CVE-2014-9205

Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.promotic.eu/en/pmdoc/News.htm	Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-15-091/
https://ics-cert.us-cert.gov/advisories/ICSA-15-062-01	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsys:promotic:::::stable:::*
	cpe:2.3:a:microsys:promotic:::::development:::*

History

No history.

Information

Published : 2015-03-29 10:59

Updated : 2024-02-28 12:20

NVD link : CVE-2014-9205

Mitre link : CVE-2014-9205

CVE.ORG link : CVE-2014-9205

JSON object : View

Products Affected

microsys

promotic

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2014-9205", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-03-29T10:59:02.727", "references": [{"url": "http://www.promotic.eu/en/pmdoc/News.htm", "tags": ["Vendor Advisory"], "source": "ics-cert@hq.dhs.gov"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-091/", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-062-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data."}, {"lang": "es", "value": "Desbordamiento de buffer basado en pila en la funci\u00f3n PmBase64Decode en una aplicaci\u00f3n de demostraci\u00f3n no especificada en MICROSYS PROMOTIC stable anterior a 8.2.19 y PROMOTIC development anterior a 8.3.2 permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante la provisi\u00f3n de una cantidad grande dedatos."}], "lastModified": "2015-03-30T18:46:19.227", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsys:promotic:*:*:*:*:stable:*:*:*", "vulnerable": true, "matchCriteriaId": "DFBDE7CA-2C10-41F0-B3CE-E91BF17E1675", "versionEndIncluding": "8.2.18"}, {"criteria": "cpe:2.3:a:microsys:promotic:*:*:*:*:development:*:*:*", "vulnerable": true, "matchCriteriaId": "E116CC94-63C1-4DD7-A8CA-282CA2A2EF29", "versionEndIncluding": "8.3.1"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}