CVE-2014-0759
5.9 MEDIUMUnquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain ...
Published: 2014-02-28 · Last updated: 2026-05-28
Severity and scoring
- CVSS
- 5.9 MEDIUM
- Vector
- CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
- CWE
- CWE-428
Affected products
| Vendor | Product |
|---|---|
| schneider-electric | floating_license_manager |
Description
Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2014-0759
- [Vendor advisory]http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-015-01
- [Other]https://www.cisa.gov/news-events/ics-advisories/icsa-14-058-01
- [Vendor advisory]http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-015-01
- [Other]http://ics-cert.us-cert.gov/advisories/ICSA-14-058-01
Related CVEs
Same vendor
- CVE-2026-6332 — CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that could cause the disclosure of a sensitive information whic... (7.5 HIGH)
- CVE-2022-0715 — A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a... (9.1 CRITICAL)
- CVE-2021-22788 — A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP re... (7.5 HIGH)
- CVE-2021-22787 — A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specia... (7.5 HIGH)
- CVE-2021-22785 — A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to... (7.5 HIGH)
Same CWE
- CVE-2021-47974 — VX Search 13.5.28 contains an unquoted service path vulnerability in both VX Search Server and VX Search Enterprise services that allows ... (7.8 HIGH)
- CVE-2020-37247 — Kite 4.2.0.1 U1 contains an unquoted service path vulnerability in the KiteService Windows service that allows local attackers to escalat... (7.8 HIGH)
- CVE-2020-37232 — Advanced System Care Service 13.0.0.157 contains an unquoted service path vulnerability in the AdvancedSystemCareService13 service binary... (7.8 HIGH)
- CVE-2020-37231 — Privacy Drive 3.17.0 contains an unquoted service path vulnerability in the pdsvc.exe service binary that allows local attackers to escal... (7.8 HIGH)
- CVE-2020-37230 — Syncplify.me Server (7.8 HIGH)