{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "TLXCDSUOFS33", "vendor": "Schneider Electric", "versions": [ { "status": "affected", "version": "V3.35" } ] }, { "defaultStatus": "unaffected", "product": "TLXCDSTOFS33", "vendor": "Schneider Electric", "versions": [ { "status": "affected", "version": "V3.35" } ] }, { "defaultStatus": "unaffected", "product": "TLXCDLUOFS33", "vendor": "Schneider Electric", "versions": [ { "status": "affected", "version": "V3.35" } ] }, { "defaultStatus": "unaffected", "product": "TLXCDLTOFS33", "vendor": "Schneider Electric", "versions": [ { "status": "affected", "version": "V3.35" } ] }, { "defaultStatus": "unaffected", "product": "TLXCDLFOFS33", "vendor": "Schneider Electric", "versions": [ { "status": "affected", "version": "V3.35" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Schneider Electric" } ], "datePublic": "2014-02-27T07:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "
Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file.
" } ], "value": "Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file." } ], "metrics": [ { "cvssV2_0": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-09-24T21:10:10.144Z" }, "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-058-02" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01" }, { "name": "65871", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/65871" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Schneider Electric has a product upgrade as well as a workaround \nsolution \nthat mitigates this \nvulnerability.
Schneider Electric Security Notification SEVD \n2014-031-01,”Vulnerability Disclosure – OPC Factory Server V3.35,” \nhttp://www.downloads.schneider-electric.com/?p_Conf=&p_localesFilter=&p_docTypeFilter=155589...
\nThe security announcements affecting the OPC Factory Server are available here:
\nhttp://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cybersecurity.page