Search criteria
3 vulnerabilities found for ofs_test_client_tlxcdluofs33 by schneider-electric
FKIE_CVE-2014-0774
Vulnerability from fkie_nvd - Published: 2014-02-28 06:18 - Updated: 2025-09-24 22:15
Severity ?
Summary
Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:ofs_test_client_tlxcdlfofs33:3.35:*:*:*:*:*:*:*",
"matchCriteriaId": "36AB0685-A0FE-4465-8C9E-7C633AAE0584",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ofs_test_client_tlxcdltofs33:3.35:*:*:*:*:*:*:*",
"matchCriteriaId": "16B1D3C2-7A1B-403F-A2BE-01BAC2C01E74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ofs_test_client_tlxcdluofs33:3.35:*:*:*:*:*:*:*",
"matchCriteriaId": "6B58EF88-D1BC-4858-A3DA-505D72EE46E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ofs_test_client_tlxcdstofs33:3.35:*:*:*:*:*:*:*",
"matchCriteriaId": "06B8043C-3542-4B8F-82BE-E1E8A8E067F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ofs_test_client_tlxcdsuofs33:3.35:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF80DC0-7948-4E95-B090-14CC482B9DE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:opc_factory_server:3.35:*:*:*:*:*:*:*",
"matchCriteriaId": "F8874360-6B9A-40C3-A95F-8FD18F73244D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file."
},
{
"lang": "es",
"value": "Desbordamiento de buffer basado en pila en el cliente C++ de ejemplo en Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35 y TLXCDLFOFS33 - 3.35 permite a usuarios locales ganar privilegios a trav\u00e9s de vectores involucrando un archivo de configuraci\u00f3n malformado."
}
],
"id": "CVE-2014-0774",
"lastModified": "2025-09-24T22:15:34.533",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"userInteractionRequired": true
},
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-02-28T06:18:54.277",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://www.securityfocus.com/bid/65871"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-058-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-058-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/65871"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
CVE-2014-0774 (GCVE-0-2014-0774)
Vulnerability from cvelistv5 – Published: 2014-02-28 02:00 – Updated: 2025-09-24 21:10
VLAI?
Title
Schneider Electric OFS Stack Buffer Overflow
Summary
Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schneider Electric | TLXCDSUOFS33 |
Affected:
V3.35
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Credits
Schneider Electric
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-058-02"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01"
},
{
"name": "65871",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65871"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TLXCDSUOFS33",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "V3.35"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TLXCDSTOFS33",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "V3.35"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TLXCDLUOFS33",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "V3.35"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TLXCDLTOFS33",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "V3.35"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TLXCDLFOFS33",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "V3.35"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Schneider Electric"
}
],
"datePublic": "2014-02-27T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eStack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file.\u003c/p\u003e"
}
],
"value": "Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T21:10:10.144Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-058-02"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01"
},
{
"name": "65871",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65871"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSchneider Electric has a product upgrade as well as a workaround \nsolution \nthat mitigates this \nvulnerability.\u0026nbsp;\u003c/p\u003e\u003cp\u003eSchneider Electric Security Notification SEVD \n2014-031-01,\u201dVulnerability Disclosure \u2013 OPC Factory Server V3.35,\u201d \n\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.downloads.schneider-electric.com/?p_Conf=\u0026amp;p_localesFilter=\u0026amp;p_docTypeFilter=1555899,\u0026amp;p_docTypeGroupFilter=3541958\"\u003ehttp://www.downloads.schneider-electric.com/?p_Conf=\u0026amp;p_localesFilter=\u0026amp;p_docTypeFilter=155589...\u003c/a\u003e\u0026nbsp; \u0026nbsp;\u003c/p\u003e\n\u003cdiv\u003e\n\u003cp\u003eThe security announcements affecting the OPC Factory Server are available here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cybersecurity.page\"\u003ehttp://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cybersecurity.page\u003c/a\u003e\u003c/p\u003e\u003c/div\u003eSchneider\n Electric recommends customers to upgrade to OFS v3.4 or later (Version \nv3.5 is currently available). Customers that cannot upgrade are directed\n to remove the demonstration client from affected computers, provided it\n is not required for operations.\n\n\u003cbr\u003e"
}
],
"value": "Schneider Electric has a product upgrade as well as a workaround \nsolution \nthat mitigates this \nvulnerability.\u00a0\n\nSchneider Electric Security Notification SEVD \n2014-031-01,\u201dVulnerability Disclosure \u2013 OPC Factory Server V3.35,\u201d \n http://www.downloads.schneider-electric.com/?p_Conf=\u0026p_localesFilter=\u0026p_docTypeFilter=155589... http://www.downloads.schneider-electric.com/ \u00a0 \u00a0\n\n\n\nThe security announcements affecting the OPC Factory Server are available here:\n\n\n http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cybersecurity.page \n\n\n\nSchneider\n Electric recommends customers to upgrade to OFS v3.4 or later (Version \nv3.5 is currently available). Customers that cannot upgrade are directed\n to remove the demonstration client from affected computers, provided it\n is not required for operations."
}
],
"source": {
"advisory": "ICSA-14-058-02",
"discovery": "INTERNAL"
},
"title": "Schneider Electric OFS Stack Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-0774",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-058-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-058-02"
},
{
"name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01",
"refsource": "CONFIRM",
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01"
},
{
"name": "65871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65871"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-0774",
"datePublished": "2014-02-28T02:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2025-09-24T21:10:10.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0774 (GCVE-0-2014-0774)
Vulnerability from nvd – Published: 2014-02-28 02:00 – Updated: 2025-09-24 21:10
VLAI?
Title
Schneider Electric OFS Stack Buffer Overflow
Summary
Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schneider Electric | TLXCDSUOFS33 |
Affected:
V3.35
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Credits
Schneider Electric
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-058-02"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01"
},
{
"name": "65871",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65871"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TLXCDSUOFS33",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "V3.35"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TLXCDSTOFS33",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "V3.35"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TLXCDLUOFS33",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "V3.35"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TLXCDLTOFS33",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "V3.35"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TLXCDLFOFS33",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "V3.35"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Schneider Electric"
}
],
"datePublic": "2014-02-27T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eStack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file.\u003c/p\u003e"
}
],
"value": "Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T21:10:10.144Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-058-02"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01"
},
{
"name": "65871",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65871"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSchneider Electric has a product upgrade as well as a workaround \nsolution \nthat mitigates this \nvulnerability.\u0026nbsp;\u003c/p\u003e\u003cp\u003eSchneider Electric Security Notification SEVD \n2014-031-01,\u201dVulnerability Disclosure \u2013 OPC Factory Server V3.35,\u201d \n\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.downloads.schneider-electric.com/?p_Conf=\u0026amp;p_localesFilter=\u0026amp;p_docTypeFilter=1555899,\u0026amp;p_docTypeGroupFilter=3541958\"\u003ehttp://www.downloads.schneider-electric.com/?p_Conf=\u0026amp;p_localesFilter=\u0026amp;p_docTypeFilter=155589...\u003c/a\u003e\u0026nbsp; \u0026nbsp;\u003c/p\u003e\n\u003cdiv\u003e\n\u003cp\u003eThe security announcements affecting the OPC Factory Server are available here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cybersecurity.page\"\u003ehttp://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cybersecurity.page\u003c/a\u003e\u003c/p\u003e\u003c/div\u003eSchneider\n Electric recommends customers to upgrade to OFS v3.4 or later (Version \nv3.5 is currently available). Customers that cannot upgrade are directed\n to remove the demonstration client from affected computers, provided it\n is not required for operations.\n\n\u003cbr\u003e"
}
],
"value": "Schneider Electric has a product upgrade as well as a workaround \nsolution \nthat mitigates this \nvulnerability.\u00a0\n\nSchneider Electric Security Notification SEVD \n2014-031-01,\u201dVulnerability Disclosure \u2013 OPC Factory Server V3.35,\u201d \n http://www.downloads.schneider-electric.com/?p_Conf=\u0026p_localesFilter=\u0026p_docTypeFilter=155589... http://www.downloads.schneider-electric.com/ \u00a0 \u00a0\n\n\n\nThe security announcements affecting the OPC Factory Server are available here:\n\n\n http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cybersecurity.page \n\n\n\nSchneider\n Electric recommends customers to upgrade to OFS v3.4 or later (Version \nv3.5 is currently available). Customers that cannot upgrade are directed\n to remove the demonstration client from affected computers, provided it\n is not required for operations."
}
],
"source": {
"advisory": "ICSA-14-058-02",
"discovery": "INTERNAL"
},
"title": "Schneider Electric OFS Stack Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-0774",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-058-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-058-02"
},
{
"name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01",
"refsource": "CONFIRM",
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01"
},
{
"name": "65871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65871"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-0774",
"datePublished": "2014-02-28T02:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2025-09-24T21:10:10.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}