{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Floating License Manager", "vendor": "Schneider Electric", "versions": [ { "lessThanOrEqual": "V1.4.0", "status": "affected", "version": "V1.0.0", "versionType": "custom" } ] } ], "datePublic": "2014-02-27T07:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "
Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.
" } ], "value": "Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character." } ], "metrics": [ { "cvssV2_0": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-428", "description": "CWE-428", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-09-19T18:52:00.207Z" }, "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-058-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-015-01" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Deployment of the Schneider Electric products using the vulnerable \nfloating license manager are designed to be automatically updated via \nthe Schneider Electric Software Update system.
\nSchneider Electric’s latest download patches and known vulnerabilities are available here:
\nhttp://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cybersecurity.page
\n\n