CVE-2014-0759

Published: Feb 28, 2014Modified: May 28, 2026

5.9

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Exploitability: 2.5 / Impact: 3.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.

Affected (2)

Products: Schneider Electric: Floating License Manager

Schneider Electric

1 product

Floating License Manager

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Schneider Electric Floating License Manager	Version 1.0.0
Schneider Electric Floating License Manager	Version 1.4.0

Related CWEs

Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

References (4)

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-015-01

Source: ics-cert@hq.dhs.gov

Vendor Advisory

https://www.cisa.gov/news-events/ics-advisories/icsa-14-058-01

Source: ics-cert@hq.dhs.gov

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-015-01

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://ics-cert.us-cert.gov/advisories/ICSA-14-058-01

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

Timeline

No history available yet.