Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
13 vulnerabilities by ProClima
VAR-201512-0224
Vulnerability from variot - Updated: 2023-12-18 12:51The F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted integer value to the (1) AttachToSS, (2) CopyAll, (3) CopyRange, (4) CopyRangeEx, or (5) SwapTable method, a different vulnerability than CVE-2015-7918. (1) AttachToSS The method (2) CopyAll The method (3) CopyRange The method (4) CopyRangeEx The method (5) SwapTable The method. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the implementation of the CopyAll method of the F1BookView ActiveX control. The method accepts an integer value and interprets it as the address of a structure in memory. An attacker can leverage this vulnerability to achieve code execution under the context of the process. Schneider Electric ProClima is the thermal calculation software of Schneider Electric, France. Failed exploit attempts will likely result in denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0224",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "proclima",
"scope": null,
"trust": 2.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "proclima",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "6.1"
},
{
"model": "proclima",
"scope": "eq",
"trust": 0.9,
"vendor": "schneider electric",
"version": "6.1"
},
{
"model": "proclima",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "6.2"
},
{
"model": "electric proclima",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "6.2"
},
{
"model": "proclima",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "6.0"
},
{
"model": "proclima",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "6.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "proclima",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "694110a2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-629"
},
{
"db": "ZDI",
"id": "ZDI-15-626"
},
{
"db": "ZDI",
"id": "ZDI-15-628"
},
{
"db": "ZDI",
"id": "ZDI-15-627"
},
{
"db": "CNVD",
"id": "CNVD-2015-08395"
},
{
"db": "BID",
"id": "79802"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006425"
},
{
"db": "NVD",
"id": "CVE-2015-8561"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-442"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:proclima:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8561"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ariele Caltabiano (kimiya)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-629"
},
{
"db": "ZDI",
"id": "ZDI-15-628"
},
{
"db": "ZDI",
"id": "ZDI-15-627"
}
],
"trust": 2.1
},
"cve": "CVE-2015-8561",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-8561",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 3.6,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-08395",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "694110a2-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-86522",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "ZDI",
"id": "CVE-2015-8561",
"trust": 2.8,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-8561",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-08395",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201512-442",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "694110a2-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-86522",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "694110a2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-629"
},
{
"db": "ZDI",
"id": "ZDI-15-626"
},
{
"db": "ZDI",
"id": "ZDI-15-628"
},
{
"db": "ZDI",
"id": "ZDI-15-627"
},
{
"db": "CNVD",
"id": "CNVD-2015-08395"
},
{
"db": "VULHUB",
"id": "VHN-86522"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006425"
},
{
"db": "NVD",
"id": "CVE-2015-8561"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-442"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted integer value to the (1) AttachToSS, (2) CopyAll, (3) CopyRange, (4) CopyRangeEx, or (5) SwapTable method, a different vulnerability than CVE-2015-7918. (1) AttachToSS The method (2) CopyAll The method (3) CopyRange The method (4) CopyRangeEx The method (5) SwapTable The method. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the implementation of the CopyAll method of the F1BookView ActiveX control. The method accepts an integer value and interprets it as the address of a structure in memory. An attacker can leverage this vulnerability to achieve code execution under the context of the process. Schneider Electric ProClima is the thermal calculation software of Schneider Electric, France. Failed exploit attempts will likely result in denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8561"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006425"
},
{
"db": "ZDI",
"id": "ZDI-15-629"
},
{
"db": "ZDI",
"id": "ZDI-15-626"
},
{
"db": "ZDI",
"id": "ZDI-15-628"
},
{
"db": "ZDI",
"id": "ZDI-15-627"
},
{
"db": "CNVD",
"id": "CNVD-2015-08395"
},
{
"db": "BID",
"id": "79802"
},
{
"db": "IVD",
"id": "694110a2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-86522"
}
],
"trust": 5.22
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-8561",
"trust": 6.4
},
{
"db": "ZDI",
"id": "ZDI-15-628",
"trust": 3.3
},
{
"db": "ZDI",
"id": "ZDI-15-629",
"trust": 2.7
},
{
"db": "ZDI",
"id": "ZDI-15-626",
"trust": 2.7
},
{
"db": "ICS CERT",
"id": "ICSA-15-335-02",
"trust": 2.5
},
{
"db": "ZDI",
"id": "ZDI-15-627",
"trust": 2.4
},
{
"db": "SCHNEIDER",
"id": "SEVD-2015-329-01",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201512-442",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-08395",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006425",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3054",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3056",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3053",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3055",
"trust": 0.7
},
{
"db": "BID",
"id": "79802",
"trust": 0.4
},
{
"db": "IVD",
"id": "694110A2-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-86522",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "694110a2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-629"
},
{
"db": "ZDI",
"id": "ZDI-15-626"
},
{
"db": "ZDI",
"id": "ZDI-15-628"
},
{
"db": "ZDI",
"id": "ZDI-15-627"
},
{
"db": "CNVD",
"id": "CNVD-2015-08395"
},
{
"db": "VULHUB",
"id": "VHN-86522"
},
{
"db": "BID",
"id": "79802"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006425"
},
{
"db": "NVD",
"id": "CVE-2015-8561"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-442"
}
]
},
"id": "VAR-201512-0224",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "694110a2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-08395"
},
{
"db": "VULHUB",
"id": "VHN-86522"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "694110a2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-08395"
}
]
},
"last_update_date": "2023-12-18T12:51:37.968000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Schneider Electric has issued an update to correct this vulnerability.",
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-335-02"
},
{
"title": "SEVD-2015-329-01",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd-2015-329-01"
},
{
"title": "Schneider Electric ProClima denial of service vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/68764"
},
{
"title": "Schneider Electric ProClima F1 Bookview Buffer Overflow Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=59231"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-629"
},
{
"db": "ZDI",
"id": "ZDI-15-626"
},
{
"db": "ZDI",
"id": "ZDI-15-628"
},
{
"db": "ZDI",
"id": "ZDI-15-627"
},
{
"db": "CNVD",
"id": "CNVD-2015-08395"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006425"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-442"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86522"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006425"
},
{
"db": "NVD",
"id": "CVE-2015-8561"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 5.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-335-02"
},
{
"trust": 2.6,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-628"
},
{
"trust": 2.0,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd-2015-329-01"
},
{
"trust": 2.0,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-626"
},
{
"trust": 2.0,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-629"
},
{
"trust": 1.7,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-627"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8561"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8561"
},
{
"trust": 0.6,
"url": "http://support.microsoft.com/kb/240797"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/en/product-range-download/2560-proclima"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-629"
},
{
"db": "ZDI",
"id": "ZDI-15-626"
},
{
"db": "ZDI",
"id": "ZDI-15-628"
},
{
"db": "ZDI",
"id": "ZDI-15-627"
},
{
"db": "CNVD",
"id": "CNVD-2015-08395"
},
{
"db": "VULHUB",
"id": "VHN-86522"
},
{
"db": "BID",
"id": "79802"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006425"
},
{
"db": "NVD",
"id": "CVE-2015-8561"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-442"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "694110a2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-629"
},
{
"db": "ZDI",
"id": "ZDI-15-626"
},
{
"db": "ZDI",
"id": "ZDI-15-628"
},
{
"db": "ZDI",
"id": "ZDI-15-627"
},
{
"db": "CNVD",
"id": "CNVD-2015-08395"
},
{
"db": "VULHUB",
"id": "VHN-86522"
},
{
"db": "BID",
"id": "79802"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006425"
},
{
"db": "NVD",
"id": "CVE-2015-8561"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-442"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-22T00:00:00",
"db": "IVD",
"id": "694110a2-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-12-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-629"
},
{
"date": "2015-12-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-626"
},
{
"date": "2015-12-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-628"
},
{
"date": "2015-12-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-627"
},
{
"date": "2015-12-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-08395"
},
{
"date": "2015-12-15T00:00:00",
"db": "VULHUB",
"id": "VHN-86522"
},
{
"date": "2015-11-25T00:00:00",
"db": "BID",
"id": "79802"
},
{
"date": "2015-12-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006425"
},
{
"date": "2015-12-15T05:59:09.797000",
"db": "NVD",
"id": "CVE-2015-8561"
},
{
"date": "2015-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-442"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-629"
},
{
"date": "2015-12-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-626"
},
{
"date": "2015-12-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-628"
},
{
"date": "2015-12-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-627"
},
{
"date": "2015-12-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-08395"
},
{
"date": "2015-12-16T00:00:00",
"db": "VULHUB",
"id": "VHN-86522"
},
{
"date": "2015-11-25T00:00:00",
"db": "BID",
"id": "79802"
},
{
"date": "2015-12-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006425"
},
{
"date": "2015-12-16T13:22:28.820000",
"db": "NVD",
"id": "CVE-2015-8561"
},
{
"date": "2015-12-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-442"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-442"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric ProClima Denial of service vulnerability",
"sources": [
{
"db": "IVD",
"id": "694110a2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-08395"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "694110a2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-442"
}
],
"trust": 0.8
}
}
VAR-201512-0015
Vulnerability from variot - Updated: 2023-12-18 12:51Multiple buffer overflows in the F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allow remote attackers to execute arbitrary code via the (1) Attach, (2) DefinedName, (3) DefinedNameLocal, (4) ODBCPrepareEx, (5) ObjCreatePolygon, (6) SetTabbedTextEx, or (7) SetValidationRule method, a different vulnerability than CVE-2015-8561. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the implementation of the DefinedName method. Memory corruption occurs when a long user-supplied name is supplied. Later in processing, the code jumps to an address outside of normal flow. An attacker may be able to leverage this flaw to execute code under the context of the process. A buffer overrun occurs when a long string is passed by the user to the method. Schneider Electric ProClima is a thermal calculation software from Schneider Electric, France. Failed exploit attempts will likely cause a denial-of-service condition. The affected ActiveX control is identified by CLSID: 3D6F2DBA-F4E5-40A6-8725-E99BC96CC23A
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0015",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "proclima",
"scope": null,
"trust": 4.9,
"vendor": "schneider electric",
"version": null
},
{
"model": "proclima",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "6.1"
},
{
"model": "proclima",
"scope": "eq",
"trust": 0.9,
"vendor": "schneider electric",
"version": "6.1"
},
{
"model": "proclima",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "6.2"
},
{
"model": "electric proclima",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "6.1"
},
{
"model": "proclima",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "6.0.1"
},
{
"model": "proclima",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "6.0"
},
{
"model": "proclima",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "6.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "proclima",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "6d683610-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-635"
},
{
"db": "ZDI",
"id": "ZDI-15-634"
},
{
"db": "ZDI",
"id": "ZDI-15-632"
},
{
"db": "ZDI",
"id": "ZDI-15-630"
},
{
"db": "ZDI",
"id": "ZDI-15-625"
},
{
"db": "ZDI",
"id": "ZDI-15-633"
},
{
"db": "ZDI",
"id": "ZDI-15-631"
},
{
"db": "CNVD",
"id": "CNVD-2015-07899"
},
{
"db": "BID",
"id": "78421"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006424"
},
{
"db": "NVD",
"id": "CVE-2015-7918"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-005"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:proclima:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7918"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fritz Sands - HP Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-635"
},
{
"db": "ZDI",
"id": "ZDI-15-634"
},
{
"db": "ZDI",
"id": "ZDI-15-632"
},
{
"db": "ZDI",
"id": "ZDI-15-630"
},
{
"db": "ZDI",
"id": "ZDI-15-625"
},
{
"db": "ZDI",
"id": "ZDI-15-633"
},
{
"db": "ZDI",
"id": "ZDI-15-631"
}
],
"trust": 4.9
},
"cve": "CVE-2015-7918",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-7918",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 5.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2015-07899",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "6d683610-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-85879",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "ZDI",
"id": "CVE-2015-7918",
"trust": 4.9,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-7918",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-07899",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201512-005",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "6d683610-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-85879",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "6d683610-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-635"
},
{
"db": "ZDI",
"id": "ZDI-15-634"
},
{
"db": "ZDI",
"id": "ZDI-15-632"
},
{
"db": "ZDI",
"id": "ZDI-15-630"
},
{
"db": "ZDI",
"id": "ZDI-15-625"
},
{
"db": "ZDI",
"id": "ZDI-15-633"
},
{
"db": "ZDI",
"id": "ZDI-15-631"
},
{
"db": "CNVD",
"id": "CNVD-2015-07899"
},
{
"db": "VULHUB",
"id": "VHN-85879"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006424"
},
{
"db": "NVD",
"id": "CVE-2015-7918"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-005"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple buffer overflows in the F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allow remote attackers to execute arbitrary code via the (1) Attach, (2) DefinedName, (3) DefinedNameLocal, (4) ODBCPrepareEx, (5) ObjCreatePolygon, (6) SetTabbedTextEx, or (7) SetValidationRule method, a different vulnerability than CVE-2015-8561. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the implementation of the DefinedName method. Memory corruption occurs when a long user-supplied name is supplied. Later in processing, the code jumps to an address outside of normal flow. An attacker may be able to leverage this flaw to execute code under the context of the process. A buffer overrun occurs when a long string is passed by the user to the method. Schneider Electric ProClima is a thermal calculation software from Schneider Electric, France. Failed exploit attempts will likely cause a denial-of-service condition. \nThe affected ActiveX control is identified by CLSID: 3D6F2DBA-F4E5-40A6-8725-E99BC96CC23A",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7918"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006424"
},
{
"db": "ZDI",
"id": "ZDI-15-635"
},
{
"db": "ZDI",
"id": "ZDI-15-634"
},
{
"db": "ZDI",
"id": "ZDI-15-632"
},
{
"db": "ZDI",
"id": "ZDI-15-630"
},
{
"db": "ZDI",
"id": "ZDI-15-625"
},
{
"db": "ZDI",
"id": "ZDI-15-633"
},
{
"db": "ZDI",
"id": "ZDI-15-631"
},
{
"db": "CNVD",
"id": "CNVD-2015-07899"
},
{
"db": "BID",
"id": "78421"
},
{
"db": "IVD",
"id": "6d683610-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-85879"
}
],
"trust": 7.11
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7918",
"trust": 8.5
},
{
"db": "ICS CERT",
"id": "ICSA-15-335-02",
"trust": 3.1
},
{
"db": "ZDI",
"id": "ZDI-15-635",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-15-634",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-15-632",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-15-630",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-15-625",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-15-633",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-15-631",
"trust": 2.4
},
{
"db": "SCHNEIDER",
"id": "SEVD-2015-329-01",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201512-005",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-07899",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006424",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3095",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3093",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3078",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3076",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3094",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3092",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3077",
"trust": 0.7
},
{
"db": "BID",
"id": "78421",
"trust": 0.4
},
{
"db": "ZDI",
"id": "ZDI-15-626",
"trust": 0.3
},
{
"db": "ZDI",
"id": "ZDI-15-628",
"trust": 0.3
},
{
"db": "IVD",
"id": "6D683610-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-85879",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "6d683610-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-635"
},
{
"db": "ZDI",
"id": "ZDI-15-634"
},
{
"db": "ZDI",
"id": "ZDI-15-632"
},
{
"db": "ZDI",
"id": "ZDI-15-630"
},
{
"db": "ZDI",
"id": "ZDI-15-625"
},
{
"db": "ZDI",
"id": "ZDI-15-633"
},
{
"db": "ZDI",
"id": "ZDI-15-631"
},
{
"db": "CNVD",
"id": "CNVD-2015-07899"
},
{
"db": "VULHUB",
"id": "VHN-85879"
},
{
"db": "BID",
"id": "78421"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006424"
},
{
"db": "NVD",
"id": "CVE-2015-7918"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-005"
}
]
},
"id": "VAR-201512-0015",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "6d683610-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07899"
},
{
"db": "VULHUB",
"id": "VHN-85879"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "6d683610-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07899"
}
]
},
"last_update_date": "2023-12-18T12:51:37.899000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Schneider Electric has issued an update to correct this vulnerability.",
"trust": 4.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-335-02"
},
{
"title": "SEVD-2015-329-01",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd-2015-329-01"
},
{
"title": "Schneider Electric ProClima ActiveX Control code injection vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/67570"
},
{
"title": "Schneider Electric ProClima F1BookView ActiveX Fixes for Control Buffer Overflow Vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=58873"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-635"
},
{
"db": "ZDI",
"id": "ZDI-15-634"
},
{
"db": "ZDI",
"id": "ZDI-15-632"
},
{
"db": "ZDI",
"id": "ZDI-15-630"
},
{
"db": "ZDI",
"id": "ZDI-15-625"
},
{
"db": "ZDI",
"id": "ZDI-15-633"
},
{
"db": "ZDI",
"id": "ZDI-15-631"
},
{
"db": "CNVD",
"id": "CNVD-2015-07899"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006424"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-005"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85879"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006424"
},
{
"db": "NVD",
"id": "CVE-2015-7918"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 8.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-335-02"
},
{
"trust": 1.7,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd-2015-329-01"
},
{
"trust": 1.7,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-625"
},
{
"trust": 1.7,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-630"
},
{
"trust": 1.7,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-631"
},
{
"trust": 1.7,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-632"
},
{
"trust": 1.7,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-633"
},
{
"trust": 1.7,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-634"
},
{
"trust": 1.7,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-635"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7918"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7918"
},
{
"trust": 0.3,
"url": "http://support.microsoft.com/kb/240797"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/en/product-range-download/2560-proclima"
},
{
"trust": 0.3,
"url": " http://www.zerodayinitiative.com/advisories/zdi-15-626"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-628"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-635"
},
{
"db": "ZDI",
"id": "ZDI-15-634"
},
{
"db": "ZDI",
"id": "ZDI-15-632"
},
{
"db": "ZDI",
"id": "ZDI-15-630"
},
{
"db": "ZDI",
"id": "ZDI-15-625"
},
{
"db": "ZDI",
"id": "ZDI-15-633"
},
{
"db": "ZDI",
"id": "ZDI-15-631"
},
{
"db": "CNVD",
"id": "CNVD-2015-07899"
},
{
"db": "VULHUB",
"id": "VHN-85879"
},
{
"db": "BID",
"id": "78421"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006424"
},
{
"db": "NVD",
"id": "CVE-2015-7918"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-005"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "6d683610-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-635"
},
{
"db": "ZDI",
"id": "ZDI-15-634"
},
{
"db": "ZDI",
"id": "ZDI-15-632"
},
{
"db": "ZDI",
"id": "ZDI-15-630"
},
{
"db": "ZDI",
"id": "ZDI-15-625"
},
{
"db": "ZDI",
"id": "ZDI-15-633"
},
{
"db": "ZDI",
"id": "ZDI-15-631"
},
{
"db": "CNVD",
"id": "CNVD-2015-07899"
},
{
"db": "VULHUB",
"id": "VHN-85879"
},
{
"db": "BID",
"id": "78421"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006424"
},
{
"db": "NVD",
"id": "CVE-2015-7918"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-005"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-03T00:00:00",
"db": "IVD",
"id": "6d683610-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-12-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-635"
},
{
"date": "2015-12-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-634"
},
{
"date": "2015-12-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-632"
},
{
"date": "2015-12-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-630"
},
{
"date": "2015-12-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-625"
},
{
"date": "2015-12-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-633"
},
{
"date": "2015-12-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-631"
},
{
"date": "2015-12-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07899"
},
{
"date": "2015-12-15T00:00:00",
"db": "VULHUB",
"id": "VHN-85879"
},
{
"date": "2015-12-01T00:00:00",
"db": "BID",
"id": "78421"
},
{
"date": "2015-12-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006424"
},
{
"date": "2015-12-15T05:59:08.857000",
"db": "NVD",
"id": "CVE-2015-7918"
},
{
"date": "2015-12-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-005"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-635"
},
{
"date": "2015-12-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-634"
},
{
"date": "2015-12-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-632"
},
{
"date": "2015-12-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-630"
},
{
"date": "2015-12-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-625"
},
{
"date": "2015-12-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-633"
},
{
"date": "2015-12-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-631"
},
{
"date": "2015-12-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07899"
},
{
"date": "2015-12-16T00:00:00",
"db": "VULHUB",
"id": "VHN-85879"
},
{
"date": "2015-12-01T00:00:00",
"db": "BID",
"id": "78421"
},
{
"date": "2015-12-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006424"
},
{
"date": "2015-12-16T13:21:54.250000",
"db": "NVD",
"id": "CVE-2015-7918"
},
{
"date": "2015-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-005"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-005"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric ProClima ActiveX Control Code injection vulnerability",
"sources": [
{
"db": "IVD",
"id": "6d683610-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07899"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "6d683610-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-005"
}
],
"trust": 0.8
}
}
VAR-201412-0558
Vulnerability from variot - Updated: 2023-12-18 12:30Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8511. NOTE: this may be clarified later based on details provided by researchers. This vulnerability CVE-2014-8511 Is a different vulnerability. The details of this issue may become clear in the future based on information provided by researchers.A third party may execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the ATX45.ATX45Ctrl.1 ActiveX control in Atx45.ocx. The control does not check the length of an attacker-supplied string in the SetBodyAttribute method before copying it into a fixed length buffer on the heap. This allows an attacker to execute arbitrary code in the context of the browser process. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Failed exploit attempts will likely result in denial-of-service conditions. ProClima 6.0.1 and prior are vulnerable. Schneider Electric ProClima is a set of thermal calculation software from Schneider Electric, France
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201412-0558",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "proclima",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "6.0.1"
},
{
"model": "proclima",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "6.1.7"
},
{
"model": "proclima",
"scope": null,
"trust": 0.7,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric proclima",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "6.0.1"
},
{
"model": "proclima",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "6.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "proclima",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "ae2f226c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-004"
},
{
"db": "CNVD",
"id": "CNVD-2014-09024"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007421"
},
{
"db": "NVD",
"id": "CVE-2014-8512"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-570"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider_electric:proclima:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8512"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Brian Gorenc - HP Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-004"
}
],
"trust": 0.7
},
"cve": "CVE-2014-8512",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-8512",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 1.5,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-09024",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "ae2f226c-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-76457",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-8512",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2014-8512",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-09024",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201412-570",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "ae2f226c-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-76457",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ae2f226c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-004"
},
{
"db": "CNVD",
"id": "CNVD-2014-09024"
},
{
"db": "VULHUB",
"id": "VHN-76457"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007421"
},
{
"db": "NVD",
"id": "CVE-2014-8512"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-570"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8511. NOTE: this may be clarified later based on details provided by researchers. This vulnerability CVE-2014-8511 Is a different vulnerability. The details of this issue may become clear in the future based on information provided by researchers.A third party may execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the ATX45.ATX45Ctrl.1 ActiveX control in Atx45.ocx. The control does not check the length of an attacker-supplied string in the SetBodyAttribute method before copying it into a fixed length buffer on the heap. This allows an attacker to execute arbitrary code in the context of the browser process. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Failed exploit attempts will likely result in denial-of-service conditions. \nProClima 6.0.1 and prior are vulnerable. Schneider Electric ProClima is a set of thermal calculation software from Schneider Electric, France",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8512"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007421"
},
{
"db": "ZDI",
"id": "ZDI-15-004"
},
{
"db": "CNVD",
"id": "CNVD-2014-09024"
},
{
"db": "BID",
"id": "71711"
},
{
"db": "IVD",
"id": "ae2f226c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-76457"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-8512",
"trust": 4.3
},
{
"db": "ICS CERT",
"id": "ICSA-14-350-01",
"trust": 2.5
},
{
"db": "BID",
"id": "71711",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201412-570",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-09024",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007421",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2479",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-15-004",
"trust": 0.7
},
{
"db": "IVD",
"id": "AE2F226C-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-76457",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "ae2f226c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-004"
},
{
"db": "CNVD",
"id": "CNVD-2014-09024"
},
{
"db": "VULHUB",
"id": "VHN-76457"
},
{
"db": "BID",
"id": "71711"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007421"
},
{
"db": "NVD",
"id": "CVE-2014-8512"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-570"
}
]
},
"id": "VAR-201412-0558",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "ae2f226c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-09024"
},
{
"db": "VULHUB",
"id": "VHN-76457"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "ae2f226c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-09024"
}
]
},
"last_update_date": "2023-12-18T12:30:29.069000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ProClima Software Vulnerability Disclosure",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-344-01"
},
{
"title": "Schneider Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-350-01"
},
{
"title": "Patch for Schneider Electric ProClima Remote Buffer Overflow Vulnerability (CNVD-2014-09024)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/52959"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-004"
},
{
"db": "CNVD",
"id": "CNVD-2014-09024"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007421"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76457"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007421"
},
{
"db": "NVD",
"id": "CVE-2014-8512"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-350-01"
},
{
"trust": 1.7,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-344-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8512"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8512"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/71711"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-004"
},
{
"db": "CNVD",
"id": "CNVD-2014-09024"
},
{
"db": "VULHUB",
"id": "VHN-76457"
},
{
"db": "BID",
"id": "71711"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007421"
},
{
"db": "NVD",
"id": "CVE-2014-8512"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-570"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "ae2f226c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-004"
},
{
"db": "CNVD",
"id": "CNVD-2014-09024"
},
{
"db": "VULHUB",
"id": "VHN-76457"
},
{
"db": "BID",
"id": "71711"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007421"
},
{
"db": "NVD",
"id": "CVE-2014-8512"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-570"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-19T00:00:00",
"db": "IVD",
"id": "ae2f226c-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-01-07T00:00:00",
"db": "ZDI",
"id": "ZDI-15-004"
},
{
"date": "2014-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-09024"
},
{
"date": "2014-12-27T00:00:00",
"db": "VULHUB",
"id": "VHN-76457"
},
{
"date": "2014-12-10T00:00:00",
"db": "BID",
"id": "71711"
},
{
"date": "2015-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007421"
},
{
"date": "2014-12-27T15:59:01.857000",
"db": "NVD",
"id": "CVE-2014-8512"
},
{
"date": "2014-12-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-570"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-07T00:00:00",
"db": "ZDI",
"id": "ZDI-15-004"
},
{
"date": "2014-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-09024"
},
{
"date": "2014-12-29T00:00:00",
"db": "VULHUB",
"id": "VHN-76457"
},
{
"date": "2015-01-12T00:02:00",
"db": "BID",
"id": "71711"
},
{
"date": "2015-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007421"
},
{
"date": "2014-12-29T23:11:59.473000",
"db": "NVD",
"id": "CVE-2014-8512"
},
{
"date": "2015-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-570"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-570"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric ProClima of Atx45.ocx of ActiveX Control buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007421"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "ae2f226c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-570"
}
],
"trust": 0.8
}
}
VAR-201412-0560
Vulnerability from variot - Updated: 2023-12-18 12:30Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-9188. NOTE: this may be clarified later based on details provided by researchers. This vulnerability CVE-2014-8513 and CVE-2014-9188 Is a different vulnerability. The details of this issue may become clear in the future based on information provided by researchers.A third party may execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the MetaDraw ActiveX control's ObjLinks property. This property can be assigned an attacker-supplied memory address and the control will redirect execution flow to this given memory address. An attacker can exploit this condition to achieve code execution under the context of the browser process. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Failed exploit attempts will likely result in denial-of-service conditions. ProClima 6.0.1 and prior are vulnerable. Schneider Electric ProClima is a set of thermal calculation software from Schneider Electric, France
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201412-0560",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "proclima",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "6.0.1"
},
{
"model": "proclima",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "6.1.7"
},
{
"model": "proclima",
"scope": null,
"trust": 0.7,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric proclima",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "6.0.1"
},
{
"model": "proclima",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "6.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "proclima",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "ae33c182-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-002"
},
{
"db": "CNVD",
"id": "CNVD-2014-09025"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007423"
},
{
"db": "NVD",
"id": "CVE-2014-8514"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-572"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider_electric:proclima:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8514"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ariele Caltabiano (kimiya)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-002"
}
],
"trust": 0.7
},
"cve": "CVE-2014-8514",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-8514",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 1.5,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-09025",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "ae33c182-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-76459",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-8514",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2014-8514",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-09025",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201412-572",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "ae33c182-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-76459",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ae33c182-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-002"
},
{
"db": "CNVD",
"id": "CNVD-2014-09025"
},
{
"db": "VULHUB",
"id": "VHN-76459"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007423"
},
{
"db": "NVD",
"id": "CVE-2014-8514"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-572"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-9188. NOTE: this may be clarified later based on details provided by researchers. This vulnerability CVE-2014-8513 and CVE-2014-9188 Is a different vulnerability. The details of this issue may become clear in the future based on information provided by researchers.A third party may execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the MetaDraw ActiveX control\u0027s ObjLinks property. This property can be assigned an attacker-supplied memory address and the control will redirect execution flow to this given memory address. An attacker can exploit this condition to achieve code execution under the context of the browser process. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Failed exploit attempts will likely result in denial-of-service conditions. \nProClima 6.0.1 and prior are vulnerable. Schneider Electric ProClima is a set of thermal calculation software from Schneider Electric, France",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8514"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007423"
},
{
"db": "ZDI",
"id": "ZDI-15-002"
},
{
"db": "CNVD",
"id": "CNVD-2014-09025"
},
{
"db": "BID",
"id": "71710"
},
{
"db": "IVD",
"id": "ae33c182-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-76459"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-8514",
"trust": 4.3
},
{
"db": "ICS CERT",
"id": "ICSA-14-350-01",
"trust": 2.8
},
{
"db": "BID",
"id": "71710",
"trust": 2.0
},
{
"db": "ZDI",
"id": "ZDI-15-002",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201412-572",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-09025",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007423",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2483",
"trust": 0.7
},
{
"db": "IVD",
"id": "AE33C182-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-76459",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "ae33c182-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-002"
},
{
"db": "CNVD",
"id": "CNVD-2014-09025"
},
{
"db": "VULHUB",
"id": "VHN-76459"
},
{
"db": "BID",
"id": "71710"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007423"
},
{
"db": "NVD",
"id": "CVE-2014-8514"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-572"
}
]
},
"id": "VAR-201412-0560",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "ae33c182-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-09025"
},
{
"db": "VULHUB",
"id": "VHN-76459"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "ae33c182-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-09025"
}
]
},
"last_update_date": "2023-12-18T12:30:29.027000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ProClima Software Vulnerability Disclosure",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-344-01"
},
{
"title": "Schneider Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-350-01"
},
{
"title": "Patch for Schneider Electric ProClima Remote Buffer Overflow Vulnerability (CNVD-2014-09025)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/52958"
},
{
"title": "ProClima_v6.1.8_setup",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53033"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-002"
},
{
"db": "CNVD",
"id": "CNVD-2014-09025"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007423"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-572"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76459"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007423"
},
{
"db": "NVD",
"id": "CVE-2014-8514"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-350-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/71710"
},
{
"trust": 1.7,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-344-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8514"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8514"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/products/ww/en/5100-software/5110-electrical-design-software/2560-proclima/"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
},
{
"trust": 0.3,
"url": "http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cyber-security-vulnerabilities-sorted.page"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-002/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-002"
},
{
"db": "CNVD",
"id": "CNVD-2014-09025"
},
{
"db": "VULHUB",
"id": "VHN-76459"
},
{
"db": "BID",
"id": "71710"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007423"
},
{
"db": "NVD",
"id": "CVE-2014-8514"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-572"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "ae33c182-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-002"
},
{
"db": "CNVD",
"id": "CNVD-2014-09025"
},
{
"db": "VULHUB",
"id": "VHN-76459"
},
{
"db": "BID",
"id": "71710"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007423"
},
{
"db": "NVD",
"id": "CVE-2014-8514"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-572"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-19T00:00:00",
"db": "IVD",
"id": "ae33c182-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-01-07T00:00:00",
"db": "ZDI",
"id": "ZDI-15-002"
},
{
"date": "2014-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-09025"
},
{
"date": "2014-12-27T00:00:00",
"db": "VULHUB",
"id": "VHN-76459"
},
{
"date": "2014-12-10T00:00:00",
"db": "BID",
"id": "71710"
},
{
"date": "2015-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007423"
},
{
"date": "2014-12-27T15:59:03.823000",
"db": "NVD",
"id": "CVE-2014-8514"
},
{
"date": "2014-12-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-572"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-07T00:00:00",
"db": "ZDI",
"id": "ZDI-15-002"
},
{
"date": "2014-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-09025"
},
{
"date": "2016-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-76459"
},
{
"date": "2015-07-15T00:14:00",
"db": "BID",
"id": "71710"
},
{
"date": "2015-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007423"
},
{
"date": "2016-12-31T02:59:14.200000",
"db": "NVD",
"id": "CVE-2014-8514"
},
{
"date": "2015-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-572"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-572"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric ProClima of MDraw30.ocx of ActiveX Control buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007423"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "ae33c182-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-572"
}
],
"trust": 0.8
}
}
VAR-201412-0559
Vulnerability from variot - Updated: 2023-12-18 12:30Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8514 and CVE-2014-9188. NOTE: this may be clarified later based on details provided by researchers. This vulnerability CVE-2014-8514 and CVE-2014-9188 Is a different vulnerability. The details of this issue may become clear in the future based on information provided by researchers.A third party may execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the MetaDraw ActiveX control's ObjectOverlappedBy method. The control dereferences an attacker-supplied memory address and redirects execution flow to the resulting address. An attacker can exploit this condition to achieve code execution under the context of the browser process. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Failed exploit attempts will likely result in denial-of-service conditions. ProClima 6.0.1 and prior are vulnerable. Schneider Electric ProClima is a set of thermal calculation software from Schneider Electric, France
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201412-0559",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "proclima",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "6.0.1"
},
{
"model": "proclima",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "6.1.7"
},
{
"model": "proclima",
"scope": null,
"trust": 0.7,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric proclima",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "6.0.1"
},
{
"model": "proclima",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "6.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "proclima",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "ae319f92-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-001"
},
{
"db": "CNVD",
"id": "CNVD-2014-09017"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007422"
},
{
"db": "NVD",
"id": "CVE-2014-8513"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-571"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider_electric:proclima:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8513"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrea Micalizzi (rgod)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-001"
}
],
"trust": 0.7
},
"cve": "CVE-2014-8513",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-8513",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 1.5,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-09017",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "ae319f92-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-76458",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-8513",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2014-8513",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-09017",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201412-571",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "ae319f92-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-76458",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ae319f92-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-001"
},
{
"db": "CNVD",
"id": "CNVD-2014-09017"
},
{
"db": "VULHUB",
"id": "VHN-76458"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007422"
},
{
"db": "NVD",
"id": "CVE-2014-8513"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-571"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8514 and CVE-2014-9188. NOTE: this may be clarified later based on details provided by researchers. This vulnerability CVE-2014-8514 and CVE-2014-9188 Is a different vulnerability. The details of this issue may become clear in the future based on information provided by researchers.A third party may execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the MetaDraw ActiveX control\u0027s ObjectOverlappedBy method. The control dereferences an attacker-supplied memory address and redirects execution flow to the resulting address. An attacker can exploit this condition to achieve code execution under the context of the browser process. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Failed exploit attempts will likely result in denial-of-service conditions. \nProClima 6.0.1 and prior are vulnerable. Schneider Electric ProClima is a set of thermal calculation software from Schneider Electric, France",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8513"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007422"
},
{
"db": "ZDI",
"id": "ZDI-15-001"
},
{
"db": "CNVD",
"id": "CNVD-2014-09017"
},
{
"db": "BID",
"id": "71707"
},
{
"db": "IVD",
"id": "ae319f92-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-76458"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-8513",
"trust": 4.3
},
{
"db": "ICS CERT",
"id": "ICSA-14-350-01",
"trust": 2.5
},
{
"db": "BID",
"id": "71707",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201412-571",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-09017",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007422",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2480",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-15-001",
"trust": 0.7
},
{
"db": "IVD",
"id": "AE319F92-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-76458",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "ae319f92-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-001"
},
{
"db": "CNVD",
"id": "CNVD-2014-09017"
},
{
"db": "VULHUB",
"id": "VHN-76458"
},
{
"db": "BID",
"id": "71707"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007422"
},
{
"db": "NVD",
"id": "CVE-2014-8513"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-571"
}
]
},
"id": "VAR-201412-0559",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "ae319f92-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-09017"
},
{
"db": "VULHUB",
"id": "VHN-76458"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "ae319f92-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-09017"
}
]
},
"last_update_date": "2023-12-18T12:30:28.986000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ProClima Software Vulnerability Disclosure",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-344-01"
},
{
"title": "Schneider Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-350-01"
},
{
"title": "Patch for Schneider Electric ProClima Remote Buffer Overflow Vulnerability (CNVD-2014-09017)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/52954"
},
{
"title": "ProClima_v6.1.8_setup",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53033"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-001"
},
{
"db": "CNVD",
"id": "CNVD-2014-09017"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007422"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-571"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76458"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007422"
},
{
"db": "NVD",
"id": "CVE-2014-8513"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-350-01"
},
{
"trust": 1.7,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-344-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8513"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8513"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/71707"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-001"
},
{
"db": "CNVD",
"id": "CNVD-2014-09017"
},
{
"db": "VULHUB",
"id": "VHN-76458"
},
{
"db": "BID",
"id": "71707"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007422"
},
{
"db": "NVD",
"id": "CVE-2014-8513"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-571"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "ae319f92-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-001"
},
{
"db": "CNVD",
"id": "CNVD-2014-09017"
},
{
"db": "VULHUB",
"id": "VHN-76458"
},
{
"db": "BID",
"id": "71707"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007422"
},
{
"db": "NVD",
"id": "CVE-2014-8513"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-571"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-19T00:00:00",
"db": "IVD",
"id": "ae319f92-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-01-07T00:00:00",
"db": "ZDI",
"id": "ZDI-15-001"
},
{
"date": "2014-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-09017"
},
{
"date": "2014-12-27T00:00:00",
"db": "VULHUB",
"id": "VHN-76458"
},
{
"date": "2014-12-10T00:00:00",
"db": "BID",
"id": "71707"
},
{
"date": "2015-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007422"
},
{
"date": "2014-12-27T15:59:02.777000",
"db": "NVD",
"id": "CVE-2014-8513"
},
{
"date": "2014-12-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-571"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-07T00:00:00",
"db": "ZDI",
"id": "ZDI-15-001"
},
{
"date": "2014-12-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-09017"
},
{
"date": "2014-12-29T00:00:00",
"db": "VULHUB",
"id": "VHN-76458"
},
{
"date": "2015-01-12T01:02:00",
"db": "BID",
"id": "71707"
},
{
"date": "2015-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007422"
},
{
"date": "2014-12-29T23:12:32.693000",
"db": "NVD",
"id": "CVE-2014-8513"
},
{
"date": "2015-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-571"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-571"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric ProClima of MDraw30.ocx of ActiveX Control buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007422"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "ae319f92-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-571"
}
],
"trust": 0.8
}
}
VAR-201412-0411
Vulnerability from variot - Updated: 2023-12-18 12:30Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514. NOTE: this may be clarified later based on details provided by researchers. This vulnerability CVE-2014-8513 and CVE-2014-8514 Is a different vulnerability. The details of this issue may become clear in the future based on information provided by researchers.A third party may execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the MetaDraw ActiveX control's ArrangeObjects method. The control dereferences an attacker-supplied memory address and redirects execution flow to the resulting address. An attacker can exploit this condition to achieve code execution under the context of the browser process. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Failed exploit attempts will likely result in denial-of-service conditions. ProClima 6.0.1 and prior are vulnerable. Schneider Electric ProClima is a set of thermal calculation software from Schneider Electric, France
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201412-0411",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "proclima",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "6.0.1"
},
{
"model": "proclima",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "6.1.7"
},
{
"model": "proclima",
"scope": null,
"trust": 0.7,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric proclima",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "6.0.1"
},
{
"model": "proclima",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "6.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "proclima",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "ae18d5ca-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-005"
},
{
"db": "CNVD",
"id": "CNVD-2014-09022"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007424"
},
{
"db": "NVD",
"id": "CVE-2014-9188"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-573"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider_electric:proclima:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9188"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrea Micalizzi (rgod)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-005"
}
],
"trust": 0.7
},
"cve": "CVE-2014-9188",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2014-9188",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-9188",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-09022",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "ae18d5ca-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-77133",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-9188",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2014-9188",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-09022",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201412-573",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "ae18d5ca-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-77133",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2014-9188",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ae18d5ca-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-005"
},
{
"db": "CNVD",
"id": "CNVD-2014-09022"
},
{
"db": "VULHUB",
"id": "VHN-77133"
},
{
"db": "VULMON",
"id": "CVE-2014-9188"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007424"
},
{
"db": "NVD",
"id": "CVE-2014-9188"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-573"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514. NOTE: this may be clarified later based on details provided by researchers. This vulnerability CVE-2014-8513 and CVE-2014-8514 Is a different vulnerability. The details of this issue may become clear in the future based on information provided by researchers.A third party may execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the MetaDraw ActiveX control\u0027s ArrangeObjects method. The control dereferences an attacker-supplied memory address and redirects execution flow to the resulting address. An attacker can exploit this condition to achieve code execution under the context of the browser process. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Failed exploit attempts will likely result in denial-of-service conditions. \nProClima 6.0.1 and prior are vulnerable. Schneider Electric ProClima is a set of thermal calculation software from Schneider Electric, France",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9188"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007424"
},
{
"db": "ZDI",
"id": "ZDI-15-005"
},
{
"db": "CNVD",
"id": "CNVD-2014-09022"
},
{
"db": "BID",
"id": "71713"
},
{
"db": "IVD",
"id": "ae18d5ca-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-77133"
},
{
"db": "VULMON",
"id": "CVE-2014-9188"
}
],
"trust": 3.42
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-9188",
"trust": 4.4
},
{
"db": "ICS CERT",
"id": "ICSA-14-350-01",
"trust": 2.6
},
{
"db": "BID",
"id": "71713",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201412-573",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-09022",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007424",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2524",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-15-005",
"trust": 0.7
},
{
"db": "IVD",
"id": "AE18D5CA-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-77133",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-9188",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "ae18d5ca-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-005"
},
{
"db": "CNVD",
"id": "CNVD-2014-09022"
},
{
"db": "VULHUB",
"id": "VHN-77133"
},
{
"db": "VULMON",
"id": "CVE-2014-9188"
},
{
"db": "BID",
"id": "71713"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007424"
},
{
"db": "NVD",
"id": "CVE-2014-9188"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-573"
}
]
},
"id": "VAR-201412-0411",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "ae18d5ca-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-09022"
},
{
"db": "VULHUB",
"id": "VHN-77133"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "ae18d5ca-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-09022"
}
]
},
"last_update_date": "2023-12-18T12:30:28.941000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ProClima Software Vulnerability Disclosure",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-344-01"
},
{
"title": "Schneider Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-350-01"
},
{
"title": "Patch for Schneider Electric ProClima Remote Buffer Overflow Vulnerability (CNVD-2014-09022)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/52961"
},
{
"title": "ProClima_v6.1.8_setup",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53033"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-005"
},
{
"db": "CNVD",
"id": "CNVD-2014-09022"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007424"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-573"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77133"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007424"
},
{
"db": "NVD",
"id": "CVE-2014-9188"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-350-01"
},
{
"trust": 1.8,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-344-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9188"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9188"
},
{
"trust": 0.7,
"url": "http://www.securityfocus.com/bid/71713"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=36781"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-005"
},
{
"db": "CNVD",
"id": "CNVD-2014-09022"
},
{
"db": "VULHUB",
"id": "VHN-77133"
},
{
"db": "VULMON",
"id": "CVE-2014-9188"
},
{
"db": "BID",
"id": "71713"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007424"
},
{
"db": "NVD",
"id": "CVE-2014-9188"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-573"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "ae18d5ca-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-005"
},
{
"db": "CNVD",
"id": "CNVD-2014-09022"
},
{
"db": "VULHUB",
"id": "VHN-77133"
},
{
"db": "VULMON",
"id": "CVE-2014-9188"
},
{
"db": "BID",
"id": "71713"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007424"
},
{
"db": "NVD",
"id": "CVE-2014-9188"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-573"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-19T00:00:00",
"db": "IVD",
"id": "ae18d5ca-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-01-07T00:00:00",
"db": "ZDI",
"id": "ZDI-15-005"
},
{
"date": "2014-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-09022"
},
{
"date": "2014-12-27T00:00:00",
"db": "VULHUB",
"id": "VHN-77133"
},
{
"date": "2014-12-27T00:00:00",
"db": "VULMON",
"id": "CVE-2014-9188"
},
{
"date": "2014-12-10T00:00:00",
"db": "BID",
"id": "71713"
},
{
"date": "2015-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007424"
},
{
"date": "2014-12-27T15:59:04.887000",
"db": "NVD",
"id": "CVE-2014-9188"
},
{
"date": "2014-12-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-573"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-07T00:00:00",
"db": "ZDI",
"id": "ZDI-15-005"
},
{
"date": "2014-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-09022"
},
{
"date": "2014-12-29T00:00:00",
"db": "VULHUB",
"id": "VHN-77133"
},
{
"date": "2014-12-29T00:00:00",
"db": "VULMON",
"id": "CVE-2014-9188"
},
{
"date": "2015-01-12T00:02:00",
"db": "BID",
"id": "71713"
},
{
"date": "2015-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007424"
},
{
"date": "2014-12-29T23:15:03.177000",
"db": "NVD",
"id": "CVE-2014-9188"
},
{
"date": "2015-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-573"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-573"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric ProClima of MDraw30.ocx of ActiveX Control buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007424"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "ae18d5ca-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-573"
}
],
"trust": 0.8
}
}
VAR-201412-0557
Vulnerability from variot - Updated: 2023-12-18 12:30Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8512. NOTE: this may be clarified later based on details provided by researchers. This vulnerability CVE-2014-8512 Is a different vulnerability. The details of this issue may become clear in the future based on information provided by researchers.A third party may execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the ATX45.ATX45Ctrl.1 ActiveX control in Atx45.ocx. The control does not check the length of an attacker-supplied string in the SetHtmlFileName method before copying it into a fixed length buffer on the heap. This allows an attacker to execute arbitrary code in the context of the browser process. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Failed exploit attempts will likely result in denial-of-service conditions. ProClima 6.0.1 and prior are vulnerable. Schneider Electric ProClima is a set of thermal calculation software from Schneider Electric, France
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201412-0557",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "proclima",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "6.0.1"
},
{
"model": "proclima",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "6.1.7"
},
{
"model": "proclima",
"scope": null,
"trust": 0.7,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric proclima",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "6.0.1"
},
{
"model": "proclima",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "6.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "proclima",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "ae2d23fe-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-003"
},
{
"db": "CNVD",
"id": "CNVD-2014-09023"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007420"
},
{
"db": "NVD",
"id": "CVE-2014-8511"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-569"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:proclima:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8511"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ariele Caltabiano (kimiya)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-003"
}
],
"trust": 0.7
},
"cve": "CVE-2014-8511",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2014-8511",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-8511",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-09023",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "ae2d23fe-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-76456",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-8511",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2014-8511",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-09023",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201412-569",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "ae2d23fe-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-76456",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ae2d23fe-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-003"
},
{
"db": "CNVD",
"id": "CNVD-2014-09023"
},
{
"db": "VULHUB",
"id": "VHN-76456"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007420"
},
{
"db": "NVD",
"id": "CVE-2014-8511"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-569"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8512. NOTE: this may be clarified later based on details provided by researchers. This vulnerability CVE-2014-8512 Is a different vulnerability. The details of this issue may become clear in the future based on information provided by researchers.A third party may execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the ATX45.ATX45Ctrl.1 ActiveX control in Atx45.ocx. The control does not check the length of an attacker-supplied string in the SetHtmlFileName method before copying it into a fixed length buffer on the heap. This allows an attacker to execute arbitrary code in the context of the browser process. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Failed exploit attempts will likely result in denial-of-service conditions. \nProClima 6.0.1 and prior are vulnerable. Schneider Electric ProClima is a set of thermal calculation software from Schneider Electric, France",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8511"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007420"
},
{
"db": "ZDI",
"id": "ZDI-15-003"
},
{
"db": "CNVD",
"id": "CNVD-2014-09023"
},
{
"db": "BID",
"id": "71712"
},
{
"db": "IVD",
"id": "ae2d23fe-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-76456"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-8511",
"trust": 4.3
},
{
"db": "ICS CERT",
"id": "ICSA-14-350-01",
"trust": 2.5
},
{
"db": "BID",
"id": "71712",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201412-569",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-09023",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007420",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2477",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-15-003",
"trust": 0.7
},
{
"db": "IVD",
"id": "AE2D23FE-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-76456",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "ae2d23fe-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-003"
},
{
"db": "CNVD",
"id": "CNVD-2014-09023"
},
{
"db": "VULHUB",
"id": "VHN-76456"
},
{
"db": "BID",
"id": "71712"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007420"
},
{
"db": "NVD",
"id": "CVE-2014-8511"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-569"
}
]
},
"id": "VAR-201412-0557",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "ae2d23fe-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-09023"
},
{
"db": "VULHUB",
"id": "VHN-76456"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "ae2d23fe-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-09023"
}
]
},
"last_update_date": "2023-12-18T12:30:28.896000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ProClima Software Vulnerability Disclosure",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-344-01"
},
{
"title": "Schneider Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-350-01"
},
{
"title": "Patch for Schneider Electric ProClima Remote Buffer Overflow Vulnerability (CNVD-2014-09023)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/52960"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-003"
},
{
"db": "CNVD",
"id": "CNVD-2014-09023"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007420"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76456"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007420"
},
{
"db": "NVD",
"id": "CVE-2014-8511"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-350-01"
},
{
"trust": 1.7,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-344-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8511"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8511"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/71712"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-003"
},
{
"db": "CNVD",
"id": "CNVD-2014-09023"
},
{
"db": "VULHUB",
"id": "VHN-76456"
},
{
"db": "BID",
"id": "71712"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007420"
},
{
"db": "NVD",
"id": "CVE-2014-8511"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-569"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "ae2d23fe-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-003"
},
{
"db": "CNVD",
"id": "CNVD-2014-09023"
},
{
"db": "VULHUB",
"id": "VHN-76456"
},
{
"db": "BID",
"id": "71712"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007420"
},
{
"db": "NVD",
"id": "CVE-2014-8511"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-569"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-19T00:00:00",
"db": "IVD",
"id": "ae2d23fe-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-01-07T00:00:00",
"db": "ZDI",
"id": "ZDI-15-003"
},
{
"date": "2014-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-09023"
},
{
"date": "2014-12-27T00:00:00",
"db": "VULHUB",
"id": "VHN-76456"
},
{
"date": "2014-12-10T00:00:00",
"db": "BID",
"id": "71712"
},
{
"date": "2015-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007420"
},
{
"date": "2014-12-27T15:59:00.057000",
"db": "NVD",
"id": "CVE-2014-8511"
},
{
"date": "2014-12-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-569"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-07T00:00:00",
"db": "ZDI",
"id": "ZDI-15-003"
},
{
"date": "2014-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-09023"
},
{
"date": "2015-02-02T00:00:00",
"db": "VULHUB",
"id": "VHN-76456"
},
{
"date": "2015-01-12T00:02:00",
"db": "BID",
"id": "71712"
},
{
"date": "2015-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007420"
},
{
"date": "2015-02-02T16:49:22.903000",
"db": "NVD",
"id": "CVE-2014-8511"
},
{
"date": "2015-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-569"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-569"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric ProClima of Atx45.ocx of ActiveX Control buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007420"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "ae2d23fe-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-569"
}
],
"trust": 0.8
}
}
CVE-2019-6825 (GCVE-0-2019-6825)
Vulnerability from cvelistv5 – Published: 2019-07-15 20:45 – Updated: 2024-08-04 20:31
VLAI
Summary
A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow a malicious DLL file, with the same name of any resident DLLs inside the software installation, to execute arbitrary code in all versions of ProClima prior to version 8.0.0.
Severity
No CVSS data available.
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.schneider-electric.com/en/download/do… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ProClima | ProClima all versions prior to version 8.0.0 |
Affected:
ProClima all versions prior to version 8.0.0
|
Date Public
2019-06-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:31:04.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-162-01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ProClima all versions prior to version 8.0.0",
"vendor": "ProClima",
"versions": [
{
"status": "affected",
"version": "ProClima all versions prior to version 8.0.0"
}
]
}
],
"datePublic": "2019-06-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow a malicious DLL file, with the same name of any resident DLLs inside the software installation, to execute arbitrary code in all versions of ProClima prior to version 8.0.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-15T20:45:14.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-162-01/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2019-6825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ProClima all versions prior to version 8.0.0",
"version": {
"version_data": [
{
"version_value": "ProClima all versions prior to version 8.0.0"
}
]
}
}
]
},
"vendor_name": "ProClima"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow a malicious DLL file, with the same name of any resident DLLs inside the software installation, to execute arbitrary code in all versions of ProClima prior to version 8.0.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427: Uncontrolled Search Path Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-162-01/",
"refsource": "MISC",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-162-01/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2019-6825",
"datePublished": "2019-07-15T20:45:14.000Z",
"dateReserved": "2019-01-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:31:04.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6824 (GCVE-0-2019-6824)
Vulnerability from cvelistv5 – Published: 2019-07-15 20:44 – Updated: 2024-08-04 20:31
VLAI
Summary
A CWE-119: Buffer Errors vulnerability exists in ProClima (all versions prior to version 8.0.0) which allows an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0.
Severity
No CVSS data available.
CWE
- CWE-119 - Buffer Errors
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.schneider-electric.com/en/download/do… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ProClima | ProClima all versions prior to version 8.0.0 |
Affected:
ProClima all versions prior to version 8.0.0
|
Date Public
2019-06-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:31:04.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-162-01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ProClima all versions prior to version 8.0.0",
"vendor": "ProClima",
"versions": [
{
"status": "affected",
"version": "ProClima all versions prior to version 8.0.0"
}
]
}
],
"datePublic": "2019-06-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A CWE-119: Buffer Errors vulnerability exists in ProClima (all versions prior to version 8.0.0) which allows an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119: Buffer Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-15T20:44:14.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-162-01/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2019-6824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ProClima all versions prior to version 8.0.0",
"version": {
"version_data": [
{
"version_value": "ProClima all versions prior to version 8.0.0"
}
]
}
}
]
},
"vendor_name": "ProClima"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-119: Buffer Errors vulnerability exists in ProClima (all versions prior to version 8.0.0) which allows an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119: Buffer Errors"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-162-01/",
"refsource": "MISC",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-162-01/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2019-6824",
"datePublished": "2019-07-15T20:44:14.000Z",
"dateReserved": "2019-01-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:31:04.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6823 (GCVE-0-2019-6823)
Vulnerability from cvelistv5 – Published: 2019-07-15 20:41 – Updated: 2024-08-04 20:31
VLAI
Summary
A CWE-94: Code Injection vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0.
Severity
No CVSS data available.
CWE
- CWE-94 - Code Injection
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.schneider-electric.com/en/download/do… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ProClima | ProClima all versions prior to version 8.0.0 |
Affected:
ProClima all versions prior to version 8.0.0
|
Date Public
2019-06-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:31:04.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-162-01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ProClima all versions prior to version 8.0.0",
"vendor": "ProClima",
"versions": [
{
"status": "affected",
"version": "ProClima all versions prior to version 8.0.0"
}
]
}
],
"datePublic": "2019-06-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A CWE-94: Code Injection vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-15T20:42:37.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-162-01/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2019-6823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ProClima all versions prior to version 8.0.0",
"version": {
"version_data": [
{
"version_value": "ProClima all versions prior to version 8.0.0"
}
]
}
}
]
},
"vendor_name": "ProClima"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-94: Code Injection vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94: Code Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-162-01/",
"refsource": "MISC",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-162-01/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2019-6823",
"datePublished": "2019-07-15T20:41:51.000Z",
"dateReserved": "2019-01-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:31:04.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6825 (GCVE-0-2019-6825)
Vulnerability from nvd – Published: 2019-07-15 20:45 – Updated: 2024-08-04 20:31
VLAI
Summary
A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow a malicious DLL file, with the same name of any resident DLLs inside the software installation, to execute arbitrary code in all versions of ProClima prior to version 8.0.0.
Severity
No CVSS data available.
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.schneider-electric.com/en/download/do… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ProClima | ProClima all versions prior to version 8.0.0 |
Affected:
ProClima all versions prior to version 8.0.0
|
Date Public
2019-06-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:31:04.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-162-01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ProClima all versions prior to version 8.0.0",
"vendor": "ProClima",
"versions": [
{
"status": "affected",
"version": "ProClima all versions prior to version 8.0.0"
}
]
}
],
"datePublic": "2019-06-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow a malicious DLL file, with the same name of any resident DLLs inside the software installation, to execute arbitrary code in all versions of ProClima prior to version 8.0.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-15T20:45:14.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-162-01/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2019-6825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ProClima all versions prior to version 8.0.0",
"version": {
"version_data": [
{
"version_value": "ProClima all versions prior to version 8.0.0"
}
]
}
}
]
},
"vendor_name": "ProClima"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow a malicious DLL file, with the same name of any resident DLLs inside the software installation, to execute arbitrary code in all versions of ProClima prior to version 8.0.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427: Uncontrolled Search Path Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-162-01/",
"refsource": "MISC",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-162-01/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2019-6825",
"datePublished": "2019-07-15T20:45:14.000Z",
"dateReserved": "2019-01-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:31:04.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6824 (GCVE-0-2019-6824)
Vulnerability from nvd – Published: 2019-07-15 20:44 – Updated: 2024-08-04 20:31
VLAI
Summary
A CWE-119: Buffer Errors vulnerability exists in ProClima (all versions prior to version 8.0.0) which allows an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0.
Severity
No CVSS data available.
CWE
- CWE-119 - Buffer Errors
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.schneider-electric.com/en/download/do… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ProClima | ProClima all versions prior to version 8.0.0 |
Affected:
ProClima all versions prior to version 8.0.0
|
Date Public
2019-06-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:31:04.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-162-01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ProClima all versions prior to version 8.0.0",
"vendor": "ProClima",
"versions": [
{
"status": "affected",
"version": "ProClima all versions prior to version 8.0.0"
}
]
}
],
"datePublic": "2019-06-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A CWE-119: Buffer Errors vulnerability exists in ProClima (all versions prior to version 8.0.0) which allows an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119: Buffer Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-15T20:44:14.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-162-01/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2019-6824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ProClima all versions prior to version 8.0.0",
"version": {
"version_data": [
{
"version_value": "ProClima all versions prior to version 8.0.0"
}
]
}
}
]
},
"vendor_name": "ProClima"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-119: Buffer Errors vulnerability exists in ProClima (all versions prior to version 8.0.0) which allows an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119: Buffer Errors"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-162-01/",
"refsource": "MISC",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-162-01/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2019-6824",
"datePublished": "2019-07-15T20:44:14.000Z",
"dateReserved": "2019-01-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:31:04.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6823 (GCVE-0-2019-6823)
Vulnerability from nvd – Published: 2019-07-15 20:41 – Updated: 2024-08-04 20:31
VLAI
Summary
A CWE-94: Code Injection vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0.
Severity
No CVSS data available.
CWE
- CWE-94 - Code Injection
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.schneider-electric.com/en/download/do… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ProClima | ProClima all versions prior to version 8.0.0 |
Affected:
ProClima all versions prior to version 8.0.0
|
Date Public
2019-06-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:31:04.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-162-01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ProClima all versions prior to version 8.0.0",
"vendor": "ProClima",
"versions": [
{
"status": "affected",
"version": "ProClima all versions prior to version 8.0.0"
}
]
}
],
"datePublic": "2019-06-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A CWE-94: Code Injection vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-15T20:42:37.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-162-01/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2019-6823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ProClima all versions prior to version 8.0.0",
"version": {
"version_data": [
{
"version_value": "ProClima all versions prior to version 8.0.0"
}
]
}
}
]
},
"vendor_name": "ProClima"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-94: Code Injection vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94: Code Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-162-01/",
"refsource": "MISC",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-162-01/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2019-6823",
"datePublished": "2019-07-15T20:41:51.000Z",
"dateReserved": "2019-01-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:31:04.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}