Vulnerability Description
Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library 1.0.0 and earlier, EM X80 Gateway DTM (MB TCP/SL), Advantys DTM for OTB, Advantys DTM for STB, KINOS DTM, SOLO DTM, and Xantrex DTMs allows remote attackers to execute arbitrary code via unspecified vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Somachine | - |
| Schneider-Electric | Somove | - |
| Schneider-Electric | Somove Lite | - |
| Schneider-Electric | Unity Pro | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/72335
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-009-01
- https://www.cisa.gov/news-events/ics-advisories/icsa-15-027-02
- http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-009-01Vendor Advisory
- http://www.securityfocus.com/bid/72335
- https://ics-cert.us-cert.gov/advisories/ICSA-15-027-02Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2014-9200?
CVE-2014-9200 is a vulnerability with a CVSS score of 7.5 (HIGH). Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen...
How severe is CVE-2014-9200?
CVE-2014-9200 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-9200?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Somachine, Schneider-Electric Somove, Schneider-Electric Somove Lite, Schneider-Electric Unity Pro.