CVE-2014-9190

10.0

CVSS 2.0

Description

Stack-based buffer overflow in Schneider Electric Wonderware InTouch Access Anywhere Server 10.6 and 11.0 allows remote attackers to execute arbitrary code via a request for a filename that does not exist.

Metadata

CVE ID: CVE-2014-9190
State: PUBLISHED
Assigner: icscert
Reserved: 2014-12-02 00:00 UTC
Published: 2015-01-10 02:00 UTC
Last updated: 2025-07-24 22:42 UTC
Primary CWE: CWE-121
CWE-121
Vendor / Product: Schneider Electric / InTouch Access Anywhere Server
Sources: cve.org · NVD

Severity & Metrics

10.0 N/D CVSS 2.0

AV:N/AC:L/Au:N/C:C/I:C/A:C

Affected products (1)

Vendor	Product	Platform	Versions
Schneider Electric	InTouch Access Anywhere Server	—	10.6, 11.0

Weakness (CWE)

CWE	Source	Description
CWE-121	cna	CWE-121

CVSS scores (1)

Score	Severity	Version	Source	Vector
10.0	N/D	2.0	cna	AV:N/AC:L/Au:N/C:C/I:C/A:C

References (2)

https://wdnresource.wonderware.com/support/docs/_SecurityBulletins/Security_Bulletin_LFSEC00000104.pdf
https://www.cisa.gov/news-events/ics-advisories/icsa-15-008-02

Back to overview