CVE-2014-9188

10.0

CVSS 2.0

Description

Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514. NOTE: this may be clarified later based on details provided by researchers.

Metadata

CVE ID: CVE-2014-9188
State: PUBLISHED
Assigner: icscert
Reserved: 2014-12-02 00:00 UTC
Published: 2014-12-27 15:00 UTC
Last updated: 2025-07-24 22:39 UTC
Primary CWE: CWE-77
CWE-77
Vendor / Product: Schneider Electric / ProClima
Sources: cve.org · NVD

Severity & Metrics

10.0 N/D CVSS 2.0

AV:N/AC:L/Au:N/C:C/I:C/A:C

Affected products (1)

Vendor	Product	Platform	Versions
Schneider Electric	ProClima	—	0 ≤ 6.0.1

Weakness (CWE)

CWE	Source	Description
CWE-77	cna	CWE-77

CVSS scores (1)

Score	Severity	Version	Source	Vector
10.0	N/D	2.0	cna	AV:N/AC:L/Au:N/C:C/I:C/A:C

References (2)

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01
https://www.cisa.gov/news-events/ics-advisories/icsa-14-350-01

Back to overview