CVE-2014-0759

EPSS 0.06%
Veröffentlicht 28.02.2014 06:18:54
Zuletzt bearbeitet 29.04.2026 01:13:23
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

Schneider Electric Floating License Manager Unquoted Search Path or Element

Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Schneider-electric ≫ Floating License Manager Version1.0.0

Schneider-electric ≫ Floating License Manager Version1.4.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.172

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.9	3.4	10	AV:L/AC:M/Au:N/C:C/I:C/A:C
ics-cert@hq.dhs.gov	6.9	3.4	10	AV:L/AC:M/Au:N/C:C/I:C/A:C

CWE-428 Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-015-01

Vendor Advisory

http://ics-cert.us-cert.gov/advisories/ICSA-14-058-01

US Government Resource

https://www.cisa.gov/news-events/ics-advisories/icsa-14-058-01

https://nvd.nist.gov/vuln/detail/CVE-2014-0759

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-0759

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-0759

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2014-0759