CVE-2014-9205

{"id": "CVE-2014-9205", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-03-29T10:59:02.727", "references": [{"url": "http://www.promotic.eu/en/pmdoc/News.htm", "tags": ["Vendor Advisory"], "source": "ics-cert@hq.dhs.gov"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-091/", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-062-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "http://www.promotic.eu/en/pmdoc/News.htm", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-091/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-062-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data."}, {"lang": "es", "value": "Desbordamiento de buffer basado en pila en la funci\u00f3n PmBase64Decode en una aplicaci\u00f3n de demostraci\u00f3n no especificada en MICROSYS PROMOTIC stable anterior a 8.2.19 y PROMOTIC development anterior a 8.3.2 permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante la provisi\u00f3n de una cantidad grande dedatos."}], "lastModified": "2024-11-21T02:20:23.920", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsys:promotic:*:*:*:*:stable:*:*:*", "vulnerable": true, "matchCriteriaId": "DFBDE7CA-2C10-41F0-B3CE-E91BF17E1675", "versionEndIncluding": "8.2.18"}, {"criteria": "cpe:2.3:a:microsys:promotic:*:*:*:*:development:*:*:*", "vulnerable": true, "matchCriteriaId": "E116CC94-63C1-4DD7-A8CA-282CA2A2EF29", "versionEndIncluding": "8.3.1"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}