CVE-2014-9190

EPSS 5.34%
Published 10.01.2015 02:59:33
Last modified 24.07.2025 23:15:25
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

Stack-based buffer overflow in Schneider Electric Wonderware InTouch Access Anywhere Server 10.6 and 11.0 allows remote attackers to execute arbitrary code via a request for a filename that does not exist.

Affected products Warnungen 0 Metrics 3 CWE 2 References 6

Data is provided by the National Vulnerability Database (NVD)

Schneider-electric ≫ Wonderware Intouch Access Anywhere Server Version10.6

Schneider-electric ≫ Wonderware Intouch Access Anywhere Server Version11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	5.34%	0.897

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C
ics-cert@hq.dhs.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

https://ics-cert.us-cert.gov/advisories/ICSA-15-008-02

Third Party Advisory

US Government Resource

https://wdnresource.wonderware.com/support/docs/_SecurityBulletins/Security_Bulletin_LFSEC00000104.pdf

https://www.cisa.gov/news-events/ics-advisories/icsa-15-008-02

https://nvd.nist.gov/vuln/detail/CVE-2014-9190

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-9190

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-9190

EUVD