CVE-2014-9190
Severity CVSS v4.0:
Pending analysis
Type:
CWE-121
Stack-based Buffer Overflow
Publication date:
10/01/2015
Last modified:
24/07/2025
Description
Stack-based buffer overflow in Schneider Electric Wonderware InTouch Access Anywhere Server 10.6 and 11.0 allows remote attackers to execute arbitrary code via a request for a filename that does not exist.
Impact
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:schneider-electric:wonderware_intouch_access_anywhere_server:10.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:schneider-electric:wonderware_intouch_access_anywhere_server:11.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://wdnresource.wonderware.com/support/docs/_SecurityBulletins/Security_Bulletin_LFSEC00000104.pdf
- https://www.cisa.gov/news-events/ics-advisories/icsa-15-008-02
- https://ics-cert.us-cert.gov/advisories/ICSA-15-008-02
- https://wdnresource.wonderware.com/support/docs/_SecurityBulletins/Security_Bulletin_LFSEC00000104.pdf