779"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-02-18T00:00:00",
            "db": "IVD",
            "id": "285fdc02-2352-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2014-04-03T00:00:00",
            "db": "ZDI",
            "id": "ZDI-14-059"
          },
          {
            "date": "2014-02-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-01024"
          },
          {
            "date": "2014-03-14T00:00:00",
            "db": "VULHUB",
            "id": "VHN-68272"
          },
          {
            "date": "2014-01-24T00:00:00",
            "db": "BID",
            "id": "65476"
          },
          {
            "date": "2014-03-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201403-250"
          },
          {
            "date": "2014-03-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-001653"
          },
          {
            "date": "2014-03-14T10:55:05.803000",
            "db": "NVD",
            "id": "CVE-2014-0779"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-04-03T00:00:00",
            "db": "ZDI",
            "id": "ZDI-14-059"
          },
          {
            "date": "2014-02-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-01024"
          },
          {
            "date": "2018-12-31T00:00:00",
            "db": "VULHUB",
            "id": "VHN-68272"
          },
          {
            "date": "2015-03-19T09:33:00",
            "db": "BID",
            "id": "65476"
          },
          {
            "date": "2014-03-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201403-250"
          },
          {
            "date": "2014-03-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-001653"
          },
          {
            "date": "2025-09-24T22:15:35.147000",
            "db": "NVD",
            "id": "CVE-2014-0779"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201403-250"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Schneider Electric StruxureWare SCADA Expert ClearSCADA of  Kepware KepServerEX 4 Component  ServerMain.exe Inside  PLC Service disruption in drivers  (DoS) Vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001653"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer overflow",
        "sources": [
          {
            "db": "IVD",
            "id": "285fdc02-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201403-250"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201402-0349

    Vulnerability from variot - Updated: 2025-09-20 23:07

    Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character. Supplementary information : CWE Vulnerability type by CWE-428: Unquoted Search Path or Element ( Unquoted search path or element ) Has been identified. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. The SESU tool used by several of these products is used to update software on Windows PC systems. Attackers can leverage this issue to gain escalated privileges

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201402-0349",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "floating license manager",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "schneider electric",
            "version": "1.0.0"
          },
          {
            "model": "floating license manager",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "schneider electric",
            "version": "1.4.0"
          },
          {
            "model": "floating license manager",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "1.0.0 to  1.4.0"
          },
          {
            "model": "electric floating license manager",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider",
            "version": "1.0.0-1.4.0"
          },
          {
            "model": "floating license manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "1.4"
          },
          {
            "model": "floating license manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "1.3"
          },
          {
            "model": "floating license manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "1.2"
          },
          {
            "model": "floating license manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "1.1"
          },
          {
            "model": "floating license manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "1.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "floating license manager",
            "version": "1.0.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "floating license manager",
            "version": "1.4.0"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "302331f0-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01407"
          },
          {
            "db": "BID",
            "id": "65873"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-479"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001523"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0759"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:schneider_electric:floating_license_manager",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001523"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Unknown",
        "sources": [
          {
            "db": "BID",
            "id": "65873"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2014-0759",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "ics-cert@hq.dhs.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.9,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.4,
                "id": "CVE-2014-0759",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "MEDIUM",
                "trust": 2.9,
                "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.9,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.4,
                "id": "CNVD-2014-01407",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.9,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.4,
                "id": "302331f0-2352-11e6-abef-000c29c66e3d",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.9,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.4,
                "id": "VHN-68252",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2014-0759",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-0759",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2014-0759",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2014-01407",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201402-479",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "302331f0-2352-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-68252",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2014-0759",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "302331f0-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01407"
          },
          {
            "db": "VULHUB",
            "id": "VHN-68252"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-0759"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-479"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001523"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0759"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0759"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character. Supplementary information : CWE Vulnerability type by CWE-428: Unquoted Search Path or Element ( Unquoted search path or element ) Has been identified. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. The SESU tool used by several of these products is used to update software on Windows PC systems. \nAttackers can leverage this issue to gain escalated privileges",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-0759"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001523"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01407"
          },
          {
            "db": "BID",
            "id": "65873"
          },
          {
            "db": "IVD",
            "id": "302331f0-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "VULHUB",
            "id": "VHN-68252"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-0759"
          }
        ],
        "trust": 2.79
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-0759",
            "trust": 3.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-14-058-01",
            "trust": 3.5
          },
          {
            "db": "BID",
            "id": "65873",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-479",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01407",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001523",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "302331F0-2352-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-68252",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-0759",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "302331f0-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01407"
          },
          {
            "db": "VULHUB",
            "id": "VHN-68252"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-0759"
          },
          {
            "db": "BID",
            "id": "65873"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-479"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001523"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0759"
          }
        ]
      },
      "id": "VAR-201402-0349",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "302331f0-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01407"
          },
          {
            "db": "VULHUB",
            "id": "VHN-68252"
          }
        ],
        "trust": 1.4916666699999999
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "302331f0-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01407"
          }
        ]
      },
      "last_update_date": "2025-09-20T23:07:13.028000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "SEVD-2014-015-01",
            "trust": 0.8,
            "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-015-01"
          },
          {
            "title": "Patch for Schneider Electric Floating License Manager Privilege Escalation Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/44006"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Ontothecloud/cwe-428 "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Ontothecloud/CWE-428 "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01407"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-0759"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001523"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-428",
            "trust": 1.0
          },
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-Other",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001523"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0759"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.6,
            "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-058-01"
          },
          {
            "trust": 1.8,
            "url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-015-01"
          },
          {
            "trust": 1.0,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-058-01"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0759"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0759"
          },
          {
            "trust": 0.3,
            "url": "www.controlmicrosystems.com"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/.html"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/ontothecloud/cwe-428"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01407"
          },
          {
            "db": "VULHUB",
            "id": "VHN-68252"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-0759"
          },
          {
            "db": "BID",
            "id": "65873"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-479"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001523"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0759"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "302331f0-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01407"
          },
          {
            "db": "VULHUB",
            "id": "VHN-68252"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-0759"
          },
          {
            "db": "BID",
            "id": "65873"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-479"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001523"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0759"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-03-04T00:00:00",
            "db": "IVD",
            "id": "302331f0-2352-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2014-03-04T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-01407"
          },
          {
            "date": "2014-02-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-68252"
          },
          {
            "date": "2014-02-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2014-0759"
          },
          {
            "date": "2014-02-27T00:00:00",
            "db": "BID",
            "id": "65873"
          },
          {
            "date": "2014-02-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201402-479"
          },
          {
            "date": "2014-03-03T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-001523"
          },
          {
            "date": "2014-02-28T06:18:54.260000",
            "db": "NVD",
            "id": "CVE-2014-0759"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-03-04T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-01407"
          },
          {
            "date": "2014-02-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-68252"
          },
          {
            "date": "2014-02-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2014-0759"
          },
          {
            "date": "2014-02-27T00:00:00",
            "db": "BID",
            "id": "65873"
          },
          {
            "date": "2014-03-03T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201402-479"
          },
          {
            "date": "2014-03-03T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-001523"
          },
          {
            "date": "2025-09-19T19:15:36.973000",
            "db": "NVD",
            "id": "CVE-2014-0759"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "BID",
            "id": "65873"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-479"
          }
        ],
        "trust": 0.9
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Schneider Electric Floating License Manager Privilege Escalation Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01407"
          },
          {
            "db": "BID",
            "id": "65873"
          }
        ],
        "trust": 0.9
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "IVD",
            "id": "302331f0-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-479"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202406-0502

    Vulnerability from variot - Updated: 2025-09-19 23:13

    CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behavior of the webserver when specific files or directories are removed from the filesystem. Schneider Electric of Modicon M340 firmware, BMXNOE0100 firmware, BMXNOE0110 Firmware contains vulnerabilities related to externally accessible files or directories.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Schneider Electric Modicon M340 is a medium-range PLC (programmable logic controller) for industrial processes and infrastructure from Schneider Electric, a French company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202406-0502",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "bmxnoe0110",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": "*"
          },
          {
            "model": "bmxnoe0100",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": "*"
          },
          {
            "model": "modicon m340",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": "*"
          },
          {
            "model": "bmxnoe0100",
            "scope": null,
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "bmxnoe0110",
            "scope": null,
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "modicon m340",
            "scope": null,
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "electric modicon m340",
            "scope": null,
            "trust": 0.6,
            "vendor": "schneider",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-29560"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-006466"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-5056"
          }
        ]
      },
      "cve": "CVE-2024-5056",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.4,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2024-29560",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2024-5056",
                "impactScore": 2.5,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "Low",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2024-5056",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2024-5056",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "cybersecurity@se.com",
                "id": "CVE-2024-5056",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2024-5056",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2024-29560",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-29560"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-006466"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-5056"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-5056"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may\nprevent user to update the device firmware and prevent proper behavior of the webserver when\nspecific files or directories are removed from the filesystem. Schneider Electric of Modicon M340 firmware, BMXNOE0100 firmware, BMXNOE0110 Firmware contains vulnerabilities related to externally accessible files or directories.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Schneider Electric Modicon M340 is a medium-range PLC (programmable logic controller) for industrial processes and infrastructure from Schneider Electric, a French company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-5056"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-006466"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-29560"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-5056",
            "trust": 3.2
          },
          {
            "db": "SCHNEIDER",
            "id": "SEVD-2024-163-01",
            "trust": 2.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-25-254-09",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU90637001",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-006466",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-29560",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-29560"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-006466"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-5056"
          }
        ]
      },
      "id": "VAR-202406-0502",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-29560"
          }
        ],
        "trust": 1.5935065
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-29560"
          }
        ]
      },
      "last_update_date": "2025-09-19T23:13:14.015000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for Schneider Electric Modicon M340 Denial of Service Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/563691"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-29560"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-552",
            "trust": 1.0
          },
          {
            "problemtype": "Externally accessible file or directory (CWE-552) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-006466"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-5056"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2024-163-01\u0026p_endoctype=security+and+safety+notice\u0026p_file_name=sevd-2024-163-01.pdf"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu90637001/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-5056"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-254-09"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-29560"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-006466"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-5056"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-29560"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-006466"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-5056"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-06-28T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-29560"
          },
          {
            "date": "2024-08-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-006466"
          },
          {
            "date": "2024-06-12T12:15:10.233000",
            "db": "NVD",
            "id": "CVE-2024-5056"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-06-28T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-29560"
          },
          {
            "date": "2025-09-16T05:16:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-006466"
          },
          {
            "date": "2024-08-23T16:04:14.643000",
            "db": "NVD",
            "id": "CVE-2024-5056"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural \u00a0Schneider\u00a0Electric\u00a0 Vulnerabilities related to externally accessible files or directories in the product",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-006466"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201502-0244

    Vulnerability from variot - Updated: 2025-09-07 23:20

    Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library 1.0.0 and earlier, EM X80 Gateway DTM (MB TCP/SL), Advantys DTM for OTB, Advantys DTM for STB, KINOS DTM, SOLO DTM, and Xantrex DTMs allows remote attackers to execute arbitrary code via unspecified vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric SoMove Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the IsObjectModel.ModelObject.1 ActiveX control in isObjectModel.dll. The control does not check the length of an attacker-supplied string in the RemoveParameter method before copying it into a fixed length buffer on the stack. This allows an attacker to execute arbitrary code in the context of the browser process. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Failed exploit attempts will result in a denial-of-service condition. Schneider Electric Unity Pro, etc. are all products of French Schneider Electric (Schneider Electric). Schneider Electric Unity Pro is a set of development software for testing, debugging and managing applications; SoMachine is a set of original equipment manufacturer (OEM) automation platform integrated with Vijeo-Designer (human machine interface HMI development software); SoMove is a Installation software for motor control equipment

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201502-0244",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "somachine",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "somove lite",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "unity pro",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "somove",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "somove lite",
            "scope": null,
            "trust": 1.5,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "somachine",
            "scope": null,
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "somove",
            "scope": null,
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "unity pro",
            "scope": null,
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "electric unity pro",
            "scope": null,
            "trust": 0.6,
            "vendor": "schneider",
            "version": null
          },
          {
            "model": "electric somachine",
            "scope": null,
            "trust": 0.6,
            "vendor": "schneider",
            "version": null
          },
          {
            "model": "electric somove lite",
            "scope": null,
            "trust": 0.6,
            "vendor": "schneider",
            "version": null
          },
          {
            "model": "electric somove",
            "scope": null,
            "trust": 0.6,
            "vendor": "schneider",
            "version": null
          },
          {
            "model": "electric modbus communication library",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "schneider",
            "version": "\u003c=2.2.6"
          },
          {
            "model": "electric canopen communication library",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "schneider",
            "version": "\u003c=1.0.2"
          },
          {
            "model": "electric ethernet/ip communication librar",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "schneider",
            "version": "\u003c=1.0.0"
          },
          {
            "model": "electric xantrex dtms",
            "scope": null,
            "trust": 0.6,
            "vendor": "schneider",
            "version": null
          },
          {
            "model": "electric solo dtm",
            "scope": null,
            "trust": 0.6,
            "vendor": "schneider",
            "version": null
          },
          {
            "model": "electric advantys dtms",
            "scope": null,
            "trust": 0.6,
            "vendor": "schneider",
            "version": null
          },
          {
            "model": "electric em gateway dtm",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider",
            "version": "x80"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "somachine",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "somove",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "somove lite",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "unity pro",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "a52677d8-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "ZDI",
            "id": "ZDI-15-040"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00775"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201502-005"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007827"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9200"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:schneider_electric:somachine",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:schneider_electric:somove",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:schneider_electric:somove_lite",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:schneider_electric:unity_pro",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007827"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ariele Caltabiano (kimiya)",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-15-040"
          },
          {
            "db": "BID",
            "id": "72335"
          }
        ],
        "trust": 1.0
      },
      "cve": "CVE-2014-9200",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ics-cert@hq.dhs.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2014-9200",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 3.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2015-00775",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "a52677d8-2351-11e6-abef-000c29c66e3d",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-77145",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2014-9200",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-9200",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2014-9200",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2014-9200",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-00775",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201502-005",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "a52677d8-2351-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-77145",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "a52677d8-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "ZDI",
            "id": "ZDI-15-040"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00775"
          },
          {
            "db": "VULHUB",
            "id": "VHN-77145"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201502-005"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007827"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9200"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9200"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library 1.0.0 and earlier, EM X80 Gateway DTM (MB TCP/SL), Advantys DTM for OTB, Advantys DTM for STB, KINOS DTM, SOLO DTM, and Xantrex DTMs allows remote attackers to execute arbitrary code via unspecified vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric SoMove Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the IsObjectModel.ModelObject.1 ActiveX control in isObjectModel.dll. The control does not check the length of an attacker-supplied string in the RemoveParameter method before copying it into a fixed length buffer on the stack. This allows an attacker to execute arbitrary code in the context of the browser process. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Failed exploit attempts will result in a denial-of-service condition. Schneider Electric Unity Pro, etc. are all products of French Schneider Electric (Schneider Electric). Schneider Electric Unity Pro is a set of development software for testing, debugging and managing applications; SoMachine is a set of original equipment manufacturer (OEM) automation platform integrated with Vijeo-Designer (human machine interface HMI development software); SoMove is a Installation software for motor control equipment",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-9200"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007827"
          },
          {
            "db": "ZDI",
            "id": "ZDI-15-040"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00775"
          },
          {
            "db": "BID",
            "id": "72335"
          },
          {
            "db": "IVD",
            "id": "a52677d8-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "VULHUB",
            "id": "VHN-77145"
          }
        ],
        "trust": 3.33
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-9200",
            "trust": 4.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-15-027-02",
            "trust": 3.1
          },
          {
            "db": "BID",
            "id": "72335",
            "trust": 2.0
          },
          {
            "db": "SCHNEIDER",
            "id": "SEVD-2015-009-01",
            "trust": 1.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201502-005",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00775",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007827",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-2478",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-15-040",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "A52677D8-2351-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-77145",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "a52677d8-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "ZDI",
            "id": "ZDI-15-040"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00775"
          },
          {
            "db": "VULHUB",
            "id": "VHN-77145"
          },
          {
            "db": "BID",
            "id": "72335"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201502-005"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007827"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9200"
          }
        ]
      },
      "id": "VAR-201502-0244",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "a52677d8-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00775"
          },
          {
            "db": "VULHUB",
            "id": "VHN-77145"
          }
        ],
        "trust": 1.84333333
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "a52677d8-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00775"
          }
        ]
      },
      "last_update_date": "2025-09-07T23:20:15.580000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "SEVD-2015-009-01",
            "trust": 0.8,
            "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-009-01"
          },
          {
            "title": "Schneider Electric has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-027-02"
          },
          {
            "title": "Patch for multiple Schneider Electric product stack buffer overflow vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/54843"
          },
          {
            "title": "FDT1 DLL Removal Patch",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53580"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-15-040"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00775"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201502-005"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007827"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-77145"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007827"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9200"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.8,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-15-027-02"
          },
          {
            "trust": 2.7,
            "url": "http://download.schneider-electric.com/files?p_doc_ref=sevd-2015-009-01"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/72335"
          },
          {
            "trust": 1.0,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-027-02"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9200"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9200"
          },
          {
            "trust": 0.3,
            "url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-15-040"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00775"
          },
          {
            "db": "VULHUB",
            "id": "VHN-77145"
          },
          {
            "db": "BID",
            "id": "72335"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201502-005"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007827"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9200"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "a52677d8-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "ZDI",
            "id": "ZDI-15-040"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00775"
          },
          {
            "db": "VULHUB",
            "id": "VHN-77145"
          },
          {
            "db": "BID",
            "id": "72335"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201502-005"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007827"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9200"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-02-02T00:00:00",
            "db": "IVD",
            "id": "a52677d8-2351-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2015-02-10T00:00:00",
            "db": "ZDI",
            "id": "ZDI-15-040"
          },
          {
            "date": "2015-01-30T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-00775"
          },
          {
            "date": "2015-02-01T00:00:00",
            "db": "VULHUB",
            "id": "VHN-77145"
          },
          {
            "date": "2015-01-09T00:00:00",
            "db": "BID",
            "id": "72335"
          },
          {
            "date": "2015-02-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201502-005"
          },
          {
            "date": "2015-02-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-007827"
          },
          {
            "date": "2015-02-01T15:59:06.197000",
            "db": "NVD",
            "id": "CVE-2014-9200"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-02-10T00:00:00",
            "db": "ZDI",
            "id": "ZDI-15-040"
          },
          {
            "date": "2015-02-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-00775"
          },
          {
            "date": "2016-12-31T00:00:00",
            "db": "VULHUB",
            "id": "VHN-77145"
          },
          {
            "date": "2015-07-15T00:14:00",
            "db": "BID",
            "id": "72335"
          },
          {
            "date": "2015-02-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201502-005"
          },
          {
            "date": "2015-02-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-007827"
          },
          {
            "date": "2025-09-05T22:15:33.803000",
            "db": "NVD",
            "id": "CVE-2014-9200"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201502-005"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Schneider Electric Product  DTM Unspecified development kit  DLL File stack-based buffer overflow vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007827"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer overflow",
        "sources": [
          {
            "db": "IVD",
            "id": "a52677d8-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201502-005"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201501-0403

    Vulnerability from variot - Updated: 2025-09-07 23:19

    The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session. Schneider Electric ETG3000 FactoryCast HMI Gateway is a new intelligent web gateway. This BID is being retired as a duplicate of BID 72258. This may aid in further attacks. This vulnerability stems from the lack of an effective trust management mechanism in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201501-0403",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "tsxetg3022",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "tsxetg3021",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "tsxetg3010",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "tsxetg3000",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "electric etg3000 factorycast hmi gateway",
            "scope": null,
            "trust": 1.2,
            "vendor": "schneider",
            "version": null
          },
          {
            "model": "etg3000 factorycast hmi gateway",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "schneider electric",
            "version": "1.60.4"
          },
          {
            "model": "etg3000 factorycast hmi gateway",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": "1.60.4"
          },
          {
            "model": "etg3000 factorycast hmi gateway",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "1.60 ir 04"
          },
          {
            "model": "tsxetg3000",
            "scope": null,
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "tsxetg3010",
            "scope": null,
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "tsxetg3021",
            "scope": null,
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "tsxetg3022",
            "scope": null,
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "etg3000 factorycast hmi gateway tsxetg3022",
            "scope": null,
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "etg3000 factorycast hmi gateway tsxetg3021",
            "scope": null,
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "etg3000 factorycast hmi gateway tsxetg3010",
            "scope": null,
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "etg3000 factorycast hmi gateway tsxetg3000",
            "scope": null,
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "etg3000 factorycast hmi gateway ir",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "1.6004"
          },
          {
            "model": "factorycast hmi gateway",
            "scope": "eq",
            "trust": 0.2,
            "vendor": "etg3000",
            "version": "3.12"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "tsxetg3021",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "tsxetg3000",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "etg3000 factorycast hmi gateway",
            "version": "1.60.4"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "tsxetg3022",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "tsxetg3010",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "1d9bbecc-1e97-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "a629a808-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00498"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00647"
          },
          {
            "db": "BID",
            "id": "77765"
          },
          {
            "db": "BID",
            "id": "72258"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201501-634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007804"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9198"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:schneider_electric:etg3000_factorycast_hmi_gateway_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:schneider_electric:tsxetg3000",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:schneider_electric:tsxetg3010",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:schneider_electric:tsxetg3021",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:schneider_electric:tsxetg3022",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007804"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Unknown,Narendra Shinde of Qualys Security",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201501-613"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2014-9198",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ics-cert@hq.dhs.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2014-9198",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 2.8,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2015-00498",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2015-00647",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "1d9bbecc-1e97-11e6-abef-000c29c66e3d",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "a629a808-2351-11e6-abef-000c29c66e3d",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-77143",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2014-9198",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-9198",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2014-9198",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-00498",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-00647",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201501-613",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201501-634",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "1d9bbecc-1e97-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "a629a808-2351-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-77143",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "1d9bbecc-1e97-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "a629a808-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00498"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00647"
          },
          {
            "db": "VULHUB",
            "id": "VHN-77143"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201501-613"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201501-634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007804"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9198"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9198"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session. Schneider Electric ETG3000 FactoryCast HMI Gateway is a new intelligent web gateway.  This BID is being retired as a duplicate of BID 72258. This may  aid in further  attacks. This vulnerability stems from the lack of an effective trust management mechanism in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-9198"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007804"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00498"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00647"
          },
          {
            "db": "BID",
            "id": "77765"
          },
          {
            "db": "BID",
            "id": "72258"
          },
          {
            "db": "IVD",
            "id": "1d9bbecc-1e97-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "a629a808-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "VULHUB",
            "id": "VHN-77143"
          }
        ],
        "trust": 3.69
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-9198",
            "trust": 4.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-15-020-02",
            "trust": 4.3
          },
          {
            "db": "BID",
            "id": "72258",
            "trust": 2.6
          },
          {
            "db": "BID",
            "id": "77765",
            "trust": 2.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201501-613",
            "trust": 1.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00647",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00498",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007804",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201501-634",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "1D9BBECC-1E97-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "A629A808-2351-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-77143",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "1d9bbecc-1e97-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "a629a808-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00498"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00647"
          },
          {
            "db": "VULHUB",
            "id": "VHN-77143"
          },
          {
            "db": "BID",
            "id": "77765"
          },
          {
            "db": "BID",
            "id": "72258"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201501-613"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201501-634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007804"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9198"
          }
        ]
      },
      "id": "VAR-201501-0403",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "1d9bbecc-1e97-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "a629a808-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00498"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00647"
          },
          {
            "db": "VULHUB",
            "id": "VHN-77143"
          }
        ],
        "trust": 2.5181818
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 1.2
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.4
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "1d9bbecc-1e97-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "a629a808-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00498"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00647"
          }
        ]
      },
      "last_update_date": "2025-09-07T23:19:23.715000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "TSX ETG 30xx V1.60 IR04",
            "trust": 0.8,
            "url": "http://www.schneider-electric.com/download/WW/EN/details/681790255-TSXETG30xx-V160-IR4/?showAsIframe=true\u0026amp;reference=ETG30xxV160-IR04"
          },
          {
            "title": "Schneider Electric ETG3000 FactoryCast HMI Gateway FTP built-in password vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/54452"
          },
          {
            "title": "Schneider Electric ETG3000 FactoryCast HMI Gateway verifies patches for bypassing vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/54278"
          },
          {
            "title": "ETG30xx_V1.60.4_UpgradeFw",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53568"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-00498"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00647"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201501-634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007804"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-255",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-798",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-77143"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007804"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9198"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 4.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-15-020-02"
          },
          {
            "trust": 2.3,
            "url": "http://www.securityfocus.com/bid/72258"
          },
          {
            "trust": 2.3,
            "url": "http://www.securityfocus.com/bid/77765"
          },
          {
            "trust": 1.4,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9198"
          },
          {
            "trust": 1.0,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-020-02"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9198"
          },
          {
            "trust": 0.3,
            "url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-00498"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00647"
          },
          {
            "db": "VULHUB",
            "id": "VHN-77143"
          },
          {
            "db": "BID",
            "id": "77765"
          },
          {
            "db": "BID",
            "id": "72258"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201501-613"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201501-634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007804"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9198"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "1d9bbecc-1e97-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "a629a808-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00498"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00647"
          },
          {
            "db": "VULHUB",
            "id": "VHN-77143"
          },
          {
            "db": "BID",
            "id": "77765"
          },
          {
            "db": "BID",
            "id": "72258"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201501-613"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201501-634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007804"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9198"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-01-27T00:00:00",
            "db": "IVD",
            "id": "1d9bbecc-1e97-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2015-01-23T00:00:00",
            "db": "IVD",
            "id": "a629a808-2351-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2015-01-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-00498"
          },
          {
            "date": "2015-01-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-00647"
          },
          {
            "date": "2015-01-27T00:00:00",
            "db": "VULHUB",
            "id": "VHN-77143"
          },
          {
            "date": "2015-01-27T00:00:00",
            "db": "BID",
            "id": "77765"
          },
          {
            "date": "2015-01-21T00:00:00",
            "db": "BID",
            "id": "72258"
          },
          {
            "date": "2015-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201501-613"
          },
          {
            "date": "2015-01-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201501-634"
          },
          {
            "date": "2015-01-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-007804"
          },
          {
            "date": "2015-01-27T19:59:10.810000",
            "db": "NVD",
            "id": "CVE-2014-9198"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-01-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-00498"
          },
          {
            "date": "2015-01-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-00647"
          },
          {
            "date": "2019-04-15T00:00:00",
            "db": "VULHUB",
            "id": "VHN-77143"
          },
          {
            "date": "2019-04-12T18:00:00",
            "db": "BID",
            "id": "77765"
          },
          {
            "date": "2019-04-12T19:00:00",
            "db": "BID",
            "id": "72258"
          },
          {
            "date": "2019-04-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201501-613"
          },
          {
            "date": "2021-09-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201501-634"
          },
          {
            "date": "2015-01-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-007804"
          },
          {
            "date": "2025-09-05T22:15:33.430000",
            "db": "NVD",
            "id": "CVE-2014-9198"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "77765"
          },
          {
            "db": "BID",
            "id": "72258"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Schneider Electric ETG3000 FactoryCast HMI Gateway FTP Built-in password vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "a629a808-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00498"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201501-613"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201501-0402

    Vulnerability from variot - Updated: 2025-09-07 23:19

    The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. Schneider Electric ETG3000 FactoryCast HMI Gateway is a web-based SCADA system. The vulnerability is caused by the program not enforcing adequate access controls when storing the rde.jar file in the web root directory

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201501-0402",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "etg3000 factorycast hmi gateway",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "schneider electric",
            "version": "1.60.2"
          },
          {
            "model": "tsxetg3022",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "tsxetg3021",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "tsxetg3000",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "tsxetg3010",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "etg3000 factorycast hmi gateway",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "1.60 ir 04"
          },
          {
            "model": "tsxetg3000",
            "scope": null,
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "tsxetg3010",
            "scope": null,
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "tsxetg3021",
            "scope": null,
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "tsxetg3022",
            "scope": null,
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "electric etg3000 factorycast hmi gateway",
            "scope": null,
            "trust": 0.6,
            "vendor": "schneider",
            "version": null
          },
          {
            "model": "etg3000 factorycast hmi gateway tsxetg3022",
            "scope": null,
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "etg3000 factorycast hmi gateway tsxetg3021",
            "scope": null,
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "etg3000 factorycast hmi gateway tsxetg3010",
            "scope": null,
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "etg3000 factorycast hmi gateway tsxetg3000",
            "scope": null,
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "etg3000 factorycast hmi gateway",
            "version": "1.60.2"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "tsxetg3000",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "tsxetg3010",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "tsxetg3021",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "tsxetg3022",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "a627b6e2-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00648"
          },
          {
            "db": "BID",
            "id": "72254"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201501-616"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007803"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9197"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:schneider_electric:etg3000_factorycast_hmi_gateway_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:schneider_electric:tsxetg3000",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:schneider_electric:tsxetg3010",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:schneider_electric:tsxetg3021",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:schneider_electric:tsxetg3022",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007803"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Narendra Shinde of Qualys Security",
        "sources": [
          {
            "db": "BID",
            "id": "72254"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201501-616"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2014-9197",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2014-9197",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ics-cert@hq.dhs.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2014-9197",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2015-00648",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "a627b6e2-2351-11e6-abef-000c29c66e3d",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-77142",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2014-9197",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-9197",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2014-9197",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-00648",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201501-616",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "a627b6e2-2351-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-77142",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "a627b6e2-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00648"
          },
          {
            "db": "VULHUB",
            "id": "VHN-77142"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201501-616"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007803"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9197"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9197"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. Schneider Electric ETG3000 FactoryCast HMI Gateway is a web-based SCADA system. The vulnerability is caused by the program not enforcing adequate access controls when storing the rde.jar file in the web root directory",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-9197"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007803"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00648"
          },
          {
            "db": "BID",
            "id": "72254"
          },
          {
            "db": "IVD",
            "id": "a627b6e2-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "VULHUB",
            "id": "VHN-77142"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-9197",
            "trust": 3.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-15-020-02",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "72254",
            "trust": 1.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201501-616",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00648",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007803",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "A627B6E2-2351-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-77142",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "a627b6e2-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00648"
          },
          {
            "db": "VULHUB",
            "id": "VHN-77142"
          },
          {
            "db": "BID",
            "id": "72254"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201501-616"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007803"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9197"
          }
        ]
      },
      "id": "VAR-201501-0402",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "a627b6e2-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00648"
          },
          {
            "db": "VULHUB",
            "id": "VHN-77142"
          }
        ],
        "trust": 1.7181818
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "a627b6e2-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00648"
          }
        ]
      },
      "last_update_date": "2025-09-07T23:19:23.671000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "TSX ETG 30xx V1.60 IR04",
            "trust": 0.8,
            "url": "http://www.schneider-electric.com/download/WW/EN/details/681790255-TSXETG30xx-V160-IR4/?showAsIframe=true\u0026amp;reference=ETG30xxV160-IR04"
          },
          {
            "title": "Schneider Electric ETG3000 FactoryCast HMI Gateway Unauthorized Access Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/54277"
          },
          {
            "title": "ETG30xx_V1.60.4_UpgradeFw",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53568"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-00648"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201501-616"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007803"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-284",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-306",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-Other",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-77142"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007803"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9197"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-15-020-02"
          },
          {
            "trust": 1.2,
            "url": "http://www.securityfocus.com/bid/72254"
          },
          {
            "trust": 1.0,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-020-02"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9197"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9197"
          },
          {
            "trust": 0.3,
            "url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-00648"
          },
          {
            "db": "VULHUB",
            "id": "VHN-77142"
          },
          {
            "db": "BID",
            "id": "72254"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201501-616"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007803"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9197"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "a627b6e2-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00648"
          },
          {
            "db": "VULHUB",
            "id": "VHN-77142"
          },
          {
            "db": "BID",
            "id": "72254"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201501-616"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007803"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9197"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-01-27T00:00:00",
            "db": "IVD",
            "id": "a627b6e2-2351-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2015-01-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-00648"
          },
          {
            "date": "2015-01-27T00:00:00",
            "db": "VULHUB",
            "id": "VHN-77142"
          },
          {
            "date": "2015-01-20T00:00:00",
            "db": "BID",
            "id": "72254"
          },
          {
            "date": "2015-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201501-616"
          },
          {
            "date": "2015-01-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-007803"
          },
          {
            "date": "2015-01-27T19:59:00.040000",
            "db": "NVD",
            "id": "CVE-2014-9197"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-01-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-00648"
          },
          {
            "date": "2015-01-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-77142"
          },
          {
            "date": "2015-01-20T00:00:00",
            "db": "BID",
            "id": "72254"
          },
          {
            "date": "2015-01-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201501-616"
          },
          {
            "date": "2015-01-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-007803"
          },
          {
            "date": "2025-09-05T22:15:33.210000",
            "db": "NVD",
            "id": "CVE-2014-9197"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201501-616"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Schneider Electric ETG3000 FactoryCast HMI Gateway Unauthorized Access Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "a627b6e2-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00648"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201501-616"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201410-1134

    Vulnerability from variot - Updated: 2025-08-26 23:21

    Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request. Schneider Electric provides products and services in the areas of energy and infrastructure, industry, data centers and networks, buildings and residential. Exploiting this issue can allow an attacker to gain access to arbitrary files. Information harvested may aid in launching further attacks. Schneider Electric Modicon PLC Ethernet is an Ethernet programmable controller produced by French Schneider Electric (Schneider Electric). The following versions are affected: Schneider Electric Modicon PLC Ethernet modules 140CPU65x Version, 140NOC78x Version, 140NOE77x Version, BMXNOC0401 Version, BMXNOC0402 Version, BMXNOE0100 Version, BMXNOE0110x Version, TSXETC101 Version, TSXETC0101 Version, TSXETY4103x Version, TSXETY5103x Version, TSXP57x Version, TSXP57x Version

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201410-1134",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "tsxp574823m",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "tsxp572634m",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "tsxety5103c",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "tsxety110ws",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "171ccc96020c",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "tsxp574823mc",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "modicon m340 bmxp3420302h",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "tsxety5103",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "modicon m340 bmxp342020h",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "stbnic2212",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "171ccc98030",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "tsxetz410",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "modicon m340 bmxp342030h",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "171ccc96030c",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "tsxp574634m",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "tsxety4103",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "modicon m340 bmxnoe0110h",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "tsxety110wsc",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "tsxp573634m",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "modicon m580 bmxnoc0402",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "tsxetz510",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "stbnip2212",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "171ccc98020",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "tsxwmy100c",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "tsxetc0101",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "tsxntp100",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "modicon m340 bmxp342020",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "modicon m340 bmxnoe0110",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "modicon m340 bmxnoc0401",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "tsxwmy100",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "modicon m340 bmxnoe0100",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "tsxp574823am",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "tsxp573623mc",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "tsxetc100",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "modicon m340 bmxp342030",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "tsxety4103c",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "tsxp576634m",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "modicon m340 bmxnor0200h",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "171ccc96030",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "tsxp575634m",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "171ccc96020",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "tsxp571634m",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "modicon m340 bmxp3420302",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "modicon plc ethernet communication module",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "140cpu65x exec 5.5"
          },
          {
            "model": "modicon plc ethernet communication module",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "140noc78x exec 1.62"
          },
          {
            "model": "modicon plc ethernet communication module",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "140noe77x exec 6.2"
          },
          {
            "model": "modicon plc ethernet communication module",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "bmxnoc0401 2.05"
          },
          {
            "model": "modicon plc ethernet communication module",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "bmxnoe0100 2.9"
          },
          {
            "model": "modicon plc ethernet communication module",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "bmxnoe0110x exec 6.0"
          },
          {
            "model": "modicon plc ethernet communication module",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "tsxetc101 exec 2.04"
          },
          {
            "model": "modicon plc ethernet communication module",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "tsxety4103x exec 5.7"
          },
          {
            "model": "modicon plc ethernet communication module",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "tsxety5103x exec 5.9"
          },
          {
            "model": "modicon plc ethernet communication module",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "tsxp57x ethernet copro exec 5.5"
          },
          {
            "model": "modicon plc ethernet communication module",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "tsxp57x etyport exec 5.7"
          },
          {
            "model": "electric modicon plc ethernet module",
            "scope": null,
            "trust": 0.6,
            "vendor": "schneider",
            "version": null
          },
          {
            "model": "modicon plc ethernet module",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider electric",
            "version": "bmxp3420302h"
          },
          {
            "model": "modicon plc ethernet module",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider electric",
            "version": "bmxp342030h"
          },
          {
            "model": "modicon plc ethernet module",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider electric",
            "version": "tsxp573634m"
          },
          {
            "model": "modicon plc ethernet module",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider electric",
            "version": "140cpu65160"
          },
          {
            "model": "modicon plc ethernet module",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider electric",
            "version": "tsxp572623mc"
          },
          {
            "model": "modicon plc ethernet module",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider electric",
            "version": "tsxp572623m"
          },
          {
            "model": "modicon plc ethernet module",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider electric",
            "version": "140cpu65150"
          },
          {
            "model": "modicon plc ethernet module",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider electric",
            "version": "171ccc96020"
          },
          {
            "model": "modicon plc ethernet module",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider electric",
            "version": "140cpu65260"
          },
          {
            "model": "modicon plc ethernet module",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider electric",
            "version": "171ccc96020c"
          },
          {
            "model": "tsxwmy100",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "tsxwmy10",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "tsxp576634",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "tsxp575634",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "tsxp574823m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "tsxp574823a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "tsxp574823",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "tsxp574634",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "tsxp573634",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "tsxp573623m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "tsxp573623a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "tsxp573623",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "tsxp572823m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "tsxp572823",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "tsxp572634",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "tsxp572623mc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "tsxp572623m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "tsxp571634m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "tsxntp100",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "tsxetz510",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "tsxetz410",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "tsxety5103c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "tsxety5103",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "tsxety4103c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "tsxety4103",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "tsxety110wsc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "tsxety110ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "tsxetc100",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "tsxetc0101",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "bmxprmxxxx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "bmxp342030h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "bmxp3420302h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "bmxp342030",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "bmxp342020h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "bmxp342020",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "bmxnor0200h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "bmxnoe0110h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "bmxnoe0110",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "bmxnoe0100",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "bmxnoc0402",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "bmxnoc0401",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "bmx noe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "01100"
          },
          {
            "model": "171ccc98030",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "171ccc98020",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "171ccc96030c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "171ccc96030",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "171ccc96020c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "171ccc96020",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "170ent11002",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "170ent11001",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "140nwm10000",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "140noe77111c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "140noe77111",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "140noe77110",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "140noe77101c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "140noe77101",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "140noe77100",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "140noc78100",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "140noc78000",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "140noc77100",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "140cpu65260",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "140cpu65160",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "140cpu65150",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "0"
          },
          {
            "model": "bmxnor0200h",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "140cpu65150",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "140cpu65160",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "140cpu65260",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "140noc77100",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "140noc78000",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "140noe77100",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "140noe77101",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "140noe77101c",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "140noe77110",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "140noe77111",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "140noe77111c",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "140nwm10000",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "170ent11001",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "170ent11002",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "170ent11002c",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "171ccc96020",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "171ccc96020c",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "171ccc96030",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "171ccc96030c",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "171ccc98020",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "171ccc98030",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "bmxnoc0401",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "bmxnoc0402",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "bmxnoe0100",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "bmxnoe0110",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "bmxnoe0110h",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "bmxp342020",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "bmxp342020h",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "bmxp342030",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "bmxp342030h",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "bmxp3420302",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "bmxp3420302h",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "bmxprmxxxx",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "stbnic2212",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "stbnip2212",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "tsxetc100",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "tsxetc0101",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "tsxety110ws",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "tsxety110wsc",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "tsxety4103",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "tsxety4103c",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "tsxety5103",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "tsxety5103c",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "tsxetz410",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "tsxetz510",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "tsxntp100",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "tsxp571634m",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "tsxp572623m",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "tsxp572623mc",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "tsxp572823m",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "tsxp572823mc",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "tsxp573623am",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "tsxp573623m",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "tsxp573623mc",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "tsxp573634m",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "tsxp574634m",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "tsxp574823am",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "tsxp574823m",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "tsxp574823mc",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "tsxp575634m",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "tsxp576634m",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "tsxwmy100",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          },
          {
            "model": "tsxwmy100c",
            "scope": null,
            "trust": 0.2,
            "vendor": "modicon plc ethernet module",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "cce5fe38-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06695"
          },
          {
            "db": "BID",
            "id": "70193"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004531"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-075"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0754"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:schneider_electric:modicon_plc_ethernet_module",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004531"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Billy Rios",
        "sources": [
          {
            "db": "BID",
            "id": "70193"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2014-0754",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ics-cert@hq.dhs.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2014-0754",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 2.8,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2014-06695",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "cce5fe38-2351-11e6-abef-000c29c66e3d",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-68247",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2014-0754",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-0754",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2014-0754",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2014-06695",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201410-075",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "cce5fe38-2351-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-68247",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "cce5fe38-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06695"
          },
          {
            "db": "VULHUB",
            "id": "VHN-68247"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004531"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-075"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0754"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0754"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request. Schneider Electric provides products and services in the areas of energy and infrastructure, industry, data centers and networks, buildings and residential. \nExploiting this issue can allow an attacker to gain access to arbitrary  files. Information harvested may aid in launching further attacks. Schneider Electric Modicon PLC Ethernet is an Ethernet programmable controller produced by French Schneider Electric (Schneider Electric). The following versions are affected: Schneider Electric Modicon PLC Ethernet modules 140CPU65x Version, 140NOC78x Version, 140NOE77x Version, BMXNOC0401 Version, BMXNOC0402 Version, BMXNOE0100 Version, BMXNOE0110x Version, TSXETC101 Version, TSXETC0101 Version, TSXETY4103x Version, TSXETY5103x Version, TSXP57x Version, TSXP57x Version",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-0754"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004531"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06695"
          },
          {
            "db": "BID",
            "id": "70193"
          },
          {
            "db": "IVD",
            "id": "cce5fe38-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "VULHUB",
            "id": "VHN-68247"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-0754",
            "trust": 3.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-14-273-01",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "70193",
            "trust": 2.6
          },
          {
            "db": "SCHNEIDER",
            "id": "SEVD-2014-260-01",
            "trust": 2.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-075",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06695",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004531",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "CCE5FE38-2351-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-68247",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "cce5fe38-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06695"
          },
          {
            "db": "VULHUB",
            "id": "VHN-68247"
          },
          {
            "db": "BID",
            "id": "70193"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004531"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-075"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0754"
          }
        ]
      },
      "id": "VAR-201410-1134",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "cce5fe38-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06695"
          },
          {
            "db": "VULHUB",
            "id": "VHN-68247"
          }
        ],
        "trust": 1.691666675
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "cce5fe38-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06695"
          }
        ]
      },
      "last_update_date": "2025-08-26T23:21:37.378000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Modicon PLC Ethernet Communication Modules",
            "trust": 0.8,
            "url": "http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01\u0026p_EnDocType=Software%20-%20Updates\u0026p_File_Id=608959359\u0026p_File_Name=SEVD-2014-260-01.pdf"
          },
          {
            "title": "Patches for multiple Schneider Electric product catalog traversal vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/50841"
          },
          {
            "title": "BMXNOE0100+Exec",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54170"
          },
          {
            "title": "BMXNOE0110+Web+and+Exec",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54171"
          },
          {
            "title": "140NOE77101+Exec+For+Unity+Users",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54184"
          },
          {
            "title": "140NOE77101+Exec+For+Non+Unity+Users",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54183"
          },
          {
            "title": "140NOE77111+Exec+For+Unity+and+Non+Unity+Users",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54185"
          },
          {
            "title": "140CPU65260+Quantum+Copro+Exec",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54180"
          },
          {
            "title": "140CPU65160+Quantum+Copro+Exec",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54179"
          },
          {
            "title": "140CPU65150+Quantum+CoPro+Exec",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54178"
          },
          {
            "title": "140NOC78000+Exec",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54181"
          },
          {
            "title": "TSXP575634M+Premium+Copro+Exec",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54176"
          },
          {
            "title": "TSXP574634M+Premium+Copro+Exec",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54175"
          },
          {
            "title": "TSXP576634M+Premium+Copro+Exec",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54177"
          },
          {
            "title": "TSXETC101+Exec",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54172"
          },
          {
            "title": "140NOC78100+Exec",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54182"
          },
          {
            "title": "TSXP573634M+ETY+Port+Exec",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54188"
          },
          {
            "title": "TSXP572634M+ETY+Port+Exec",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54187"
          },
          {
            "title": "TSXETY5103+Exec",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54174"
          },
          {
            "title": "TSXP571634M+ETY+Port+Exec",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54186"
          },
          {
            "title": "TSXETY4103+Exec",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54173"
          },
          {
            "title": "BMXNOC0401+Exec",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54169"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-06695"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004531"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-075"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-22",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-68247"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004531"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0754"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-273-01"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/70193"
          },
          {
            "trust": 1.6,
            "url": "http://download.schneider-electric.com/files?p_reference=sevd-2014-260-01\u0026p_endoctype=software%20-%20updates\u0026p_file_id=608959359\u0026p_file_name=sevd-2014-260-01.pdf"
          },
          {
            "trust": 1.3,
            "url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2014-260-01"
          },
          {
            "trust": 1.0,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-273-01"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0754"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0754"
          },
          {
            "trust": 0.3,
            "url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
          },
          {
            "trust": 0.1,
            "url": "http://download.schneider-electric.com/files?p_reference=sevd-2014-260-01\u0026amp;p_endoctype=software%20-%20updates\u0026amp;p_file_id=608959359\u0026amp;p_file_name=sevd-2014-260-01.pdf"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-06695"
          },
          {
            "db": "VULHUB",
            "id": "VHN-68247"
          },
          {
            "db": "BID",
            "id": "70193"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004531"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-075"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0754"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "cce5fe38-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06695"
          },
          {
            "db": "VULHUB",
            "id": "VHN-68247"
          },
          {
            "db": "BID",
            "id": "70193"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004531"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-075"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0754"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-10-14T00:00:00",
            "db": "IVD",
            "id": "cce5fe38-2351-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2014-10-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-06695"
          },
          {
            "date": "2014-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-68247"
          },
          {
            "date": "2014-09-30T00:00:00",
            "db": "BID",
            "id": "70193"
          },
          {
            "date": "2014-10-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-004531"
          },
          {
            "date": "2014-10-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201410-075"
          },
          {
            "date": "2014-10-03T18:55:06.017000",
            "db": "NVD",
            "id": "CVE-2014-0754"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-10-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-06695"
          },
          {
            "date": "2016-04-04T00:00:00",
            "db": "VULHUB",
            "id": "VHN-68247"
          },
          {
            "date": "2014-09-30T00:00:00",
            "db": "BID",
            "id": "70193"
          },
          {
            "date": "2014-10-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-004531"
          },
          {
            "date": "2022-02-11T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201410-075"
          },
          {
            "date": "2025-08-26T00:15:30.757000",
            "db": "NVD",
            "id": "CVE-2014-0754"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-075"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Schneider Electric Modicon PLC Ethernet Module  SchneiderWEB Vulnerable to directory traversal",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004531"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Path traversal",
        "sources": [
          {
            "db": "IVD",
            "id": "cce5fe38-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-075"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201501-0398

    Vulnerability from variot - Updated: 2025-07-26 23:17

    Stack-based buffer overflow in Schneider Electric Wonderware InTouch Access Anywhere Server 10.6 and 11.0 allows remote attackers to execute arbitrary code via a request for a filename that does not exist. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Attackers can exploit this issue to execute arbitrary code in the context of the affected system. Failed exploit attempts will likely result in denial-of-service conditions. Wonderware InTouch Access Anywhere Server 10.6 and 11.0 are vulnerable; other versions may also be affected. Schneider Electric Wonderware InTouch is an open, scalable HMI and SCADA monitoring solution from Schneider Electric, France, that creates standardized, reusable visualization applications

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201501-0398",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wonderware intouch access anywhere server",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "schneider electric",
            "version": "10.6"
          },
          {
            "model": "wonderware intouch access anywhere server",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "schneider electric",
            "version": "11.0"
          },
          {
            "model": "electric wonderware intouch access anywhere server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider",
            "version": "10.6"
          },
          {
            "model": "electric wonderware intouch access anywhere server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider",
            "version": "11.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wonderware intouch access anywhere server",
            "version": "10.6"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wonderware intouch access anywhere server",
            "version": "11.0"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "aad6dba0-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00342"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007575"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201501-201"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9190"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:schneider_electric:wonderware_intouch_access_anywhere_server",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007575"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor reported this issue.",
        "sources": [
          {
            "db": "BID",
            "id": "71951"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2014-9190",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ics-cert@hq.dhs.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2014-9190",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 2.8,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2015-00342",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "aad6dba0-2351-11e6-abef-000c29c66e3d",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-77135",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2014-9190",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-9190",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2014-9190",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-00342",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201501-201",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "aad6dba0-2351-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-77135",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "aad6dba0-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00342"
          },
          {
            "db": "VULHUB",
            "id": "VHN-77135"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007575"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201501-201"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9190"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9190"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Stack-based buffer overflow in Schneider Electric Wonderware InTouch Access Anywhere Server 10.6 and 11.0 allows remote attackers to execute arbitrary code via a request for a filename that does not exist. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. \nAttackers can exploit this issue to execute arbitrary code in the context of the affected system. Failed exploit attempts will likely result in denial-of-service conditions. \nWonderware InTouch Access Anywhere Server 10.6 and 11.0 are vulnerable; other versions may also be affected. Schneider Electric Wonderware InTouch is an open, scalable HMI and SCADA monitoring solution from Schneider Electric, France, that creates standardized, reusable visualization applications",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-9190"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007575"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00342"
          },
          {
            "db": "BID",
            "id": "71951"
          },
          {
            "db": "IVD",
            "id": "aad6dba0-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "VULHUB",
            "id": "VHN-77135"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-9190",
            "trust": 3.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-15-008-02",
            "trust": 3.1
          },
          {
            "db": "BID",
            "id": "71951",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201501-201",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00342",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007575",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "AAD6DBA0-2351-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-77135",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "aad6dba0-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00342"
          },
          {
            "db": "VULHUB",
            "id": "VHN-77135"
          },
          {
            "db": "BID",
            "id": "71951"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007575"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201501-201"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9190"
          }
        ]
      },
      "id": "VAR-201501-0398",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "aad6dba0-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00342"
          },
          {
            "db": "VULHUB",
            "id": "VHN-77135"
          }
        ],
        "trust": 1.775
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "aad6dba0-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00342"
          }
        ]
      },
      "last_update_date": "2025-07-26T23:17:49.365000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Web HMI and Mobile SCADA: Wonderware InTouch Access Anywhere",
            "trust": 0.8,
            "url": "http://software.invensys.com/products/wonderware/hmi-and-supervisory-control/intouch-access-anywhere/"
          },
          {
            "title": "Schneider Electric Wonderware InTouch Access Anywhere Server Buffer Overflow Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/53978"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-00342"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007575"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-77135"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007575"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9190"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-15-008-02"
          },
          {
            "trust": 1.7,
            "url": "https://wdnresource.wonderware.com/support/docs/_securitybulletins/security_bulletin_lfsec00000104.pdf"
          },
          {
            "trust": 1.4,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9190"
          },
          {
            "trust": 1.0,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-008-02"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9190"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/71951/"
          },
          {
            "trust": 0.3,
            "url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-00342"
          },
          {
            "db": "VULHUB",
            "id": "VHN-77135"
          },
          {
            "db": "BID",
            "id": "71951"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007575"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201501-201"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9190"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "aad6dba0-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00342"
          },
          {
            "db": "VULHUB",
            "id": "VHN-77135"
          },
          {
            "db": "BID",
            "id": "71951"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007575"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201501-201"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9190"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-01-15T00:00:00",
            "db": "IVD",
            "id": "aad6dba0-2351-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2015-01-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-00342"
          },
          {
            "date": "2015-01-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-77135"
          },
          {
            "date": "2015-01-08T00:00:00",
            "db": "BID",
            "id": "71951"
          },
          {
            "date": "2015-01-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-007575"
          },
          {
            "date": "2015-01-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201501-201"
          },
          {
            "date": "2015-01-10T02:59:33.693000",
            "db": "NVD",
            "id": "CVE-2014-9190"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-01-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-00342"
          },
          {
            "date": "2015-01-12T00:00:00",
            "db": "VULHUB",
            "id": "VHN-77135"
          },
          {
            "date": "2015-03-19T08:13:00",
            "db": "BID",
            "id": "71951"
          },
          {
            "date": "2015-01-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-007575"
          },
          {
            "date": "2015-01-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201501-201"
          },
          {
            "date": "2025-07-24T23:15:25.860000",
            "db": "NVD",
            "id": "CVE-2014-9190"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201501-201"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Schneider Electric Wonderware InTouch Access Anywhere Server Buffer Overflow Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "aad6dba0-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00342"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer overflow",
        "sources": [
          {
            "db": "IVD",
            "id": "aad6dba0-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201501-201"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201412-0411

    Vulnerability from variot - Updated: 2025-07-26 23:05

    Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514. NOTE: this may be clarified later based on details provided by researchers. This vulnerability CVE-2014-8513 and CVE-2014-8514 Is a different vulnerability. The details of this issue may become clear in the future based on information provided by researchers.A third party may execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the MetaDraw ActiveX control's ArrangeObjects method. The control dereferences an attacker-supplied memory address and redirects execution flow to the resulting address. An attacker can exploit this condition to achieve code execution under the context of the browser process. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Failed exploit attempts will likely result in denial-of-service conditions. ProClima 6.0.1 and prior are vulnerable. Schneider Electric ProClima is a set of thermal calculation software from Schneider Electric, France

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "proclima",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": "6.0.1"
          },
          {
            "_id": null,
            "model": "proclima",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "6.1.7"
          },
          {
            "_id": null,
            "model": "proclima",
            "scope": null,
            "trust": 0.7,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "_id": null,
            "model": "electric proclima",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "schneider",
            "version": "6.0.1"
          },
          {
            "_id": null,
            "model": "proclima",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider electric",
            "version": "6.0.1"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "proclima",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "ae18d5ca-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "ZDI",
            "id": "ZDI-15-005"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-09022"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007424"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201412-573"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9188"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:schneider_electric:proclima",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007424"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Andrea Micalizzi (rgod)",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-15-005"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2014-9188",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2014-9188",
                "impactScore": 8.5,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ics-cert@hq.dhs.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2014-9188",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2014-9188",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2014-09022",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "ae18d5ca-2351-11e6-abef-000c29c66e3d",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-77133",
                "impactScore": 8.5,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2014-9188",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-9188",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2014-9188",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2014-9188",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2014-09022",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201412-573",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "ae18d5ca-2351-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-77133",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2014-9188",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "ae18d5ca-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "ZDI",
            "id": "ZDI-15-005"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-09022"
          },
          {
            "db": "VULHUB",
            "id": "VHN-77133"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-9188"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007424"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201412-573"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9188"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9188"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514.  NOTE: this may be clarified later based on details provided by researchers. This vulnerability CVE-2014-8513 and CVE-2014-8514 Is a different vulnerability. The details of this issue may become clear in the future based on information provided by researchers.A third party may execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the MetaDraw ActiveX control\u0027s ArrangeObjects method. The control dereferences an attacker-supplied memory address and redirects execution flow to the resulting address. An attacker can exploit this condition to achieve code execution under the context of the browser process. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Failed exploit attempts will likely result in denial-of-service conditions. \nProClima 6.0.1 and prior are vulnerable. Schneider Electric ProClima is a set of thermal calculation software from Schneider Electric, France",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-9188"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007424"
          },
          {
            "db": "ZDI",
            "id": "ZDI-15-005"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-09022"
          },
          {
            "db": "BID",
            "id": "71713"
          },
          {
            "db": "IVD",
            "id": "ae18d5ca-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "VULHUB",
            "id": "VHN-77133"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-9188"
          }
        ],
        "trust": 3.42
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-9188",
            "trust": 4.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-14-350-01",
            "trust": 2.6
          },
          {
            "db": "BID",
            "id": "71713",
            "trust": 1.1
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201412-573",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-09022",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007424",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-2524",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-15-005",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "AE18D5CA-2351-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-77133",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-9188",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "ae18d5ca-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "ZDI",
            "id": "ZDI-15-005"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-09022"
          },
          {
            "db": "VULHUB",
            "id": "VHN-77133"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-9188"
          },
          {
            "db": "BID",
            "id": "71713"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007424"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201412-573"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9188"
          }
        ]
      },
      "id": "VAR-201412-0411",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "ae18d5ca-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-09022"
          },
          {
            "db": "VULHUB",
            "id": "VHN-77133"
          }
        ],
        "trust": 1.9
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "ae18d5ca-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-09022"
          }
        ]
      },
      "last_update_date": "2025-07-26T23:05:10.289000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "ProClima Software Vulnerability Disclosure",
            "trust": 0.8,
            "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01"
          },
          {
            "title": "Schneider Electric has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01"
          },
          {
            "title": "Patch for Schneider Electric ProClima Remote Buffer Overflow Vulnerability (CNVD-2014-09022)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/52961"
          },
          {
            "title": "ProClima_v6.1.8_setup",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53033"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-15-005"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-09022"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007424"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201412-573"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-77",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-77133"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007424"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9188"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 3.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-350-01"
          },
          {
            "trust": 1.8,
            "url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-344-01"
          },
          {
            "trust": 1.0,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-350-01"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9188"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9188"
          },
          {
            "trust": 0.7,
            "url": "http://www.securityfocus.com/bid/71713"
          },
          {
            "trust": 0.3,
            "url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/119.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=36781"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-15-005"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-09022"
          },
          {
            "db": "VULHUB",
            "id": "VHN-77133"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-9188"
          },
          {
            "db": "BID",
            "id": "71713"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007424"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201412-573"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9188"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "IVD",
            "id": "ae18d5ca-2351-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-15-005",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-09022",
            "ident": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-77133",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-9188",
            "ident": null
          },
          {
            "db": "BID",
            "id": "71713",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007424",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201412-573",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9188",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2014-12-19T00:00:00",
            "db": "IVD",
            "id": "ae18d5ca-2351-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "date": "2015-01-07T00:00:00",
            "db": "ZDI",
            "id": "ZDI-15-005",
            "ident": null
          },
          {
            "date": "2014-12-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-09022",
            "ident": null
          },
          {
            "date": "2014-12-27T00:00:00",
            "db": "VULHUB",
            "id": "VHN-77133",
            "ident": null
          },
          {
            "date": "2014-12-27T00:00:00",
            "db": "VULMON",
            "id": "CVE-2014-9188",
            "ident": null
          },
          {
            "date": "2014-12-10T00:00:00",
            "db": "BID",
            "id": "71713",
            "ident": null
          },
          {
            "date": "2015-01-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-007424",
            "ident": null
          },
          {
            "date": "2014-12-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201412-573",
            "ident": null
          },
          {
            "date": "2014-12-27T15:59:04.887000",
            "db": "NVD",
            "id": "CVE-2014-9188",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2015-01-07T00:00:00",
            "db": "ZDI",
            "id": "ZDI-15-005",
            "ident": null
          },
          {
            "date": "2014-12-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-09022",
            "ident": null
          },
          {
            "date": "2014-12-29T00:00:00",
            "db": "VULHUB",
            "id": "VHN-77133",
            "ident": null
          },
          {
            "date": "2014-12-29T00:00:00",
            "db": "VULMON",
            "id": "CVE-2014-9188",
            "ident": null
          },
          {
            "date": "2015-01-12T00:02:00",
            "db": "BID",
            "id": "71713",
            "ident": null
          },
          {
            "date": "2015-01-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-007424",
            "ident": null
          },
          {
            "date": "2015-01-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201412-573",
            "ident": null
          },
          {
            "date": "2025-07-24T23:15:24.770000",
            "db": "NVD",
            "id": "CVE-2014-9188",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201412-573"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Schneider Electric ProClima of  MDraw30.ocx of  ActiveX Control buffer overflow vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007424"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "Buffer overflow",
        "sources": [
          {
            "db": "IVD",
            "id": "ae18d5ca-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201412-573"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202506-0484

    Vulnerability from variot - Updated: 2025-07-10 22:55

    CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file reads from the charging station. The exploitation of this vulnerability does require an authenticated session of the web server. Schneider Electric EVLink WallBox is a home charging station from Schneider Electric of France. Attackers can exploit this vulnerability to cause arbitrary file reading

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202506-0484",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "electric evlink wallbox",
            "scope": null,
            "trust": 0.6,
            "vendor": "schneider",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15345"
          }
        ]
      },
      "cve": "CVE-2025-5741",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "MULTIPLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.4,
                "id": "CNVD-2025-15345",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cybersecurity@se.com",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2025-5741",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "cybersecurity@se.com",
                "id": "CVE-2025-5741",
                "trust": 1.0,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-15345",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15345"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5741"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability exists that\ncould cause arbitrary file reads from the charging station. The exploitation of this vulnerability does require an\nauthenticated session of the web server. Schneider Electric EVLink WallBox is a home charging station from Schneider Electric of France. Attackers can exploit this vulnerability to cause arbitrary file reading",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-5741"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15345"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-5741",
            "trust": 1.6
          },
          {
            "db": "SCHNEIDER",
            "id": "SEVD-2025-161-03",
            "trust": 1.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15345",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15345"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5741"
          }
        ]
      },
      "id": "VAR-202506-0484",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15345"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15345"
          }
        ]
      },
      "last_update_date": "2025-07-10T22:55:23.894000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for Schneider Electric EVLink WallBox Path Traversal Vulnerability (CNVD-2025-15345)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/706296"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15345"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-22",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-5741"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.0,
            "url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2025-161-03\u0026p_endoctype=security+and+safety+notice\u0026p_file_name=sevd-2025-161-03.pdf"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-5741"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15345"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5741"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15345"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5741"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15345"
          },
          {
            "date": "2025-06-10T09:15:25.290000",
            "db": "NVD",
            "id": "CVE-2025-5741"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15345"
          },
          {
            "date": "2025-06-12T16:06:39.330000",
            "db": "NVD",
            "id": "CVE-2025-5741"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Schneider Electric EVLink WallBox Path Traversal Vulnerability (CNVD-2025-15345)",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15345"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202506-0482

    Vulnerability from variot - Updated: 2025-07-10 22:55

    CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists when an authenticated user modifies configuration parameters on the web server. Schneider Electric EVLink WallBox is a home charging station from Schneider Electric of France. No detailed vulnerability details are currently provided

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202506-0482",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "electric evlink wallbox",
            "scope": null,
            "trust": 0.6,
            "vendor": "schneider",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15346"
          }
        ]
      },
      "cve": "CVE-2025-5742",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-15346",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cybersecurity@se.com",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.3,
                "id": "CVE-2025-5742",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "cybersecurity@se.com",
                "id": "CVE-2025-5742",
                "trust": 1.0,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-15346",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15346"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5742"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u2018Cross-site Scripting\u2019)\nvulnerability exists when an authenticated user modifies configuration parameters on the web server. Schneider Electric EVLink WallBox is a home charging station from Schneider Electric of France. No detailed vulnerability details are currently provided",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-5742"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15346"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-5742",
            "trust": 1.6
          },
          {
            "db": "SCHNEIDER",
            "id": "SEVD-2025-161-03",
            "trust": 1.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15346",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15346"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5742"
          }
        ]
      },
      "id": "VAR-202506-0482",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15346"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15346"
          }
        ]
      },
      "last_update_date": "2025-07-10T22:55:23.863000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for Schneider Electric EVLink WallBox Cross-Site Scripting Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/706301"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15346"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-5742"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.0,
            "url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2025-161-03\u0026p_endoctype=security+and+safety+notice\u0026p_file_name=sevd-2025-161-03.pdf"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-5742"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15346"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5742"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15346"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5742"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15346"
          },
          {
            "date": "2025-06-10T09:15:25.493000",
            "db": "NVD",
            "id": "CVE-2025-5742"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15346"
          },
          {
            "date": "2025-06-12T16:06:39.330000",
            "db": "NVD",
            "id": "CVE-2025-5742"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Schneider Electric EVLink WallBox Cross-Site Scripting Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15346"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202506-0444

    Vulnerability from variot - Updated: 2025-07-10 22:48

    CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists impacting PLC system variables that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser. Schneider Electric Modicon Controllers is a series of Modicon series programmable logic controllers from Schneider Electric of France

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202506-0444",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "electric modicon controllersm241/m251",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "schneider",
            "version": "5.3.12.51"
          },
          {
            "model": "electric modicon controllers m258 /lmc058",
            "scope": null,
            "trust": 0.6,
            "vendor": "schneider",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15353"
          }
        ]
      },
      "cve": "CVE-2025-3905",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-15353",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cybersecurity@se.com",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.3,
                "id": "CVE-2025-3905",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "cybersecurity@se.com",
                "id": "CVE-2025-3905",
                "trust": 1.0,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-15353",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15353"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3905"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability\nexists impacting PLC system variables that could cause an unvalidated data injected by authenticated\nmalicious user leading to modify or read data in a victim\u2019s browser. Schneider Electric Modicon Controllers is a series of Modicon series programmable logic controllers from Schneider Electric of France",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-3905"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15353"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-3905",
            "trust": 1.6
          },
          {
            "db": "SCHNEIDER",
            "id": "SEVD-2025-161-02",
            "trust": 1.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15353",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15353"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3905"
          }
        ]
      },
      "id": "VAR-202506-0444",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15353"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15353"
          }
        ]
      },
      "last_update_date": "2025-07-10T22:48:27.877000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for Schneider Electric Modicon Controllers Cross-Site Scripting Vulnerability (CNVD-2025-15353)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/706346"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15353"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-3905"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2025-161-02\u0026p_endoctype=security+and+safety+notice\u0026p_file_name=sevd-2025-161-02.pdf"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15353"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3905"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15353"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3905"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15353"
          },
          {
            "date": "2025-06-10T09:15:24.543000",
            "db": "NVD",
            "id": "CVE-2025-3905"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15353"
          },
          {
            "date": "2025-06-12T16:06:39.330000",
            "db": "NVD",
            "id": "CVE-2025-3905"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Schneider Electric Modicon Controllers Cross-Site Scripting Vulnerability (CNVD-2025-15353)",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15353"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202506-0441

    Vulnerability from variot - Updated: 2025-07-10 22:48

    CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in Certificates page on Webserver that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser. Schneider Electric Modicon Controllers is a series of Modicon series programmable logic controllers from Schneider Electric of France

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202506-0441",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "electric modicon controllersm241/m251",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "schneider",
            "version": "5.3.12.51"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15350"
          }
        ]
      },
      "cve": "CVE-2025-3899",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-15350",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cybersecurity@se.com",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.3,
                "id": "CVE-2025-3899",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "cybersecurity@se.com",
                "id": "CVE-2025-3899",
                "trust": 1.0,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-15350",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15350"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3899"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability\nexists in Certificates page on Webserver that could cause an unvalidated data injected by authenticated\nmalicious user leading to modify or read data in a victim\u2019s browser. Schneider Electric Modicon Controllers is a series of Modicon series programmable logic controllers from Schneider Electric of France",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-3899"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15350"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-3899",
            "trust": 1.6
          },
          {
            "db": "SCHNEIDER",
            "id": "SEVD-2025-161-02",
            "trust": 1.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15350",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15350"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3899"
          }
        ]
      },
      "id": "VAR-202506-0441",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15350"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15350"
          }
        ]
      },
      "last_update_date": "2025-07-10T22:48:27.862000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for Schneider Electric Modicon Controllers Cross-Site Scripting Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/706331"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15350"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-3899"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.0,
            "url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2025-161-02\u0026p_endoctype=security+and+safety+notice\u0026p_file_name=sevd-2025-161-02.pdf"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-3899"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15350"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3899"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15350"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3899"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15350"
          },
          {
            "date": "2025-06-10T09:15:24.333000",
            "db": "NVD",
            "id": "CVE-2025-3899"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15350"
          },
          {
            "date": "2025-06-12T16:06:39.330000",
            "db": "NVD",
            "id": "CVE-2025-3899"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Schneider Electric Modicon Controllers Cross-Site Scripting Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15350"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202506-0445

    Vulnerability from variot - Updated: 2025-07-10 22:48

    CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends HTTPS request containing invalid data type to the webserver. Schneider Electric Modicon Controllers is a series of Modicon series programmable logic controllers from Schneider Electric of France.

    Schneider Electric Modicon Controllers has an input validation error vulnerability. The vulnerability is caused by improper input validation. Attackers can exploit this vulnerability to cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202506-0445",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "electric modicon controllersm241/m251",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "schneider",
            "version": "5.3.12.51"
          },
          {
            "model": "electric modicon controllers m262",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "schneider",
            "version": "5.3.9.18"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15352"
          }
        ]
      },
      "cve": "CVE-2025-3898",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-15352",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cybersecurity@se.com",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-3898",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "cybersecurity@se.com",
                "id": "CVE-2025-3898",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-15352",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15352"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3898"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an\nauthenticated malicious user sends HTTPS request containing invalid data type to the webserver. Schneider Electric Modicon Controllers is a series of Modicon series programmable logic controllers from Schneider Electric of France. \n\nSchneider Electric Modicon Controllers has an input validation error vulnerability. The vulnerability is caused by improper input validation. Attackers can exploit this vulnerability to cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-3898"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15352"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "SCHNEIDER",
            "id": "SEVD-2025-161-02",
            "trust": 1.6
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3898",
            "trust": 1.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15352",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15352"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3898"
          }
        ]
      },
      "id": "VAR-202506-0445",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15352"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15352"
          }
        ]
      },
      "last_update_date": "2025-07-10T22:48:27.845000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for Schneider Electric Modicon Controllers Input Validation Error Vulnerability (CNVD-2025-15352)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/706341"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15352"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-3898"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2025-161-02\u0026p_endoctype=security+and+safety+notice\u0026p_file_name=sevd-2025-161-02.pdf"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15352"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3898"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15352"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3898"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15352"
          },
          {
            "date": "2025-06-10T09:15:24.137000",
            "db": "NVD",
            "id": "CVE-2025-3898"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15352"
          },
          {
            "date": "2025-06-12T16:06:39.330000",
            "db": "NVD",
            "id": "CVE-2025-3898"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Schneider Electric Modicon Controllers Input Validation Error Vulnerability (CNVD-2025-15352)",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15352"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202506-0443

    Vulnerability from variot - Updated: 2025-07-10 22:48

    CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists impacting configuration file paths that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser. Schneider Electric Modicon Controllers is a series of Modicon series programmable logic controllers from Schneider Electric of France

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202506-0443",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "electric modicon controllersm241/m251",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "schneider",
            "version": "5.3.12.51"
          },
          {
            "model": "electric modicon controllers m258 /lmc058",
            "scope": null,
            "trust": 0.6,
            "vendor": "schneider",
            "version": null
          },
          {
            "model": "electric modicon controllers m262",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "schneider",
            "version": "5.3.9.18"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15351"
          }
        ]
      },
      "cve": "CVE-2025-3117",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-15351",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cybersecurity@se.com",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.3,
                "id": "CVE-2025-3117",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "cybersecurity@se.com",
                "id": "CVE-2025-3117",
                "trust": 1.0,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-15351",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15351"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3117"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability\nexists impacting configuration file paths that could cause an unvalidated data injected by authenticated\nmalicious user leading to modify or read data in a victim\u2019s browser. Schneider Electric Modicon Controllers is a series of Modicon series programmable logic controllers from Schneider Electric of France",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-3117"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15351"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-3117",
            "trust": 1.6
          },
          {
            "db": "SCHNEIDER",
            "id": "SEVD-2025-161-02",
            "trust": 1.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15351",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15351"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3117"
          }
        ]
      },
      "id": "VAR-202506-0443",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15351"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15351"
          }
        ]
      },
      "last_update_date": "2025-07-10T22:48:27.830000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for Schneider Electric Modicon Controllers Cross-Site Scripting Vulnerability (CNVD-2025-15351)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/706336"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15351"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-3117"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2025-161-02\u0026p_endoctype=security+and+safety+notice\u0026p_file_name=sevd-2025-161-02.pdf"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15351"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3117"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15351"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3117"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15351"
          },
          {
            "date": "2025-06-10T09:15:23.873000",
            "db": "NVD",
            "id": "CVE-2025-3117"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15351"
          },
          {
            "date": "2025-06-12T16:06:39.330000",
            "db": "NVD",
            "id": "CVE-2025-3117"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Schneider Electric Modicon Controllers Cross-Site Scripting Vulnerability (CNVD-2025-15351)",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15351"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202506-0440

    Vulnerability from variot - Updated: 2025-07-10 22:48

    CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends special malformed HTTPS request containing improper formatted body data to the controller. Schneider Electric Modicon Controllers is a series of Modicon series programmable logic controllers from Schneider Electric of France.

    Schneider Electric Modicon Controllers has an input validation error vulnerability. The vulnerability is caused by improper input validation. Attackers can exploit this vulnerability to cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202506-0440",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "electric modicon controllersm241/m251",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "schneider",
            "version": "5.3.12.51"
          },
          {
            "model": "electric modicon controllers m258 /lmc058",
            "scope": null,
            "trust": 0.6,
            "vendor": "schneider",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15349"
          }
        ]
      },
      "cve": "CVE-2025-3116",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-15349",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cybersecurity@se.com",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-3116",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "cybersecurity@se.com",
                "id": "CVE-2025-3116",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-15349",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15349"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3116"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an\nauthenticated malicious user sends special malformed HTTPS request containing improper formatted body\ndata to the controller. Schneider Electric Modicon Controllers is a series of Modicon series programmable logic controllers from Schneider Electric of France. \n\nSchneider Electric Modicon Controllers has an input validation error vulnerability. The vulnerability is caused by improper input validation. Attackers can exploit this vulnerability to cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-3116"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15349"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "SCHNEIDER",
            "id": "SEVD-2025-161-02",
            "trust": 1.6
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3116",
            "trust": 1.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15349",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15349"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3116"
          }
        ]
      },
      "id": "VAR-202506-0440",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15349"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15349"
          }
        ]
      },
      "last_update_date": "2025-07-10T22:48:27.813000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for Schneider Electric Modicon Controllers Input Validation Error Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/706311"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15349"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-3116"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2025-161-02\u0026p_endoctype=security+and+safety+notice\u0026p_file_name=sevd-2025-161-02.pdf"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15349"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3116"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15349"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3116"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15349"
          },
          {
            "date": "2025-06-10T09:15:23.657000",
            "db": "NVD",
            "id": "CVE-2025-3116"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15349"
          },
          {
            "date": "2025-06-12T16:06:39.330000",
            "db": "NVD",
            "id": "CVE-2025-3116"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Schneider Electric Modicon Controllers Input Validation Error Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15349"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202504-0860

    Vulnerability from variot - Updated: 2025-07-10 22:47

    CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could lead to loss of confidentiality when a malicious user, having physical access, sets the radio in factory default mode where the product does not correctly initialize all data. Schneider Electric Trio Q Licensed Data Radio is a radio produced by Schneider Electric of France.

    Schneider Electric Trio Q Licensed Data Radio has an information leakage vulnerability. The vulnerability is caused by insecure resource initialization. Attackers can exploit this vulnerability to obtain sensitive information

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202504-0860",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "electric trio q licensed data radio",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "schneider",
            "version": "2.7.2"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15354"
          }
        ]
      },
      "cve": "CVE-2025-2441",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2025-15354",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "author": "cybersecurity@se.com",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 0.9,
                "id": "CVE-2025-2441",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "cybersecurity@se.com",
                "id": "CVE-2025-2441",
                "trust": 1.0,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-15354",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15354"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-2441"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could lead to loss of\nconfidentiality when a malicious user, having physical access, sets the radio in factory default mode where the\nproduct does not correctly initialize all data. Schneider Electric Trio Q Licensed Data Radio is a radio produced by Schneider Electric of France. \n\nSchneider Electric Trio Q Licensed Data Radio has an information leakage vulnerability. The vulnerability is caused by insecure resource initialization. Attackers can exploit this vulnerability to obtain sensitive information",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-2441"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15354"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-2441",
            "trust": 1.6
          },
          {
            "db": "SCHNEIDER",
            "id": "SEVD-2025-098-02",
            "trust": 1.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15354",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15354"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-2441"
          }
        ]
      },
      "id": "VAR-202504-0860",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15354"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15354"
          }
        ]
      },
      "last_update_date": "2025-07-10T22:47:06.942000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for Schneider Electric Trio Q Licensed Data Radio Information Disclosure Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/706351"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15354"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-1188",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-2441"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2025-098-02\u0026p_endoctype=security+and+safety+notice\u0026p_file_name=sevd-2025-098-02.pdf"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15354"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-2441"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15354"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-2441"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15354"
          },
          {
            "date": "2025-04-09T11:15:42.730000",
            "db": "NVD",
            "id": "CVE-2025-2441"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15354"
          },
          {
            "date": "2025-04-09T20:02:41.860000",
            "db": "NVD",
            "id": "CVE-2025-2441"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Schneider Electric Trio Q Licensed Data Radio Information Disclosure Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15354"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202506-0442

    Vulnerability from variot - Updated: 2025-07-01 19:32

    CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause Denial of Service when an authenticated malicious user sends manipulated HTTPS Content-Length header to the webserver. Schneider Electric Modicon Controllers are a series of Modicon series programmable logic controllers from Schneider Electric of France.

    Schneider Electric Modicon Controllers have a resource management error vulnerability, which is caused by uncontrolled resource consumption. Attackers can exploit this vulnerability to cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202506-0442",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "electric modicon controllers",
            "scope": null,
            "trust": 0.6,
            "vendor": "schneider",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-14267"
          }
        ]
      },
      "cve": "CVE-2025-3112",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-14267",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cybersecurity@se.com",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-3112",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "cybersecurity@se.com",
                "id": "CVE-2025-3112",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-14267",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-14267"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3112"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause Denial of Service when an\nauthenticated malicious user sends manipulated HTTPS Content-Length header to the webserver. Schneider Electric Modicon Controllers are a series of Modicon series programmable logic controllers from Schneider Electric of France. \n\nSchneider Electric Modicon Controllers have a resource management error vulnerability, which is caused by uncontrolled resource consumption. Attackers can exploit this vulnerability to cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-3112"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-14267"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-3112",
            "trust": 1.6
          },
          {
            "db": "SCHNEIDER",
            "id": "SEVD-2025-161-02",
            "trust": 1.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-14267",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-14267"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3112"
          }
        ]
      },
      "id": "VAR-202506-0442",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-14267"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-14267"
          }
        ]
      },
      "last_update_date": "2025-07-01T19:32:54.288000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for Schneider Electric Modicon Controllers Resource Management Error Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/701576"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-14267"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-400",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-3112"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2025-161-02\u0026p_endoctype=security+and+safety+notice\u0026p_file_name=sevd-2025-161-02.pdf"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-14267"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3112"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-14267"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3112"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-14267"
          },
          {
            "date": "2025-06-10T09:15:23.437000",
            "db": "NVD",
            "id": "CVE-2025-3112"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-30T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-14267"
          },
          {
            "date": "2025-06-12T16:06:39.330000",
            "db": "NVD",
            "id": "CVE-2025-3112"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Schneider Electric Modicon Controllers Resource Management Error Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-14267"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202505-1714

    Vulnerability from variot - Updated: 2025-06-15 23:45

    CWE-121: Stack-based Buffer Overflow vulnerability exists that could cause local attackers being able to exploit these issues to potentially execute arbitrary code while the end user opens a malicious project file (SSD file) provided by the attacker. Schneider Electric EcoStruxure Power Build Rapsody is a power monitoring platform of Schneider Electric of France

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202505-1714",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "electric ecostruxure power build rapsody fr",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "schneider",
            "version": "\u003c=v2.7.12"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12302"
          }
        ]
      },
      "cve": "CVE-2025-3916",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2025-12302",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "cybersecurity@se.com",
                "id": "CVE-2025-3916",
                "trust": 1.0,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-12302",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12302"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3916"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "CWE-121: Stack-based Buffer Overflow\u2009vulnerability exists\u2009that could cause\u2009local attackers being able to\nexploit these issues to potentially execute arbitrary code\u2009while the end user opens a malicious project file (SSD\nfile) provided by the attacker. Schneider Electric EcoStruxure Power Build Rapsody is a power monitoring platform of Schneider Electric of France",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-3916"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-12302"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-3916",
            "trust": 1.6
          },
          {
            "db": "SCHNEIDER",
            "id": "SEVD-2025-133-03",
            "trust": 1.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-12302",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12302"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3916"
          }
        ]
      },
      "id": "VAR-202505-1714",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12302"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12302"
          }
        ]
      },
      "last_update_date": "2025-06-15T23:45:49.851000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for Schneider Electric EcoStruxure Power Build Rapsody Stack Buffer Overflow Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/696111"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12302"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-3916"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2025-133-03\u0026p_endoctype=security+and+safety+notice\u0026p_file_name=sevd-2025-133-03.pdf"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12302"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3916"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12302"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-3916"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-12302"
          },
          {
            "date": "2025-05-13T09:15:21.027000",
            "db": "NVD",
            "id": "CVE-2025-3916"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-12302"
          },
          {
            "date": "2025-05-13T19:35:18.080000",
            "db": "NVD",
            "id": "CVE-2025-3916"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Schneider Electric EcoStruxure Power Build Rapsody Stack Buffer Overflow Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12302"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202503-0471

    Vulnerability from variot - Updated: 2025-06-15 23:44

    CWE-287: Improper Authentication vulnerability exists that could cause an Authentication Bypass when an unauthorized user without permission rights has physical access to the EPAS-UI computer and is able to reboot the workstation and interrupt the normal boot process. Schneider Electric EcoStruxure Power Automation System User Interface is a user interface software for power automation systems developed by Schneider Electric of France. It is used for operators to interact with power automation systems to improve operational efficiency.

    Schneider Electric EcoStruxure Power Automation System User Interface has an authorization vulnerability. The vulnerability is caused by improper authentication

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202503-0471",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "electric schneider electric ecostruxure power automation system user interface",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "schneider",
            "version": "v2.1,\u003c=v2.9"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12361"
          }
        ]
      },
      "cve": "CVE-2025-0813",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2025-12361",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "author": "cybersecurity@se.com",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 0.9,
                "id": "CVE-2025-0813",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "cybersecurity@se.com",
                "id": "CVE-2025-0813",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-12361",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12361"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-0813"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "CWE-287: Improper Authentication vulnerability exists that could cause an Authentication Bypass when an\nunauthorized user without permission rights has physical access to the EPAS-UI computer and is able to\nreboot the workstation and interrupt the normal boot process. Schneider Electric EcoStruxure Power Automation System User Interface is a user interface software for power automation systems developed by Schneider Electric of France. It is used for operators to interact with power automation systems to improve operational efficiency. \n\nSchneider Electric EcoStruxure Power Automation System User Interface has an authorization vulnerability. The vulnerability is caused by improper authentication",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-0813"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-12361"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-0813",
            "trust": 1.6
          },
          {
            "db": "SCHNEIDER",
            "id": "SEVD-2025-070-02",
            "trust": 1.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-12361",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12361"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-0813"
          }
        ]
      },
      "id": "VAR-202503-0471",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12361"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12361"
          }
        ]
      },
      "last_update_date": "2025-06-15T23:44:08.784000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for Schneider Electric EcoStruxure Power Automation System User Interface Authorization Issue Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/696116"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12361"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-0813"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2025-070-02\u0026p_endoctype=security+and+safety+notice\u0026p_file_name=sevd-2025-070-02.pdf"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12361"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-0813"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12361"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-0813"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-12361"
          },
          {
            "date": "2025-03-12T16:15:20.183000",
            "db": "NVD",
            "id": "CVE-2025-0813"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-12361"
          },
          {
            "date": "2025-03-12T16:15:20.183000",
            "db": "NVD",
            "id": "CVE-2025-0813"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Schneider Electric EcoStruxure Power Automation System User Interface Authorization Issue Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12361"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201905-1031

    Vulnerability from variot - Updated: 2025-05-01 23:12

    A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause a possible Denial of Service due to improper data integrity check when sending files the controller over Modbus. plural Modicon The product contains an exceptional state handling vulnerability.Service operation interruption (DoS) It may be in a state. Schneider Electric Modicon M580 and other products are products of Schneider Electric (France). Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions.

    Several Schneider Electric products have input validation error vulnerabilities. An attacker could use this vulnerability to cause a denial of service. The following products and versions are affected: Schneider Electric Modicon M580 (all versions); Modicon M340 (all versions); Modicon Quantum (all versions); Modicon Premium (all versions)

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201905-1031",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "modicon premium",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": "*"
          },
          {
            "model": "modicon quantum",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": "*"
          },
          {
            "model": "modicon m580",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": "*"
          },
          {
            "model": "modicon m340",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": "*"
          },
          {
            "model": "modicon m580",
            "scope": null,
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "modicon m340",
            "scope": null,
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "modicon quantum plc",
            "scope": null,
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "modicon premium plc",
            "scope": null,
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "electric modicon m340",
            "scope": null,
            "trust": 0.6,
            "vendor": "schneider",
            "version": null
          },
          {
            "model": "electric modicon m580",
            "scope": null,
            "trust": 0.6,
            "vendor": "schneider",
            "version": null
          },
          {
            "model": "electric modicon premium",
            "scope": null,
            "trust": 0.6,
            "vendor": "schneider",
            "version": null
          },
          {
            "model": "electric modicon quantum",
            "scope": null,
            "trust": 0.6,
            "vendor": "schneider",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "modicon m580",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "modicon m340",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "modicon quantum",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "modicon premium",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b64fc880-1acf-4ff9-b621-6d507dd1fedf"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-34827"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015476"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7849"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Jared Rittle of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-922"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2018-7849",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-7849",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-34827",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "b64fc880-1acf-4ff9-b621-6d507dd1fedf",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-137881",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-7849",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2018-7849",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-7849",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-7849",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-34827",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201905-922",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "b64fc880-1acf-4ff9-b621-6d507dd1fedf",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-137881",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-7849",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b64fc880-1acf-4ff9-b621-6d507dd1fedf"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-34827"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137881"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-7849"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015476"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-922"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7849"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause a possible Denial of Service due to improper data integrity check when sending files the controller over Modbus. plural Modicon The product contains an exceptional state handling vulnerability.Service operation interruption (DoS) It may be in a state. Schneider Electric Modicon M580 and other products are products of Schneider Electric (France). Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. \n\nSeveral Schneider Electric products have input validation error vulnerabilities. An attacker could use this vulnerability to cause a denial of service. The following products and versions are affected: Schneider Electric Modicon M580 (all versions); Modicon M340 (all versions); Modicon Quantum (all versions); Modicon Premium (all versions)",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-7849"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015476"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-34827"
          },
          {
            "db": "IVD",
            "id": "b64fc880-1acf-4ff9-b621-6d507dd1fedf"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137881"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-7849"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-7849",
            "trust": 4.2
          },
          {
            "db": "SCHNEIDER",
            "id": "SEVD-2019-134-11",
            "trust": 1.8
          },
          {
            "db": "TALOS",
            "id": "TALOS-2018-0737",
            "trust": 1.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-922",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-34827",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU92254859",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-25-114-01",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015476",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "B64FC880-1ACF-4FF9-B621-6D507DD1FEDF",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-137881",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-7849",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b64fc880-1acf-4ff9-b621-6d507dd1fedf"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-34827"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137881"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-7849"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015476"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-922"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7849"
          }
        ]
      },
      "id": "VAR-201905-1031",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "b64fc880-1acf-4ff9-b621-6d507dd1fedf"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-34827"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137881"
          }
        ],
        "trust": 1.8935065
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b64fc880-1acf-4ff9-b621-6d507dd1fedf"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-34827"
          }
        ]
      },
      "last_update_date": "2025-05-01T23:12:49.674000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "SEVD-2019-134-11",
            "trust": 0.8,
            "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/yanissec/CVE-2018-7849 "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2018-7849"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015476"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-755",
            "trust": 1.1
          },
          {
            "problemtype": "Improper handling in exceptional conditions (CWE-755) [NVD evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-20",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-137881"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015476"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7849"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7849"
          },
          {
            "trust": 1.8,
            "url": "https://www.schneider-electric.com/en/download/document/sevd-2019-134-11/"
          },
          {
            "trust": 1.8,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2018-0737"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu92254859/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-01"
          },
          {
            "trust": 0.6,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2018-0737"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/755.html"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/yanissec/cve-2018-7849"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34827"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137881"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-7849"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015476"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-922"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7849"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "b64fc880-1acf-4ff9-b621-6d507dd1fedf"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-34827"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137881"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-7849"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015476"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-922"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7849"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-12T00:00:00",
            "db": "IVD",
            "id": "b64fc880-1acf-4ff9-b621-6d507dd1fedf"
          },
          {
            "date": "2019-10-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-34827"
          },
          {
            "date": "2019-05-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-137881"
          },
          {
            "date": "2019-05-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-7849"
          },
          {
            "date": "2019-06-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-015476"
          },
          {
            "date": "2019-05-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201905-922"
          },
          {
            "date": "2019-05-22T20:29:01.777000",
            "db": "NVD",
            "id": "CVE-2018-7849"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-34827"
          },
          {
            "date": "2020-08-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-137881"
          },
          {
            "date": "2022-02-03T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-7849"
          },
          {
            "date": "2025-04-30T01:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-015476"
          },
          {
            "date": "2022-03-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201905-922"
          },
          {
            "date": "2024-11-21T04:12:52.480000",
            "db": "NVD",
            "id": "CVE-2018-7849"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-922"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural \u00a0Modicon\u00a0 Product Exceptional State Handling Vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015476"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Input validation error",
        "sources": [
          {
            "db": "IVD",
            "id": "b64fc880-1acf-4ff9-b621-6d507dd1fedf"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-922"
          }
        ],
        "trust": 0.8
      }
    }