Vulnerability Description
Stack-based buffer overflow in Schneider Electric Wonderware InTouch Access Anywhere Server 10.6 and 11.0 allows remote attackers to execute arbitrary code via a request for a filename that does not exist.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Wonderware Intouch Access Anywhere Server | 10.6 |
Related Weaknesses (CWE)
References
- https://wdnresource.wonderware.com/support/docs/_SecurityBulletins/Security_Bull
- https://www.cisa.gov/news-events/ics-advisories/icsa-15-008-02
- https://ics-cert.us-cert.gov/advisories/ICSA-15-008-02Third Party AdvisoryUS Government Resource
- https://wdnresource.wonderware.com/support/docs/_SecurityBulletins/Security_Bull
FAQ
What is CVE-2014-9190?
CVE-2014-9190 is a vulnerability with a CVSS score of 10.0 (HIGH). Stack-based buffer overflow in Schneider Electric Wonderware InTouch Access Anywhere Server 10.6 and 11.0 allows remote attackers to execute arbitrary code via a request for a filename that does not e...
How severe is CVE-2014-9190?
CVE-2014-9190 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-9190?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Wonderware Intouch Access Anywhere Server.