Search criteria
6 vulnerabilities found for SoMove by Schneider Electric
VAR-201404-0081
Vulnerability from variot - Updated: 2023-12-18 13:14Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. The Modbus Serial driver used by many Schneider Electric products monitors the TCP 27700 port. Successful exploitation of vulnerabilities can execute arbitrary code in the context of an application. Multiple Schneider Electric Products are prone to a remote buffer-overflow vulnerability because it fails to properly validate user-supplied input. Failed exploit attempts will result in a denial-of-service condition. The following products are vulnerable: TwidoSuite 2.31.04 and prior PowerSuite 2.6 and prior SoMove 1.7 and prior SoMachine 2.0, 3.0, 3.1, and 3.0 XS Unity Pro 7.0 and prior UnityLoader 2.3 and prior Concept 2.6 SR7 and prior ModbusCommDTM sl 2.1.2 and prior PL7 4.5 SP5 and prior SFT2841 14, 13.1 and prior OPC Factory Server 3.50 and prior
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201404-0081",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "somachine",
"scope": "eq",
"trust": 2.8,
"vendor": "schneider electric",
"version": "3.0"
},
{
"model": "modbuscommdtm sl",
"scope": "lte",
"trust": 1.8,
"vendor": "schneider electric",
"version": "2.1.2"
},
{
"model": "powersuite",
"scope": "lte",
"trust": 1.8,
"vendor": "schneider electric",
"version": "2.6"
},
{
"model": "somachine",
"scope": "eq",
"trust": 1.8,
"vendor": "schneider electric",
"version": "2.0"
},
{
"model": "somove",
"scope": "lte",
"trust": 1.8,
"vendor": "schneider electric",
"version": "1.7"
},
{
"model": "twidosuite",
"scope": "lte",
"trust": 1.8,
"vendor": "schneider electric",
"version": "2.31.04"
},
{
"model": "unity pro",
"scope": "lte",
"trust": 1.8,
"vendor": "schneider electric",
"version": "7.0"
},
{
"model": "modbus serial driver",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "3.2"
},
{
"model": "opc factory server",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "3.34"
},
{
"model": "opc factory server",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "3.35"
},
{
"model": "modbus serial driver",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "2.2"
},
{
"model": "modbus serial driver",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "1.10"
},
{
"model": "sft2841",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "13.1"
},
{
"model": "sft2841",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "14.0"
},
{
"model": "unityloader",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.3"
},
{
"model": "concept",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.6"
},
{
"model": "pl7",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "4.5"
},
{
"model": "unity pro",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "6.0"
},
{
"model": "opc factory server",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.5.0"
},
{
"model": "somachine",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.1"
},
{
"model": "concept",
"scope": "lte",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2.6 sr7"
},
{
"model": "modbus serial driver",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "1.10 to 3.2"
},
{
"model": "opc factory server",
"scope": "lte",
"trust": 0.8,
"vendor": "schneider electric",
"version": "3.40"
},
{
"model": "pl7",
"scope": "lte",
"trust": 0.8,
"vendor": "schneider electric",
"version": "4.5 sp5"
},
{
"model": "sft2841",
"scope": "lte",
"trust": 0.8,
"vendor": "schneider electric",
"version": "13.1"
},
{
"model": "sft2841",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "14"
},
{
"model": "somachine",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "3.0 xs"
},
{
"model": "somachine",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "3.1"
},
{
"model": "unity loader",
"scope": "lte",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2.3"
},
{
"model": "electric opc factory server",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "3.5"
},
{
"model": "electric tlxcdsuofs33",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "3.5"
},
{
"model": "electric tlxcdstofs33",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "3.5"
},
{
"model": "electric tlxcdluofs33",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "3.5"
},
{
"model": "electric tlxcdlfofs33",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "3.5"
},
{
"model": "opc factory server",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "3.5.0"
},
{
"model": "modbuscommdtm sl",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2.1.2"
},
{
"model": "sft2841",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "14.0"
},
{
"model": "pl7",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "4.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "somachine",
"version": "3.0"
},
{
"model": "electric unity pro",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider",
"version": "6.0"
},
{
"model": "electric unity pro",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider",
"version": "6"
},
{
"model": "electric opc factory server",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider",
"version": "3.34"
},
{
"model": "electric opc factory driver",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider",
"version": "3.34"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "concept",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modbus serial driver",
"version": "1.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modbus serial driver",
"version": "2.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modbus serial driver",
"version": "3.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modbuscommdtm sl",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "opc factory server",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "opc factory server",
"version": "3.34"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "opc factory server",
"version": "3.35"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pl7",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "powersuite",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sft2841",
"version": "13.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sft2841",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "somachine",
"version": "2.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "somachine",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "somove",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "twidosuite",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "unity pro",
"version": "6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "unity pro",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "unityloader",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "1cbd5cbc-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-02043"
},
{
"db": "BID",
"id": "66500"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006276"
},
{
"db": "NVD",
"id": "CVE-2013-0662"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-005"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:concept:*:sr7:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:modbus_serial_driver:1.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:modbus_serial_driver:2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:modbus_serial_driver:3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:modbuscommdtm_sl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.1.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:opc_factory_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:opc_factory_server:3.34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:opc_factory_server:3.35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:pl7:*:sp7:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:powersuite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:sft2841:13.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:sft2841:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:somachine:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:somachine:3.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:somachine:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:somove:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:twidosuite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.31.04",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:unity_pro:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:unity_pro:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:unityloader:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider_electric:somachine:3.0:*:*:*:xs:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0662"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This issue is reported by vendor.",
"sources": [
{
"db": "BID",
"id": "66500"
}
],
"trust": 0.3
},
"cve": "CVE-2013-0662",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2013-0662",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-02043",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "1cbd5cbc-2352-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-60664",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-0662",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-02043",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201404-005",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "1cbd5cbc-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-60664",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "1cbd5cbc-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-02043"
},
{
"db": "VULHUB",
"id": "VHN-60664"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006276"
},
{
"db": "NVD",
"id": "CVE-2013-0662"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-005"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. The Modbus Serial driver used by many Schneider Electric products monitors the TCP 27700 port. Successful exploitation of vulnerabilities can execute arbitrary code in the context of an application. Multiple Schneider Electric Products are prone to a remote buffer-overflow vulnerability because it fails to properly validate user-supplied input. Failed exploit attempts will result in a denial-of-service condition. \nThe following products are vulnerable:\nTwidoSuite 2.31.04 and prior\nPowerSuite 2.6 and prior\nSoMove 1.7 and prior\nSoMachine 2.0, 3.0, 3.1, and 3.0 XS\nUnity Pro 7.0 and prior\nUnityLoader 2.3 and prior\nConcept 2.6 SR7 and prior\nModbusCommDTM sl 2.1.2 and prior\nPL7 4.5 SP5 and prior\nSFT2841 14, 13.1 and prior\nOPC Factory Server 3.50 and prior",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0662"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006276"
},
{
"db": "CNVD",
"id": "CNVD-2014-02043"
},
{
"db": "BID",
"id": "66500"
},
{
"db": "IVD",
"id": "1cbd5cbc-2352-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-60664"
}
],
"trust": 2.7
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-60664",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-60664"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-0662",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-14-086-01",
"trust": 3.1
},
{
"db": "BID",
"id": "66500",
"trust": 2.6
},
{
"db": "EXPLOIT-DB",
"id": "45219",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "45220",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201404-005",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-02043",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-14-086-01A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006276",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "105035",
"trust": 0.6
},
{
"db": "IVD",
"id": "1CBD5CBC-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "149000",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148995",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-60664",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "1cbd5cbc-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-02043"
},
{
"db": "VULHUB",
"id": "VHN-60664"
},
{
"db": "BID",
"id": "66500"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006276"
},
{
"db": "NVD",
"id": "CVE-2013-0662"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-005"
}
]
},
"id": "VAR-201404-0081",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "1cbd5cbc-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-02043"
},
{
"db": "VULHUB",
"id": "VHN-60664"
}
],
"trust": 1.7371212090909092
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "1cbd5cbc-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-02043"
}
]
},
"last_update_date": "2023-12-18T13:14:52.439000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD 2013-070-01",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202013-070-01"
},
{
"title": "Patch for Schneider Electric heap buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/44568"
},
{
"title": "Schneider Electric Modbus Serial Driver Repair measures for stack-based buffer error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=160424"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02043"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006276"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-005"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-60664"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006276"
},
{
"db": "NVD",
"id": "CVE-2013-0662"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-086-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/66500"
},
{
"trust": 1.7,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202013-070-01"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/45219/"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/45220/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0662"
},
{
"trust": 0.8,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-086-01a"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0662"
},
{
"trust": 0.6,
"url": "http://osvdb.com/show/osvdb/105035"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02043"
},
{
"db": "VULHUB",
"id": "VHN-60664"
},
{
"db": "BID",
"id": "66500"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006276"
},
{
"db": "NVD",
"id": "CVE-2013-0662"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-005"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "1cbd5cbc-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-02043"
},
{
"db": "VULHUB",
"id": "VHN-60664"
},
{
"db": "BID",
"id": "66500"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006276"
},
{
"db": "NVD",
"id": "CVE-2013-0662"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-005"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-01T00:00:00",
"db": "IVD",
"id": "1cbd5cbc-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2014-04-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-02043"
},
{
"date": "2014-04-01T00:00:00",
"db": "VULHUB",
"id": "VHN-60664"
},
{
"date": "2014-03-27T00:00:00",
"db": "BID",
"id": "66500"
},
{
"date": "2014-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006276"
},
{
"date": "2014-04-01T06:17:08.240000",
"db": "NVD",
"id": "CVE-2013-0662"
},
{
"date": "2014-04-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-005"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-02043"
},
{
"date": "2018-08-22T00:00:00",
"db": "VULHUB",
"id": "VHN-60664"
},
{
"date": "2015-03-19T09:42:00",
"db": "BID",
"id": "66500"
},
{
"date": "2014-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006276"
},
{
"date": "2022-02-03T13:57:57.017000",
"db": "NVD",
"id": "CVE-2013-0662"
},
{
"date": "2022-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-005"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201404-005"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Heap Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "1cbd5cbc-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-02043"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201404-005"
}
],
"trust": 0.6
}
}
VAR-201803-1846
Vulnerability from variot - Updated: 2023-12-18 12:50A DLL hijacking vulnerability exists in Schneider Electric's SoMove Software and associated DTM software components in all versions prior to 2.6.2 which could allow an attacker to execute arbitrary code. Schneider Electric SoMove Software and DTM A software component contains an unreliable search path vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SoMove software is a practical setup and FM software for users of Schneider inverters. The Altivar Dtm Library is a free library that supports a wide range of DTM devices. Multiple Schneider Electric Products are prone to local arbitrary code-execution vulnerability because it fails to sanitize user-supplied input. A remote attacker can leverage this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial of service condition. The following products are affected: SoMove software versions prior to 2.6.2 ATV320 DTM versions prior to 1.1.6 ATV340 DTM versions prior to 1.2.3 ATV6xx DTM versions prior to 1.8.0 ATV9xx DTM versions prior to 1.3.5 AltivarDtmLibrary versions prior to 12.7.0. are all products of French Schneider Electric (Schneider Electric). ATV320 DTM is a device type manager
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1846",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "atv212 dtm",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "12.7.0"
},
{
"model": "atv31 dtm",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "12.7.0"
},
{
"model": "atv900 dtm",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "1.3.5"
},
{
"model": "atv312 dtm",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "12.7.0"
},
{
"model": "atv32 dtm",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "12.7.0"
},
{
"model": "atv340 dtm",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "1.2.3"
},
{
"model": "atv600 dtm",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "1.8.0"
},
{
"model": "atv lift dtm",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "12.7.0"
},
{
"model": "atv71 dtm",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "12.7.0"
},
{
"model": "atv61 dtm",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "12.7.0"
},
{
"model": "somove",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.6.2"
},
{
"model": "atv320 dtm",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "1.1.6"
},
{
"model": "atv12 dtm",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "12.7.0"
},
{
"model": "atv lift dtm",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "atv12 dtm",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "atv212 dtm",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "atv31 dtm",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "atv312 dtm",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "atv32 dtm",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "atv320 dtm",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "atv340 dtm",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "atv61 dtm",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "atv6xx dtm",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "atv71 dtm",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "atv9xx dtm",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "somove",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric altivar dtm library",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "12.7.0"
},
{
"model": "electric somove software",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "2.6.2"
},
{
"model": "somove",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "1.7"
},
{
"model": "somove software",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "atv9xx dtm",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "atv71 dtm",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "atv6xx dtm",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "atv61 dtm",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "atv340 dtm",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "atv320 dtm",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "atv32 dtm",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "atv31/312 dtm",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "atv212 dtm",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "atv12 dtm",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "atv lift dtm",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "altivardtmlibrary",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "somove software",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2.6.2"
},
{
"model": "atv9xx dtm",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.3.5"
},
{
"model": "atv6xx dtm",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.8"
},
{
"model": "atv340 dtm",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.2.3"
},
{
"model": "atv320 dtm",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.1.6"
},
{
"model": "altivardtmlibrary",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "12.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "atv12 dtm",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "atv212 dtm",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "atv312 dtm",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "atv31 dtm",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "atv320 dtm",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "atv32 dtm",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "atv340 dtm",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "atv600 dtm",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "atv61 dtm",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "atv71 dtm",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "atv900 dtm",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "atv lift dtm",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "somove",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e4d830-39ab-11e9-9905-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-04780"
},
{
"db": "BID",
"id": "103338"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002540"
},
{
"db": "NVD",
"id": "CVE-2018-7239"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-274"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:atv32_dtm:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:atv71_dtm:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:atv61_dtm:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:atv_lift_dtm:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:somove:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.6.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:atv340_dtm:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.2.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:atv900_dtm:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.3.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:atv31_dtm:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:atv212_dtm:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:atv320_dtm:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.1.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:atv600_dtm:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:atv312_dtm:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:atv12_dtm:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.7.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7239"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ADLab of Venustech",
"sources": [
{
"db": "BID",
"id": "103338"
}
],
"trust": 0.3
},
"cve": "CVE-2018-7239",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-7239",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-04780",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "e2e4d830-39ab-11e9-9905-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-137271",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-7239",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-7239",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-04780",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-274",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2e4d830-39ab-11e9-9905-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-137271",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e4d830-39ab-11e9-9905-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-04780"
},
{
"db": "VULHUB",
"id": "VHN-137271"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002540"
},
{
"db": "NVD",
"id": "CVE-2018-7239"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-274"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A DLL hijacking vulnerability exists in Schneider Electric\u0027s SoMove Software and associated DTM software components in all versions prior to 2.6.2 which could allow an attacker to execute arbitrary code. Schneider Electric SoMove Software and DTM A software component contains an unreliable search path vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SoMove software is a practical setup and FM software for users of Schneider inverters. The Altivar Dtm Library is a free library that supports a wide range of DTM devices. Multiple Schneider Electric Products are prone to local arbitrary code-execution vulnerability because it fails to sanitize user-supplied input. \nA remote attacker can leverage this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial of service condition. \nThe following products are affected:\nSoMove software versions prior to 2.6.2\nATV320 DTM versions prior to 1.1.6\nATV340 DTM versions prior to 1.2.3\nATV6xx DTM versions prior to 1.8.0\nATV9xx DTM versions prior to 1.3.5\nAltivarDtmLibrary versions prior to 12.7.0. are all products of French Schneider Electric (Schneider Electric). ATV320 DTM is a device type manager",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7239"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002540"
},
{
"db": "CNVD",
"id": "CNVD-2018-04780"
},
{
"db": "BID",
"id": "103338"
},
{
"db": "IVD",
"id": "e2e4d830-39ab-11e9-9905-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-137271"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7239",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-065-02",
"trust": 2.8
},
{
"db": "BID",
"id": "103338",
"trust": 2.0
},
{
"db": "SCHNEIDER",
"id": "SEVD-2018-060-01",
"trust": 1.7
},
{
"db": "CNVD",
"id": "CNVD-2018-04780",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-274",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002540",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "39055",
"trust": 0.6
},
{
"db": "IVD",
"id": "E2E4D830-39AB-11E9-9905-000C29342CB1",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-99001",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-137271",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2e4d830-39ab-11e9-9905-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-04780"
},
{
"db": "VULHUB",
"id": "VHN-137271"
},
{
"db": "BID",
"id": "103338"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002540"
},
{
"db": "NVD",
"id": "CVE-2018-7239"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-274"
}
]
},
"id": "VAR-201803-1846",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e4d830-39ab-11e9-9905-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-04780"
},
{
"db": "VULHUB",
"id": "VHN-137271"
}
],
"trust": 1.8166666666666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2e4d830-39ab-11e9-9905-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-04780"
}
]
},
"last_update_date": "2023-12-18T12:50:52.257000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2018-060-01",
"trust": 0.8,
"url": "https://download.schneider-electric.com/files?p_endoctype=technical+leaflet\u0026p_file_id=9561606015\u0026p_file_name=sevd-2018-060-01+somove.pdf\u0026p_reference=sevd-2018-060-01"
},
{
"title": "Schneider Electric SoMove software and DTM software DLL hijacking vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/120837"
},
{
"title": "Multiple Schneider Electric Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79002"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04780"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002540"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-274"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-426",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137271"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002540"
},
{
"db": "NVD",
"id": "CVE-2018-7239"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-065-02"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/103338"
},
{
"trust": 1.7,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2018-060-01/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7239"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7239"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/39055"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04780"
},
{
"db": "VULHUB",
"id": "VHN-137271"
},
{
"db": "BID",
"id": "103338"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002540"
},
{
"db": "NVD",
"id": "CVE-2018-7239"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-274"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e4d830-39ab-11e9-9905-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-04780"
},
{
"db": "VULHUB",
"id": "VHN-137271"
},
{
"db": "BID",
"id": "103338"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002540"
},
{
"db": "NVD",
"id": "CVE-2018-7239"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-274"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-09T00:00:00",
"db": "IVD",
"id": "e2e4d830-39ab-11e9-9905-000c29342cb1"
},
{
"date": "2018-03-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-04780"
},
{
"date": "2018-03-09T00:00:00",
"db": "VULHUB",
"id": "VHN-137271"
},
{
"date": "2018-03-06T00:00:00",
"db": "BID",
"id": "103338"
},
{
"date": "2018-04-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002540"
},
{
"date": "2018-03-09T23:29:00.967000",
"db": "NVD",
"id": "CVE-2018-7239"
},
{
"date": "2018-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-274"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-04780"
},
{
"date": "2018-03-26T00:00:00",
"db": "VULHUB",
"id": "VHN-137271"
},
{
"date": "2018-03-06T00:00:00",
"db": "BID",
"id": "103338"
},
{
"date": "2018-04-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002540"
},
{
"date": "2018-03-26T15:22:47.687000",
"db": "NVD",
"id": "CVE-2018-7239"
},
{
"date": "2018-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-274"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-274"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric SoMove software and DTM software DLL Hijacking vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2e4d830-39ab-11e9-9905-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-04780"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-274"
}
],
"trust": 0.6
}
}
VAR-201502-0244
Vulnerability from variot - Updated: 2023-12-18 12:45Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library 1.0.0 and earlier, EM X80 Gateway DTM (MB TCP/SL), Advantys DTM for OTB, Advantys DTM for STB, KINOS DTM, SOLO DTM, and Xantrex DTMs allows remote attackers to execute arbitrary code via unspecified vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric SoMove Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the IsObjectModel.ModelObject.1 ActiveX control in isObjectModel.dll. The control does not check the length of an attacker-supplied string in the RemoveParameter method before copying it into a fixed length buffer on the stack. This allows an attacker to execute arbitrary code in the context of the browser process. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Failed exploit attempts will result in a denial-of-service condition. Schneider Electric Unity Pro, etc. are all products of French Schneider Electric (Schneider Electric). Schneider Electric Unity Pro is a set of development software for testing, debugging and managing applications; SoMachine is a set of original equipment manufacturer (OEM) automation platform integrated with Vijeo-Designer (human machine interface HMI development software); SoMove is a Installation software for motor control equipment
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201502-0244",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "somove",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "unity pro",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "somachine",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "somove lite",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "somove lite",
"scope": null,
"trust": 1.5,
"vendor": "schneider electric",
"version": null
},
{
"model": "somachine",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "somove",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "unity pro",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric unity pro",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric somachine",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric somove lite",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric somove",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modbus communication library",
"scope": "lte",
"trust": 0.6,
"vendor": "schneider",
"version": "\u003c=2.2.6"
},
{
"model": "electric canopen communication library",
"scope": "lte",
"trust": 0.6,
"vendor": "schneider",
"version": "\u003c=1.0.2"
},
{
"model": "electric ethernet/ip communication librar",
"scope": "lte",
"trust": 0.6,
"vendor": "schneider",
"version": "\u003c=1.0.0"
},
{
"model": "electric xantrex dtms",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric solo dtm",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric advantys dtms",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric em gateway dtm",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "x80"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "somachine",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "somove",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "somove lite",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "unity pro",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "a52677d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-040"
},
{
"db": "CNVD",
"id": "CNVD-2015-00775"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007827"
},
{
"db": "NVD",
"id": "CVE-2014-9200"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-005"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:somove_lite:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:somove:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:unity_pro:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:somachine:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9200"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ariele Caltabiano (kimiya)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-040"
},
{
"db": "BID",
"id": "72335"
}
],
"trust": 1.0
},
"cve": "CVE-2014-9200",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-9200",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 1.5,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-00775",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "a52677d8-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-77145",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-9200",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2014-9200",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-00775",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201502-005",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "a52677d8-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-77145",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a52677d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-040"
},
{
"db": "CNVD",
"id": "CNVD-2015-00775"
},
{
"db": "VULHUB",
"id": "VHN-77145"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007827"
},
{
"db": "NVD",
"id": "CVE-2014-9200"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-005"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library 1.0.0 and earlier, EM X80 Gateway DTM (MB TCP/SL), Advantys DTM for OTB, Advantys DTM for STB, KINOS DTM, SOLO DTM, and Xantrex DTMs allows remote attackers to execute arbitrary code via unspecified vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric SoMove Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the IsObjectModel.ModelObject.1 ActiveX control in isObjectModel.dll. The control does not check the length of an attacker-supplied string in the RemoveParameter method before copying it into a fixed length buffer on the stack. This allows an attacker to execute arbitrary code in the context of the browser process. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Failed exploit attempts will result in a denial-of-service condition. Schneider Electric Unity Pro, etc. are all products of French Schneider Electric (Schneider Electric). Schneider Electric Unity Pro is a set of development software for testing, debugging and managing applications; SoMachine is a set of original equipment manufacturer (OEM) automation platform integrated with Vijeo-Designer (human machine interface HMI development software); SoMove is a Installation software for motor control equipment",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9200"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007827"
},
{
"db": "ZDI",
"id": "ZDI-15-040"
},
{
"db": "CNVD",
"id": "CNVD-2015-00775"
},
{
"db": "BID",
"id": "72335"
},
{
"db": "IVD",
"id": "a52677d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-77145"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-9200",
"trust": 4.3
},
{
"db": "ICS CERT",
"id": "ICSA-15-027-02",
"trust": 3.1
},
{
"db": "BID",
"id": "72335",
"trust": 2.0
},
{
"db": "SCHNEIDER",
"id": "SEVD-2015-009-01",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201502-005",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-00775",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007827",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2478",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-15-040",
"trust": 0.7
},
{
"db": "IVD",
"id": "A52677D8-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-77145",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "a52677d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-040"
},
{
"db": "CNVD",
"id": "CNVD-2015-00775"
},
{
"db": "VULHUB",
"id": "VHN-77145"
},
{
"db": "BID",
"id": "72335"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007827"
},
{
"db": "NVD",
"id": "CVE-2014-9200"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-005"
}
]
},
"id": "VAR-201502-0244",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a52677d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00775"
},
{
"db": "VULHUB",
"id": "VHN-77145"
}
],
"trust": 1.84333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "a52677d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00775"
}
]
},
"last_update_date": "2023-12-18T12:45:07.779000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2015-009-01",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd-2015-009-01"
},
{
"title": "Schneider Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-027-02"
},
{
"title": "Patch for multiple Schneider Electric product stack buffer overflow vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/54843"
},
{
"title": "FDT1 DLL Removal Patch",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53580"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-040"
},
{
"db": "CNVD",
"id": "CNVD-2015-00775"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007827"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-005"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77145"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007827"
},
{
"db": "NVD",
"id": "CVE-2014-9200"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-027-02"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/72335"
},
{
"trust": 1.7,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd-2015-009-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9200"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9200"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-040"
},
{
"db": "CNVD",
"id": "CNVD-2015-00775"
},
{
"db": "VULHUB",
"id": "VHN-77145"
},
{
"db": "BID",
"id": "72335"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007827"
},
{
"db": "NVD",
"id": "CVE-2014-9200"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-005"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a52677d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-040"
},
{
"db": "CNVD",
"id": "CNVD-2015-00775"
},
{
"db": "VULHUB",
"id": "VHN-77145"
},
{
"db": "BID",
"id": "72335"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007827"
},
{
"db": "NVD",
"id": "CVE-2014-9200"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-005"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-02T00:00:00",
"db": "IVD",
"id": "a52677d8-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-02-10T00:00:00",
"db": "ZDI",
"id": "ZDI-15-040"
},
{
"date": "2015-01-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00775"
},
{
"date": "2015-02-01T00:00:00",
"db": "VULHUB",
"id": "VHN-77145"
},
{
"date": "2015-01-09T00:00:00",
"db": "BID",
"id": "72335"
},
{
"date": "2015-02-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007827"
},
{
"date": "2015-02-01T15:59:06.197000",
"db": "NVD",
"id": "CVE-2014-9200"
},
{
"date": "2015-02-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-005"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-10T00:00:00",
"db": "ZDI",
"id": "ZDI-15-040"
},
{
"date": "2015-02-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00775"
},
{
"date": "2016-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-77145"
},
{
"date": "2015-07-15T00:14:00",
"db": "BID",
"id": "72335"
},
{
"date": "2015-02-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007827"
},
{
"date": "2016-12-31T02:59:14.593000",
"db": "NVD",
"id": "CVE-2014-9200"
},
{
"date": "2015-02-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-005"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-005"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Schneider Electric Product DTM Unspecified development kit DLL File stack-based buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007827"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "a52677d8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-005"
}
],
"trust": 0.8
}
}
VAR-202008-1036
Vulnerability from variot - Updated: 2023-12-18 12:35Incorrect Default Permission vulnerability exists in SoMove (V2.8.1) and prior which could cause elevation of privilege and provide full access control to local system users to SoMove component and services when a SoMove installer script is launched. SoMove There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. SoMove is a PC-oriented user-friendly setting software for setting up a variety of Schneider Electric motor control equipment.
SoMove 2.8.1 and earlier versions have permission error vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202008-1036",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "somove",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.8.1"
},
{
"model": "somove",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2.8.1"
},
{
"model": "electric somove",
"scope": "lte",
"trust": 0.6,
"vendor": "schneider",
"version": "\u003c=2.8.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-50552"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010518"
},
{
"db": "NVD",
"id": "CVE-2020-7527"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:somove:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.8.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-7527"
}
]
},
"cve": "CVE-2020-7527",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-010518",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-50552",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-185652",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2020-7527",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-010518",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-7527",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-010518",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-50552",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202008-1472",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-185652",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-7527",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-50552"
},
{
"db": "VULHUB",
"id": "VHN-185652"
},
{
"db": "VULMON",
"id": "CVE-2020-7527"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010518"
},
{
"db": "NVD",
"id": "CVE-2020-7527"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1472"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Incorrect Default Permission vulnerability exists in SoMove (V2.8.1) and prior which could cause elevation of privilege and provide full access control to local system users to SoMove component and services when a SoMove installer script is launched. SoMove There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. SoMove is a PC-oriented user-friendly setting software for setting up a variety of Schneider Electric motor control equipment. \n\r\n\r\nSoMove 2.8.1 and earlier versions have permission error vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-7527"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010518"
},
{
"db": "CNVD",
"id": "CNVD-2020-50552"
},
{
"db": "VULHUB",
"id": "VHN-185652"
},
{
"db": "VULMON",
"id": "CVE-2020-7527"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-7527",
"trust": 3.2
},
{
"db": "SCHNEIDER",
"id": "SEVD-2020-224-07",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010518",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-50552",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1472",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-185652",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-7527",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-50552"
},
{
"db": "VULHUB",
"id": "VHN-185652"
},
{
"db": "VULMON",
"id": "CVE-2020-7527"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010518"
},
{
"db": "NVD",
"id": "CVE-2020-7527"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1472"
}
]
},
"id": "VAR-202008-1036",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-50552"
},
{
"db": "VULHUB",
"id": "VHN-185652"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-50552"
}
]
},
"last_update_date": "2023-12-18T12:35:25.944000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2020-224-07",
"trust": 0.8,
"url": "https://www.se.com/ww/en/download/document/sevd-2020-224-07/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-010518"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-276",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-185652"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010518"
},
{
"db": "NVD",
"id": "CVE-2020-7527"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7527"
},
{
"trust": 1.8,
"url": "https://www.se.com/ww/en/download/document/sevd-2020-224-07/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7527"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/276.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-50552"
},
{
"db": "VULHUB",
"id": "VHN-185652"
},
{
"db": "VULMON",
"id": "CVE-2020-7527"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010518"
},
{
"db": "NVD",
"id": "CVE-2020-7527"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1472"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-50552"
},
{
"db": "VULHUB",
"id": "VHN-185652"
},
{
"db": "VULMON",
"id": "CVE-2020-7527"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010518"
},
{
"db": "NVD",
"id": "CVE-2020-7527"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1472"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-50552"
},
{
"date": "2020-08-31T00:00:00",
"db": "VULHUB",
"id": "VHN-185652"
},
{
"date": "2020-08-31T00:00:00",
"db": "VULMON",
"id": "CVE-2020-7527"
},
{
"date": "2021-01-25T09:01:19",
"db": "JVNDB",
"id": "JVNDB-2020-010518"
},
{
"date": "2020-08-31T17:15:12.703000",
"db": "NVD",
"id": "CVE-2020-7527"
},
{
"date": "2020-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-1472"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-50552"
},
{
"date": "2020-09-04T00:00:00",
"db": "VULHUB",
"id": "VHN-185652"
},
{
"date": "2020-09-04T00:00:00",
"db": "VULMON",
"id": "CVE-2020-7527"
},
{
"date": "2021-01-25T09:01:19",
"db": "JVNDB",
"id": "JVNDB-2020-010518"
},
{
"date": "2020-09-04T17:56:41.663000",
"db": "NVD",
"id": "CVE-2020-7527"
},
{
"date": "2021-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-1472"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-1472"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SoMove Vulnerability regarding improper default permissions in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-010518"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-1472"
}
],
"trust": 0.6
}
}
CVE-2014-9200 (GCVE-0-2014-9200)
Vulnerability from cvelistv5 – Published: 2015-02-01 15:00 – Updated: 2025-09-05 21:34
VLAI?
Title
Schneider Electric Device Type Managers (DTMs) Stack-based Buffer Overflow
Summary
Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library 1.0.0 and earlier, EM X80 Gateway DTM (MB TCP/SL), Advantys DTM for OTB, Advantys DTM for STB, KINOS DTM, SOLO DTM, and Xantrex DTMs allows remote attackers to execute arbitrary code via unspecified vectors.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schneider Electric | Unity Pro |
Affected:
all versions
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Ariele Caltabiano (kimiya) with HP’s Zero Day Initiative (ZDI)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:24.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-009-01"
},
{
"name": "72335",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72335"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-027-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Unity Pro",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SoMachine",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SoMove",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SoMove Lite",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Modbus Communication Library",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "Version 2.2.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CANopen Communication Library",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "Version 1.0.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EtherNet/IP Communication Library",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "Version 1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EM X80 Gateway DTM (MB TCP/SL)",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Advantys DTMs (OTB, STB)",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "KINOS DTM",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SOLO DTM",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Xantrex DTM",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ariele Caltabiano (kimiya) with HP\u2019s Zero Day Initiative (ZDI)"
}
],
"datePublic": "2015-01-27T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eStack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library 1.0.0 and earlier, EM X80 Gateway DTM (MB TCP/SL), Advantys DTM for OTB, Advantys DTM for STB, KINOS DTM, SOLO DTM, and Xantrex DTMs allows remote attackers to execute arbitrary code via unspecified vectors.\u003c/p\u003e"
}
],
"value": "Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library 1.0.0 and earlier, EM X80 Gateway DTM (MB TCP/SL), Advantys DTM for OTB, Advantys DTM for STB, KINOS DTM, SOLO DTM, and Xantrex DTMs allows remote attackers to execute arbitrary code via unspecified vectors."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-05T21:34:15.852Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-009-01"
},
{
"name": "72335",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72335"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-027-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSchneider Electric has released a patch that resolves the \nvulnerability by removing the vulnerable DLL. Schneider Electric\u2019s patch\n is available at the follow location:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://download.schneider-electric.com/files?p_Doc_Ref=FDT1\"\u003ehttp://download.schneider-electric.com/files?p_Doc_Ref=FDT1\u003c/a\u003e DLL Removal Kit.\u003c/p\u003e\n\u003cp\u003eSchneider Electric\u2019s security notice SEVD-2015-009-01 is available at the following location:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-009-01\"\u003ehttp://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-009-01\u003c/a\u003e\u003c/p\u003e.\n\n\u003cbr\u003e"
}
],
"value": "Schneider Electric has released a patch that resolves the \nvulnerability by removing the vulnerable DLL. Schneider Electric\u2019s patch\n is available at the follow location:\n\n\n http://download.schneider-electric.com/files?p_Doc_Ref=FDT1 DLL Removal Kit.\n\n\nSchneider Electric\u2019s security notice SEVD-2015-009-01 is available at the following location:\n\n\n http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-009-01 \n\n."
}
],
"source": {
"advisory": "ICSA-15-027-02",
"discovery": "UNKNOWN"
},
"title": "Schneider Electric Device Type Managers (DTMs) Stack-based Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-9200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library 1.0.0 and earlier, EM X80 Gateway DTM (MB TCP/SL), Advantys DTM for OTB, Advantys DTM for STB, KINOS DTM, SOLO DTM, and Xantrex DTMs allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-009-01",
"refsource": "CONFIRM",
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-009-01"
},
{
"name": "72335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72335"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-027-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-027-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-9200",
"datePublished": "2015-02-01T15:00:00",
"dateReserved": "2014-12-02T00:00:00",
"dateUpdated": "2025-09-05T21:34:15.852Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9200 (GCVE-0-2014-9200)
Vulnerability from nvd – Published: 2015-02-01 15:00 – Updated: 2025-09-05 21:34
VLAI?
Title
Schneider Electric Device Type Managers (DTMs) Stack-based Buffer Overflow
Summary
Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library 1.0.0 and earlier, EM X80 Gateway DTM (MB TCP/SL), Advantys DTM for OTB, Advantys DTM for STB, KINOS DTM, SOLO DTM, and Xantrex DTMs allows remote attackers to execute arbitrary code via unspecified vectors.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schneider Electric | Unity Pro |
Affected:
all versions
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Ariele Caltabiano (kimiya) with HP’s Zero Day Initiative (ZDI)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:24.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-009-01"
},
{
"name": "72335",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72335"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-027-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Unity Pro",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SoMachine",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SoMove",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SoMove Lite",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Modbus Communication Library",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "Version 2.2.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CANopen Communication Library",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "Version 1.0.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EtherNet/IP Communication Library",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "Version 1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EM X80 Gateway DTM (MB TCP/SL)",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Advantys DTMs (OTB, STB)",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "KINOS DTM",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SOLO DTM",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Xantrex DTM",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ariele Caltabiano (kimiya) with HP\u2019s Zero Day Initiative (ZDI)"
}
],
"datePublic": "2015-01-27T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eStack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library 1.0.0 and earlier, EM X80 Gateway DTM (MB TCP/SL), Advantys DTM for OTB, Advantys DTM for STB, KINOS DTM, SOLO DTM, and Xantrex DTMs allows remote attackers to execute arbitrary code via unspecified vectors.\u003c/p\u003e"
}
],
"value": "Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library 1.0.0 and earlier, EM X80 Gateway DTM (MB TCP/SL), Advantys DTM for OTB, Advantys DTM for STB, KINOS DTM, SOLO DTM, and Xantrex DTMs allows remote attackers to execute arbitrary code via unspecified vectors."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-05T21:34:15.852Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-009-01"
},
{
"name": "72335",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72335"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-027-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSchneider Electric has released a patch that resolves the \nvulnerability by removing the vulnerable DLL. Schneider Electric\u2019s patch\n is available at the follow location:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://download.schneider-electric.com/files?p_Doc_Ref=FDT1\"\u003ehttp://download.schneider-electric.com/files?p_Doc_Ref=FDT1\u003c/a\u003e DLL Removal Kit.\u003c/p\u003e\n\u003cp\u003eSchneider Electric\u2019s security notice SEVD-2015-009-01 is available at the following location:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-009-01\"\u003ehttp://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-009-01\u003c/a\u003e\u003c/p\u003e.\n\n\u003cbr\u003e"
}
],
"value": "Schneider Electric has released a patch that resolves the \nvulnerability by removing the vulnerable DLL. Schneider Electric\u2019s patch\n is available at the follow location:\n\n\n http://download.schneider-electric.com/files?p_Doc_Ref=FDT1 DLL Removal Kit.\n\n\nSchneider Electric\u2019s security notice SEVD-2015-009-01 is available at the following location:\n\n\n http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-009-01 \n\n."
}
],
"source": {
"advisory": "ICSA-15-027-02",
"discovery": "UNKNOWN"
},
"title": "Schneider Electric Device Type Managers (DTMs) Stack-based Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-9200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library 1.0.0 and earlier, EM X80 Gateway DTM (MB TCP/SL), Advantys DTM for OTB, Advantys DTM for STB, KINOS DTM, SOLO DTM, and Xantrex DTMs allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-009-01",
"refsource": "CONFIRM",
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-009-01"
},
{
"name": "72335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72335"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-027-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-027-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-9200",
"datePublished": "2015-02-01T15:00:00",
"dateReserved": "2014-12-02T00:00:00",
"dateUpdated": "2025-09-05T21:34:15.852Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}