Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| schneider-electric | somachine | 3.0 |
| schneider-electric | sft2841 | 13.1 |
| schneider-electric | opc_factory_server | 3.34 |
| schneider_electric | somachine | 3.0 |
| schneider-electric | opc_factory_server | 3.35 |
| schneider-electric | somachine | 2.0 |
| schneider-electric | opc_factory_server | * |
| schneider-electric | powersuite | * |
| schneider-electric | concept | * |
| schneider-electric | sft2841 | * |
| schneider-electric | somove | * |
| schneider-electric | modbus_serial_driver | 2.2 |
| schneider-electric | pl7 | * |
| schneider-electric | modbus_serial_driver | 1.10 |
| schneider-electric | modbuscommdtm_sl | * |
| schneider-electric | modbus_serial_driver | 3.2 |
| schneider-electric | twidosuite | * |
| schneider-electric | unity_pro | * |
| schneider-electric | somachine | * |
| schneider-electric | unity_pro | 6.0 |
| schneider-electric | unityloader | * |
Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8511. NOTE: this may be clarified later based on details provided by researchers.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| schneider_electric | proclima | * |
Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8514 and CVE-2014-9188. NOTE: this may be clarified later based on details provided by researchers.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| schneider_electric | proclima | * |
Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-9188. NOTE: this may be clarified later based on details provided by researchers.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| schneider_electric | proclima | * |
Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514. NOTE: this may be clarified later based on details provided by researchers.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-77,CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| schneider_electric | proclima | * |
An issue was discovered in Schneider Electric homeLYnk Controller, LSS100100, all versions prior to V1.5.0. The homeLYnk controller is susceptible to a cross-site scripting attack. User inputs can be manipulated to cause execution of JavaScript code.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| schneider_electric | homelynk_controller_lss100100_firmware | 1.3.0 |