Search criteria
12 vulnerabilities found for ProClima by Schneider Electric
VAR-201907-0068
Vulnerability from variot - Updated: 2023-12-18 12:56A CWE-94: Code Injection vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0. ProClima Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric ProClima is a set of heat calculation software from Schneider Electric, France. This software provides thermal management functions for the environment and electrical/electronic equipment installed in the control panel by analyzing specified thermal data. This vulnerability stems from the fact that the network system or product does not correctly filter special elements in the process of constructing code segments from external input data. Attackers can exploit this vulnerability to generate illegal code segments and modify the expected execution control flow of network systems or components
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-0068",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "proclima",
"scope": "lt",
"trust": 1.8,
"vendor": "schneider electric",
"version": "8.0.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006405"
},
{
"db": "NVD",
"id": "CVE-2019-6823"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:proclima:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6823"
}
]
},
"cve": "CVE-2019-6823",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-6823",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-158258",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-6823",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-6823",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-780",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-158258",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-6823",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158258"
},
{
"db": "VULMON",
"id": "CVE-2019-6823"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006405"
},
{
"db": "NVD",
"id": "CVE-2019-6823"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-780"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-94: Code Injection vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0. ProClima Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric ProClima is a set of heat calculation software from Schneider Electric, France. This software provides thermal management functions for the environment and electrical/electronic equipment installed in the control panel by analyzing specified thermal data. This vulnerability stems from the fact that the network system or product does not correctly filter special elements in the process of constructing code segments from external input data. Attackers can exploit this vulnerability to generate illegal code segments and modify the expected execution control flow of network systems or components",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6823"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006405"
},
{
"db": "VULHUB",
"id": "VHN-158258"
},
{
"db": "VULMON",
"id": "CVE-2019-6823"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6823",
"trust": 2.6
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-162-01",
"trust": 1.8
},
{
"db": "ICS CERT",
"id": "ICSA-19-295-01",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006405",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-780",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-158258",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-6823",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158258"
},
{
"db": "VULMON",
"id": "CVE-2019-6823"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006405"
},
{
"db": "NVD",
"id": "CVE-2019-6823"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-780"
}
]
},
"id": "VAR-201907-0068",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-158258"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:56:31.054000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-162-01",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-162-01/"
},
{
"title": "Schneider Electric ProClima Fixes for code injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=95256"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2019-6823 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-6823"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006405"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-780"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158258"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006405"
},
{
"db": "NVD",
"id": "CVE-2019-6823"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-162-01/"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-295-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6823"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6823"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/94.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2019-6823"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158258"
},
{
"db": "VULMON",
"id": "CVE-2019-6823"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006405"
},
{
"db": "NVD",
"id": "CVE-2019-6823"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-780"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-158258"
},
{
"db": "VULMON",
"id": "CVE-2019-6823"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006405"
},
{
"db": "NVD",
"id": "CVE-2019-6823"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-780"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-15T00:00:00",
"db": "VULHUB",
"id": "VHN-158258"
},
{
"date": "2019-07-15T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6823"
},
{
"date": "2019-07-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006405"
},
{
"date": "2019-07-15T21:15:10.663000",
"db": "NVD",
"id": "CVE-2019-6823"
},
{
"date": "2019-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-780"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-158258"
},
{
"date": "2022-10-14T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6823"
},
{
"date": "2019-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006405"
},
{
"date": "2022-10-14T03:03:14.450000",
"db": "NVD",
"id": "CVE-2019-6823"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-780"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-780"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ProClima Code injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006405"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-780"
}
],
"trust": 0.6
}
}
VAR-201907-0069
Vulnerability from variot - Updated: 2023-12-18 12:56A CWE-119: Buffer Errors vulnerability exists in ProClima (all versions prior to version 8.0.0) which allows an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0. ProClima Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric ProClima is a set of heat calculation software from Schneider Electric, France. This software provides thermal management functions for the environment and electrical/electronic equipment installed in the control panel by analyzing specified thermal data. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-0069",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "proclima",
"scope": "lt",
"trust": 1.8,
"vendor": "schneider electric",
"version": "8.0.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006406"
},
{
"db": "NVD",
"id": "CVE-2019-6824"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:proclima:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6824"
}
]
},
"cve": "CVE-2019-6824",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-6824",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-158259",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-6824",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-6824",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-781",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-158259",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-6824",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158259"
},
{
"db": "VULMON",
"id": "CVE-2019-6824"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006406"
},
{
"db": "NVD",
"id": "CVE-2019-6824"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-781"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-119: Buffer Errors vulnerability exists in ProClima (all versions prior to version 8.0.0) which allows an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0. ProClima Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric ProClima is a set of heat calculation software from Schneider Electric, France. This software provides thermal management functions for the environment and electrical/electronic equipment installed in the control panel by analyzing specified thermal data. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6824"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006406"
},
{
"db": "VULHUB",
"id": "VHN-158259"
},
{
"db": "VULMON",
"id": "CVE-2019-6824"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6824",
"trust": 2.6
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-162-01",
"trust": 1.8
},
{
"db": "ICS CERT",
"id": "ICSA-19-295-01",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006406",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-781",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-158259",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-6824",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158259"
},
{
"db": "VULMON",
"id": "CVE-2019-6824"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006406"
},
{
"db": "NVD",
"id": "CVE-2019-6824"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-781"
}
]
},
"id": "VAR-201907-0069",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-158259"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:56:31.021000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-162-01",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-162-01/"
},
{
"title": "Schneider Electric ProClima Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=95257"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2019-6824 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-6824"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006406"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-781"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158259"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006406"
},
{
"db": "NVD",
"id": "CVE-2019-6824"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-162-01/"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-295-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6824"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6824"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2019-6824"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158259"
},
{
"db": "VULMON",
"id": "CVE-2019-6824"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006406"
},
{
"db": "NVD",
"id": "CVE-2019-6824"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-781"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-158259"
},
{
"db": "VULMON",
"id": "CVE-2019-6824"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006406"
},
{
"db": "NVD",
"id": "CVE-2019-6824"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-781"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-15T00:00:00",
"db": "VULHUB",
"id": "VHN-158259"
},
{
"date": "2019-07-15T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6824"
},
{
"date": "2019-07-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006406"
},
{
"date": "2019-07-15T21:15:10.727000",
"db": "NVD",
"id": "CVE-2019-6824"
},
{
"date": "2019-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-781"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-158259"
},
{
"date": "2022-10-14T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6824"
},
{
"date": "2019-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006406"
},
{
"date": "2022-10-14T03:04:04.040000",
"db": "NVD",
"id": "CVE-2019-6824"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-781"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-781"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ProClima Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006406"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-781"
}
],
"trust": 0.6
}
}
VAR-201907-0070
Vulnerability from variot - Updated: 2023-12-18 12:56A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow a malicious DLL file, with the same name of any resident DLLs inside the software installation, to execute arbitrary code in all versions of ProClima prior to version 8.0.0. ProClima Contains a vulnerability related to uncontrolled search path elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric ProClima is a set of heat calculation software from Schneider Electric, France. This software provides thermal management functions for the environment and electrical/electronic equipment installed in the control panel by analyzing specified thermal data. A code issue vulnerability exists in Schneider Electric ProClima versions prior to 8.0.0. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-0070",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "proclima",
"scope": "lt",
"trust": 1.8,
"vendor": "schneider electric",
"version": "8.0.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006577"
},
{
"db": "NVD",
"id": "CVE-2019-6825"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:proclima:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6825"
}
]
},
"cve": "CVE-2019-6825",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-6825",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-158260",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-6825",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-6825",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-782",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-158260",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-6825",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158260"
},
{
"db": "VULMON",
"id": "CVE-2019-6825"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006577"
},
{
"db": "NVD",
"id": "CVE-2019-6825"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-782"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow a malicious DLL file, with the same name of any resident DLLs inside the software installation, to execute arbitrary code in all versions of ProClima prior to version 8.0.0. ProClima Contains a vulnerability related to uncontrolled search path elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric ProClima is a set of heat calculation software from Schneider Electric, France. This software provides thermal management functions for the environment and electrical/electronic equipment installed in the control panel by analyzing specified thermal data. A code issue vulnerability exists in Schneider Electric ProClima versions prior to 8.0.0. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6825"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006577"
},
{
"db": "VULHUB",
"id": "VHN-158260"
},
{
"db": "VULMON",
"id": "CVE-2019-6825"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6825",
"trust": 2.6
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-162-01",
"trust": 1.8
},
{
"db": "ICS CERT",
"id": "ICSA-19-295-01",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006577",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-782",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-102432",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-158260",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-6825",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158260"
},
{
"db": "VULMON",
"id": "CVE-2019-6825"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006577"
},
{
"db": "NVD",
"id": "CVE-2019-6825"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-782"
}
]
},
"id": "VAR-201907-0070",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-158260"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:56:30.993000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-162-01",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-162-01/"
},
{
"title": "Schneider Electric ProClima Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=95258"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2019-6825 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-6825"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006577"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-782"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-427",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158260"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006577"
},
{
"db": "NVD",
"id": "CVE-2019-6825"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-162-01/"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-295-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6825"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6825"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/427.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2019-6825"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158260"
},
{
"db": "VULMON",
"id": "CVE-2019-6825"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006577"
},
{
"db": "NVD",
"id": "CVE-2019-6825"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-782"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-158260"
},
{
"db": "VULMON",
"id": "CVE-2019-6825"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006577"
},
{
"db": "NVD",
"id": "CVE-2019-6825"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-782"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-15T00:00:00",
"db": "VULHUB",
"id": "VHN-158260"
},
{
"date": "2019-07-15T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6825"
},
{
"date": "2019-07-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006577"
},
{
"date": "2019-07-15T21:15:10.790000",
"db": "NVD",
"id": "CVE-2019-6825"
},
{
"date": "2019-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-782"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-158260"
},
{
"date": "2022-09-03T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6825"
},
{
"date": "2019-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006577"
},
{
"date": "2022-09-03T03:45:28.250000",
"db": "NVD",
"id": "CVE-2019-6825"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-782"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-782"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ProClima Vulnerabilities in uncontrolled search path elements",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006577"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-782"
}
],
"trust": 0.6
}
}
VAR-201512-0224
Vulnerability from variot - Updated: 2023-12-18 12:51The F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted integer value to the (1) AttachToSS, (2) CopyAll, (3) CopyRange, (4) CopyRangeEx, or (5) SwapTable method, a different vulnerability than CVE-2015-7918. (1) AttachToSS The method (2) CopyAll The method (3) CopyRange The method (4) CopyRangeEx The method (5) SwapTable The method. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the implementation of the CopyAll method of the F1BookView ActiveX control. The method accepts an integer value and interprets it as the address of a structure in memory. An attacker can leverage this vulnerability to achieve code execution under the context of the process. Schneider Electric ProClima is the thermal calculation software of Schneider Electric, France. Failed exploit attempts will likely result in denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0224",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "proclima",
"scope": null,
"trust": 2.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "proclima",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "6.1"
},
{
"model": "proclima",
"scope": "eq",
"trust": 0.9,
"vendor": "schneider electric",
"version": "6.1"
},
{
"model": "proclima",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "6.2"
},
{
"model": "electric proclima",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "6.2"
},
{
"model": "proclima",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "6.0"
},
{
"model": "proclima",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "6.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "proclima",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "694110a2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-629"
},
{
"db": "ZDI",
"id": "ZDI-15-626"
},
{
"db": "ZDI",
"id": "ZDI-15-628"
},
{
"db": "ZDI",
"id": "ZDI-15-627"
},
{
"db": "CNVD",
"id": "CNVD-2015-08395"
},
{
"db": "BID",
"id": "79802"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006425"
},
{
"db": "NVD",
"id": "CVE-2015-8561"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-442"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:proclima:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8561"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ariele Caltabiano (kimiya)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-629"
},
{
"db": "ZDI",
"id": "ZDI-15-628"
},
{
"db": "ZDI",
"id": "ZDI-15-627"
}
],
"trust": 2.1
},
"cve": "CVE-2015-8561",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-8561",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 3.6,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-08395",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "694110a2-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-86522",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "ZDI",
"id": "CVE-2015-8561",
"trust": 2.8,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-8561",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-08395",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201512-442",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "694110a2-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-86522",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "694110a2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-629"
},
{
"db": "ZDI",
"id": "ZDI-15-626"
},
{
"db": "ZDI",
"id": "ZDI-15-628"
},
{
"db": "ZDI",
"id": "ZDI-15-627"
},
{
"db": "CNVD",
"id": "CNVD-2015-08395"
},
{
"db": "VULHUB",
"id": "VHN-86522"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006425"
},
{
"db": "NVD",
"id": "CVE-2015-8561"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-442"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted integer value to the (1) AttachToSS, (2) CopyAll, (3) CopyRange, (4) CopyRangeEx, or (5) SwapTable method, a different vulnerability than CVE-2015-7918. (1) AttachToSS The method (2) CopyAll The method (3) CopyRange The method (4) CopyRangeEx The method (5) SwapTable The method. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the implementation of the CopyAll method of the F1BookView ActiveX control. The method accepts an integer value and interprets it as the address of a structure in memory. An attacker can leverage this vulnerability to achieve code execution under the context of the process. Schneider Electric ProClima is the thermal calculation software of Schneider Electric, France. Failed exploit attempts will likely result in denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8561"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006425"
},
{
"db": "ZDI",
"id": "ZDI-15-629"
},
{
"db": "ZDI",
"id": "ZDI-15-626"
},
{
"db": "ZDI",
"id": "ZDI-15-628"
},
{
"db": "ZDI",
"id": "ZDI-15-627"
},
{
"db": "CNVD",
"id": "CNVD-2015-08395"
},
{
"db": "BID",
"id": "79802"
},
{
"db": "IVD",
"id": "694110a2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-86522"
}
],
"trust": 5.22
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-8561",
"trust": 6.4
},
{
"db": "ZDI",
"id": "ZDI-15-628",
"trust": 3.3
},
{
"db": "ZDI",
"id": "ZDI-15-629",
"trust": 2.7
},
{
"db": "ZDI",
"id": "ZDI-15-626",
"trust": 2.7
},
{
"db": "ICS CERT",
"id": "ICSA-15-335-02",
"trust": 2.5
},
{
"db": "ZDI",
"id": "ZDI-15-627",
"trust": 2.4
},
{
"db": "SCHNEIDER",
"id": "SEVD-2015-329-01",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201512-442",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-08395",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006425",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3054",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3056",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3053",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3055",
"trust": 0.7
},
{
"db": "BID",
"id": "79802",
"trust": 0.4
},
{
"db": "IVD",
"id": "694110A2-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-86522",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "694110a2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-629"
},
{
"db": "ZDI",
"id": "ZDI-15-626"
},
{
"db": "ZDI",
"id": "ZDI-15-628"
},
{
"db": "ZDI",
"id": "ZDI-15-627"
},
{
"db": "CNVD",
"id": "CNVD-2015-08395"
},
{
"db": "VULHUB",
"id": "VHN-86522"
},
{
"db": "BID",
"id": "79802"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006425"
},
{
"db": "NVD",
"id": "CVE-2015-8561"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-442"
}
]
},
"id": "VAR-201512-0224",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "694110a2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-08395"
},
{
"db": "VULHUB",
"id": "VHN-86522"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "694110a2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-08395"
}
]
},
"last_update_date": "2023-12-18T12:51:37.968000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Schneider Electric has issued an update to correct this vulnerability.",
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-335-02"
},
{
"title": "SEVD-2015-329-01",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd-2015-329-01"
},
{
"title": "Schneider Electric ProClima denial of service vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/68764"
},
{
"title": "Schneider Electric ProClima F1 Bookview Buffer Overflow Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=59231"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-629"
},
{
"db": "ZDI",
"id": "ZDI-15-626"
},
{
"db": "ZDI",
"id": "ZDI-15-628"
},
{
"db": "ZDI",
"id": "ZDI-15-627"
},
{
"db": "CNVD",
"id": "CNVD-2015-08395"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006425"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-442"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86522"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006425"
},
{
"db": "NVD",
"id": "CVE-2015-8561"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 5.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-335-02"
},
{
"trust": 2.6,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-628"
},
{
"trust": 2.0,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd-2015-329-01"
},
{
"trust": 2.0,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-626"
},
{
"trust": 2.0,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-629"
},
{
"trust": 1.7,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-627"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8561"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8561"
},
{
"trust": 0.6,
"url": "http://support.microsoft.com/kb/240797"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/en/product-range-download/2560-proclima"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-629"
},
{
"db": "ZDI",
"id": "ZDI-15-626"
},
{
"db": "ZDI",
"id": "ZDI-15-628"
},
{
"db": "ZDI",
"id": "ZDI-15-627"
},
{
"db": "CNVD",
"id": "CNVD-2015-08395"
},
{
"db": "VULHUB",
"id": "VHN-86522"
},
{
"db": "BID",
"id": "79802"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006425"
},
{
"db": "NVD",
"id": "CVE-2015-8561"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-442"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "694110a2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-629"
},
{
"db": "ZDI",
"id": "ZDI-15-626"
},
{
"db": "ZDI",
"id": "ZDI-15-628"
},
{
"db": "ZDI",
"id": "ZDI-15-627"
},
{
"db": "CNVD",
"id": "CNVD-2015-08395"
},
{
"db": "VULHUB",
"id": "VHN-86522"
},
{
"db": "BID",
"id": "79802"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006425"
},
{
"db": "NVD",
"id": "CVE-2015-8561"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-442"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-22T00:00:00",
"db": "IVD",
"id": "694110a2-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-12-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-629"
},
{
"date": "2015-12-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-626"
},
{
"date": "2015-12-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-628"
},
{
"date": "2015-12-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-627"
},
{
"date": "2015-12-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-08395"
},
{
"date": "2015-12-15T00:00:00",
"db": "VULHUB",
"id": "VHN-86522"
},
{
"date": "2015-11-25T00:00:00",
"db": "BID",
"id": "79802"
},
{
"date": "2015-12-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006425"
},
{
"date": "2015-12-15T05:59:09.797000",
"db": "NVD",
"id": "CVE-2015-8561"
},
{
"date": "2015-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-442"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-629"
},
{
"date": "2015-12-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-626"
},
{
"date": "2015-12-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-628"
},
{
"date": "2015-12-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-627"
},
{
"date": "2015-12-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-08395"
},
{
"date": "2015-12-16T00:00:00",
"db": "VULHUB",
"id": "VHN-86522"
},
{
"date": "2015-11-25T00:00:00",
"db": "BID",
"id": "79802"
},
{
"date": "2015-12-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006425"
},
{
"date": "2015-12-16T13:22:28.820000",
"db": "NVD",
"id": "CVE-2015-8561"
},
{
"date": "2015-12-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-442"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-442"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric ProClima Denial of service vulnerability",
"sources": [
{
"db": "IVD",
"id": "694110a2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-08395"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "694110a2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-442"
}
],
"trust": 0.8
}
}
VAR-201512-0015
Vulnerability from variot - Updated: 2023-12-18 12:51Multiple buffer overflows in the F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allow remote attackers to execute arbitrary code via the (1) Attach, (2) DefinedName, (3) DefinedNameLocal, (4) ODBCPrepareEx, (5) ObjCreatePolygon, (6) SetTabbedTextEx, or (7) SetValidationRule method, a different vulnerability than CVE-2015-8561. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the implementation of the DefinedName method. Memory corruption occurs when a long user-supplied name is supplied. Later in processing, the code jumps to an address outside of normal flow. An attacker may be able to leverage this flaw to execute code under the context of the process. A buffer overrun occurs when a long string is passed by the user to the method. Schneider Electric ProClima is a thermal calculation software from Schneider Electric, France. Failed exploit attempts will likely cause a denial-of-service condition. The affected ActiveX control is identified by CLSID: 3D6F2DBA-F4E5-40A6-8725-E99BC96CC23A
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0015",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "proclima",
"scope": null,
"trust": 4.9,
"vendor": "schneider electric",
"version": null
},
{
"model": "proclima",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "6.1"
},
{
"model": "proclima",
"scope": "eq",
"trust": 0.9,
"vendor": "schneider electric",
"version": "6.1"
},
{
"model": "proclima",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "6.2"
},
{
"model": "electric proclima",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "6.1"
},
{
"model": "proclima",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "6.0.1"
},
{
"model": "proclima",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "6.0"
},
{
"model": "proclima",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "6.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "proclima",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "6d683610-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-635"
},
{
"db": "ZDI",
"id": "ZDI-15-634"
},
{
"db": "ZDI",
"id": "ZDI-15-632"
},
{
"db": "ZDI",
"id": "ZDI-15-630"
},
{
"db": "ZDI",
"id": "ZDI-15-625"
},
{
"db": "ZDI",
"id": "ZDI-15-633"
},
{
"db": "ZDI",
"id": "ZDI-15-631"
},
{
"db": "CNVD",
"id": "CNVD-2015-07899"
},
{
"db": "BID",
"id": "78421"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006424"
},
{
"db": "NVD",
"id": "CVE-2015-7918"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-005"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:proclima:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7918"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fritz Sands - HP Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-635"
},
{
"db": "ZDI",
"id": "ZDI-15-634"
},
{
"db": "ZDI",
"id": "ZDI-15-632"
},
{
"db": "ZDI",
"id": "ZDI-15-630"
},
{
"db": "ZDI",
"id": "ZDI-15-625"
},
{
"db": "ZDI",
"id": "ZDI-15-633"
},
{
"db": "ZDI",
"id": "ZDI-15-631"
}
],
"trust": 4.9
},
"cve": "CVE-2015-7918",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-7918",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 5.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2015-07899",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "6d683610-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-85879",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "ZDI",
"id": "CVE-2015-7918",
"trust": 4.9,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-7918",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-07899",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201512-005",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "6d683610-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-85879",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "6d683610-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-635"
},
{
"db": "ZDI",
"id": "ZDI-15-634"
},
{
"db": "ZDI",
"id": "ZDI-15-632"
},
{
"db": "ZDI",
"id": "ZDI-15-630"
},
{
"db": "ZDI",
"id": "ZDI-15-625"
},
{
"db": "ZDI",
"id": "ZDI-15-633"
},
{
"db": "ZDI",
"id": "ZDI-15-631"
},
{
"db": "CNVD",
"id": "CNVD-2015-07899"
},
{
"db": "VULHUB",
"id": "VHN-85879"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006424"
},
{
"db": "NVD",
"id": "CVE-2015-7918"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-005"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple buffer overflows in the F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allow remote attackers to execute arbitrary code via the (1) Attach, (2) DefinedName, (3) DefinedNameLocal, (4) ODBCPrepareEx, (5) ObjCreatePolygon, (6) SetTabbedTextEx, or (7) SetValidationRule method, a different vulnerability than CVE-2015-8561. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the implementation of the DefinedName method. Memory corruption occurs when a long user-supplied name is supplied. Later in processing, the code jumps to an address outside of normal flow. An attacker may be able to leverage this flaw to execute code under the context of the process. A buffer overrun occurs when a long string is passed by the user to the method. Schneider Electric ProClima is a thermal calculation software from Schneider Electric, France. Failed exploit attempts will likely cause a denial-of-service condition. \nThe affected ActiveX control is identified by CLSID: 3D6F2DBA-F4E5-40A6-8725-E99BC96CC23A",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7918"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006424"
},
{
"db": "ZDI",
"id": "ZDI-15-635"
},
{
"db": "ZDI",
"id": "ZDI-15-634"
},
{
"db": "ZDI",
"id": "ZDI-15-632"
},
{
"db": "ZDI",
"id": "ZDI-15-630"
},
{
"db": "ZDI",
"id": "ZDI-15-625"
},
{
"db": "ZDI",
"id": "ZDI-15-633"
},
{
"db": "ZDI",
"id": "ZDI-15-631"
},
{
"db": "CNVD",
"id": "CNVD-2015-07899"
},
{
"db": "BID",
"id": "78421"
},
{
"db": "IVD",
"id": "6d683610-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-85879"
}
],
"trust": 7.11
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7918",
"trust": 8.5
},
{
"db": "ICS CERT",
"id": "ICSA-15-335-02",
"trust": 3.1
},
{
"db": "ZDI",
"id": "ZDI-15-635",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-15-634",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-15-632",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-15-630",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-15-625",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-15-633",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-15-631",
"trust": 2.4
},
{
"db": "SCHNEIDER",
"id": "SEVD-2015-329-01",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201512-005",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-07899",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006424",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3095",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3093",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3078",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3076",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3094",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3092",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3077",
"trust": 0.7
},
{
"db": "BID",
"id": "78421",
"trust": 0.4
},
{
"db": "ZDI",
"id": "ZDI-15-626",
"trust": 0.3
},
{
"db": "ZDI",
"id": "ZDI-15-628",
"trust": 0.3
},
{
"db": "IVD",
"id": "6D683610-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-85879",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "6d683610-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-635"
},
{
"db": "ZDI",
"id": "ZDI-15-634"
},
{
"db": "ZDI",
"id": "ZDI-15-632"
},
{
"db": "ZDI",
"id": "ZDI-15-630"
},
{
"db": "ZDI",
"id": "ZDI-15-625"
},
{
"db": "ZDI",
"id": "ZDI-15-633"
},
{
"db": "ZDI",
"id": "ZDI-15-631"
},
{
"db": "CNVD",
"id": "CNVD-2015-07899"
},
{
"db": "VULHUB",
"id": "VHN-85879"
},
{
"db": "BID",
"id": "78421"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006424"
},
{
"db": "NVD",
"id": "CVE-2015-7918"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-005"
}
]
},
"id": "VAR-201512-0015",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "6d683610-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07899"
},
{
"db": "VULHUB",
"id": "VHN-85879"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "6d683610-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07899"
}
]
},
"last_update_date": "2023-12-18T12:51:37.899000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Schneider Electric has issued an update to correct this vulnerability.",
"trust": 4.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-335-02"
},
{
"title": "SEVD-2015-329-01",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd-2015-329-01"
},
{
"title": "Schneider Electric ProClima ActiveX Control code injection vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/67570"
},
{
"title": "Schneider Electric ProClima F1BookView ActiveX Fixes for Control Buffer Overflow Vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=58873"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-635"
},
{
"db": "ZDI",
"id": "ZDI-15-634"
},
{
"db": "ZDI",
"id": "ZDI-15-632"
},
{
"db": "ZDI",
"id": "ZDI-15-630"
},
{
"db": "ZDI",
"id": "ZDI-15-625"
},
{
"db": "ZDI",
"id": "ZDI-15-633"
},
{
"db": "ZDI",
"id": "ZDI-15-631"
},
{
"db": "CNVD",
"id": "CNVD-2015-07899"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006424"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-005"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85879"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006424"
},
{
"db": "NVD",
"id": "CVE-2015-7918"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 8.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-335-02"
},
{
"trust": 1.7,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd-2015-329-01"
},
{
"trust": 1.7,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-625"
},
{
"trust": 1.7,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-630"
},
{
"trust": 1.7,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-631"
},
{
"trust": 1.7,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-632"
},
{
"trust": 1.7,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-633"
},
{
"trust": 1.7,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-634"
},
{
"trust": 1.7,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-635"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7918"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7918"
},
{
"trust": 0.3,
"url": "http://support.microsoft.com/kb/240797"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/en/product-range-download/2560-proclima"
},
{
"trust": 0.3,
"url": " http://www.zerodayinitiative.com/advisories/zdi-15-626"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-628"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-635"
},
{
"db": "ZDI",
"id": "ZDI-15-634"
},
{
"db": "ZDI",
"id": "ZDI-15-632"
},
{
"db": "ZDI",
"id": "ZDI-15-630"
},
{
"db": "ZDI",
"id": "ZDI-15-625"
},
{
"db": "ZDI",
"id": "ZDI-15-633"
},
{
"db": "ZDI",
"id": "ZDI-15-631"
},
{
"db": "CNVD",
"id": "CNVD-2015-07899"
},
{
"db": "VULHUB",
"id": "VHN-85879"
},
{
"db": "BID",
"id": "78421"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006424"
},
{
"db": "NVD",
"id": "CVE-2015-7918"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-005"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "6d683610-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-635"
},
{
"db": "ZDI",
"id": "ZDI-15-634"
},
{
"db": "ZDI",
"id": "ZDI-15-632"
},
{
"db": "ZDI",
"id": "ZDI-15-630"
},
{
"db": "ZDI",
"id": "ZDI-15-625"
},
{
"db": "ZDI",
"id": "ZDI-15-633"
},
{
"db": "ZDI",
"id": "ZDI-15-631"
},
{
"db": "CNVD",
"id": "CNVD-2015-07899"
},
{
"db": "VULHUB",
"id": "VHN-85879"
},
{
"db": "BID",
"id": "78421"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006424"
},
{
"db": "NVD",
"id": "CVE-2015-7918"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-005"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-03T00:00:00",
"db": "IVD",
"id": "6d683610-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-12-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-635"
},
{
"date": "2015-12-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-634"
},
{
"date": "2015-12-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-632"
},
{
"date": "2015-12-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-630"
},
{
"date": "2015-12-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-625"
},
{
"date": "2015-12-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-633"
},
{
"date": "2015-12-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-631"
},
{
"date": "2015-12-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07899"
},
{
"date": "2015-12-15T00:00:00",
"db": "VULHUB",
"id": "VHN-85879"
},
{
"date": "2015-12-01T00:00:00",
"db": "BID",
"id": "78421"
},
{
"date": "2015-12-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006424"
},
{
"date": "2015-12-15T05:59:08.857000",
"db": "NVD",
"id": "CVE-2015-7918"
},
{
"date": "2015-12-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-005"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-635"
},
{
"date": "2015-12-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-634"
},
{
"date": "2015-12-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-632"
},
{
"date": "2015-12-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-630"
},
{
"date": "2015-12-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-625"
},
{
"date": "2015-12-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-633"
},
{
"date": "2015-12-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-631"
},
{
"date": "2015-12-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07899"
},
{
"date": "2015-12-16T00:00:00",
"db": "VULHUB",
"id": "VHN-85879"
},
{
"date": "2015-12-01T00:00:00",
"db": "BID",
"id": "78421"
},
{
"date": "2015-12-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006424"
},
{
"date": "2015-12-16T13:21:54.250000",
"db": "NVD",
"id": "CVE-2015-7918"
},
{
"date": "2015-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-005"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-005"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric ProClima ActiveX Control Code injection vulnerability",
"sources": [
{
"db": "IVD",
"id": "6d683610-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07899"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "6d683610-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-005"
}
],
"trust": 0.8
}
}
VAR-201412-0558
Vulnerability from variot - Updated: 2023-12-18 12:30Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8511. NOTE: this may be clarified later based on details provided by researchers. This vulnerability CVE-2014-8511 Is a different vulnerability. The details of this issue may become clear in the future based on information provided by researchers.A third party may execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the ATX45.ATX45Ctrl.1 ActiveX control in Atx45.ocx. The control does not check the length of an attacker-supplied string in the SetBodyAttribute method before copying it into a fixed length buffer on the heap. This allows an attacker to execute arbitrary code in the context of the browser process. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Failed exploit attempts will likely result in denial-of-service conditions. ProClima 6.0.1 and prior are vulnerable. Schneider Electric ProClima is a set of thermal calculation software from Schneider Electric, France
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201412-0558",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "proclima",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "6.0.1"
},
{
"model": "proclima",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "6.1.7"
},
{
"model": "proclima",
"scope": null,
"trust": 0.7,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric proclima",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "6.0.1"
},
{
"model": "proclima",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "6.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "proclima",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "ae2f226c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-004"
},
{
"db": "CNVD",
"id": "CNVD-2014-09024"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007421"
},
{
"db": "NVD",
"id": "CVE-2014-8512"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-570"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider_electric:proclima:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8512"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Brian Gorenc - HP Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-004"
}
],
"trust": 0.7
},
"cve": "CVE-2014-8512",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-8512",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 1.5,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-09024",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "ae2f226c-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-76457",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-8512",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2014-8512",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-09024",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201412-570",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "ae2f226c-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-76457",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ae2f226c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-004"
},
{
"db": "CNVD",
"id": "CNVD-2014-09024"
},
{
"db": "VULHUB",
"id": "VHN-76457"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007421"
},
{
"db": "NVD",
"id": "CVE-2014-8512"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-570"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8511. NOTE: this may be clarified later based on details provided by researchers. This vulnerability CVE-2014-8511 Is a different vulnerability. The details of this issue may become clear in the future based on information provided by researchers.A third party may execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the ATX45.ATX45Ctrl.1 ActiveX control in Atx45.ocx. The control does not check the length of an attacker-supplied string in the SetBodyAttribute method before copying it into a fixed length buffer on the heap. This allows an attacker to execute arbitrary code in the context of the browser process. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Failed exploit attempts will likely result in denial-of-service conditions. \nProClima 6.0.1 and prior are vulnerable. Schneider Electric ProClima is a set of thermal calculation software from Schneider Electric, France",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8512"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007421"
},
{
"db": "ZDI",
"id": "ZDI-15-004"
},
{
"db": "CNVD",
"id": "CNVD-2014-09024"
},
{
"db": "BID",
"id": "71711"
},
{
"db": "IVD",
"id": "ae2f226c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-76457"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-8512",
"trust": 4.3
},
{
"db": "ICS CERT",
"id": "ICSA-14-350-01",
"trust": 2.5
},
{
"db": "BID",
"id": "71711",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201412-570",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-09024",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007421",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2479",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-15-004",
"trust": 0.7
},
{
"db": "IVD",
"id": "AE2F226C-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-76457",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "ae2f226c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-004"
},
{
"db": "CNVD",
"id": "CNVD-2014-09024"
},
{
"db": "VULHUB",
"id": "VHN-76457"
},
{
"db": "BID",
"id": "71711"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007421"
},
{
"db": "NVD",
"id": "CVE-2014-8512"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-570"
}
]
},
"id": "VAR-201412-0558",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "ae2f226c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-09024"
},
{
"db": "VULHUB",
"id": "VHN-76457"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "ae2f226c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-09024"
}
]
},
"last_update_date": "2023-12-18T12:30:29.069000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ProClima Software Vulnerability Disclosure",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-344-01"
},
{
"title": "Schneider Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-350-01"
},
{
"title": "Patch for Schneider Electric ProClima Remote Buffer Overflow Vulnerability (CNVD-2014-09024)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/52959"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-004"
},
{
"db": "CNVD",
"id": "CNVD-2014-09024"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007421"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76457"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007421"
},
{
"db": "NVD",
"id": "CVE-2014-8512"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-350-01"
},
{
"trust": 1.7,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-344-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8512"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8512"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/71711"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-004"
},
{
"db": "CNVD",
"id": "CNVD-2014-09024"
},
{
"db": "VULHUB",
"id": "VHN-76457"
},
{
"db": "BID",
"id": "71711"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007421"
},
{
"db": "NVD",
"id": "CVE-2014-8512"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-570"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "ae2f226c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-004"
},
{
"db": "CNVD",
"id": "CNVD-2014-09024"
},
{
"db": "VULHUB",
"id": "VHN-76457"
},
{
"db": "BID",
"id": "71711"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007421"
},
{
"db": "NVD",
"id": "CVE-2014-8512"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-570"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-19T00:00:00",
"db": "IVD",
"id": "ae2f226c-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-01-07T00:00:00",
"db": "ZDI",
"id": "ZDI-15-004"
},
{
"date": "2014-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-09024"
},
{
"date": "2014-12-27T00:00:00",
"db": "VULHUB",
"id": "VHN-76457"
},
{
"date": "2014-12-10T00:00:00",
"db": "BID",
"id": "71711"
},
{
"date": "2015-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007421"
},
{
"date": "2014-12-27T15:59:01.857000",
"db": "NVD",
"id": "CVE-2014-8512"
},
{
"date": "2014-12-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-570"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-07T00:00:00",
"db": "ZDI",
"id": "ZDI-15-004"
},
{
"date": "2014-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-09024"
},
{
"date": "2014-12-29T00:00:00",
"db": "VULHUB",
"id": "VHN-76457"
},
{
"date": "2015-01-12T00:02:00",
"db": "BID",
"id": "71711"
},
{
"date": "2015-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007421"
},
{
"date": "2014-12-29T23:11:59.473000",
"db": "NVD",
"id": "CVE-2014-8512"
},
{
"date": "2015-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-570"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-570"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric ProClima of Atx45.ocx of ActiveX Control buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007421"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "ae2f226c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-570"
}
],
"trust": 0.8
}
}
VAR-201412-0560
Vulnerability from variot - Updated: 2023-12-18 12:30Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-9188. NOTE: this may be clarified later based on details provided by researchers. This vulnerability CVE-2014-8513 and CVE-2014-9188 Is a different vulnerability. The details of this issue may become clear in the future based on information provided by researchers.A third party may execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the MetaDraw ActiveX control's ObjLinks property. This property can be assigned an attacker-supplied memory address and the control will redirect execution flow to this given memory address. An attacker can exploit this condition to achieve code execution under the context of the browser process. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Failed exploit attempts will likely result in denial-of-service conditions. ProClima 6.0.1 and prior are vulnerable. Schneider Electric ProClima is a set of thermal calculation software from Schneider Electric, France
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201412-0560",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "proclima",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "6.0.1"
},
{
"model": "proclima",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "6.1.7"
},
{
"model": "proclima",
"scope": null,
"trust": 0.7,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric proclima",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "6.0.1"
},
{
"model": "proclima",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "6.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "proclima",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "ae33c182-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-002"
},
{
"db": "CNVD",
"id": "CNVD-2014-09025"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007423"
},
{
"db": "NVD",
"id": "CVE-2014-8514"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-572"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider_electric:proclima:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8514"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ariele Caltabiano (kimiya)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-002"
}
],
"trust": 0.7
},
"cve": "CVE-2014-8514",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-8514",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 1.5,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-09025",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "ae33c182-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-76459",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-8514",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2014-8514",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-09025",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201412-572",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "ae33c182-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-76459",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ae33c182-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-002"
},
{
"db": "CNVD",
"id": "CNVD-2014-09025"
},
{
"db": "VULHUB",
"id": "VHN-76459"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007423"
},
{
"db": "NVD",
"id": "CVE-2014-8514"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-572"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-9188. NOTE: this may be clarified later based on details provided by researchers. This vulnerability CVE-2014-8513 and CVE-2014-9188 Is a different vulnerability. The details of this issue may become clear in the future based on information provided by researchers.A third party may execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the MetaDraw ActiveX control\u0027s ObjLinks property. This property can be assigned an attacker-supplied memory address and the control will redirect execution flow to this given memory address. An attacker can exploit this condition to achieve code execution under the context of the browser process. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Failed exploit attempts will likely result in denial-of-service conditions. \nProClima 6.0.1 and prior are vulnerable. Schneider Electric ProClima is a set of thermal calculation software from Schneider Electric, France",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8514"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007423"
},
{
"db": "ZDI",
"id": "ZDI-15-002"
},
{
"db": "CNVD",
"id": "CNVD-2014-09025"
},
{
"db": "BID",
"id": "71710"
},
{
"db": "IVD",
"id": "ae33c182-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-76459"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-8514",
"trust": 4.3
},
{
"db": "ICS CERT",
"id": "ICSA-14-350-01",
"trust": 2.8
},
{
"db": "BID",
"id": "71710",
"trust": 2.0
},
{
"db": "ZDI",
"id": "ZDI-15-002",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201412-572",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-09025",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007423",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2483",
"trust": 0.7
},
{
"db": "IVD",
"id": "AE33C182-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-76459",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "ae33c182-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-002"
},
{
"db": "CNVD",
"id": "CNVD-2014-09025"
},
{
"db": "VULHUB",
"id": "VHN-76459"
},
{
"db": "BID",
"id": "71710"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007423"
},
{
"db": "NVD",
"id": "CVE-2014-8514"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-572"
}
]
},
"id": "VAR-201412-0560",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "ae33c182-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-09025"
},
{
"db": "VULHUB",
"id": "VHN-76459"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "ae33c182-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-09025"
}
]
},
"last_update_date": "2023-12-18T12:30:29.027000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ProClima Software Vulnerability Disclosure",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-344-01"
},
{
"title": "Schneider Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-350-01"
},
{
"title": "Patch for Schneider Electric ProClima Remote Buffer Overflow Vulnerability (CNVD-2014-09025)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/52958"
},
{
"title": "ProClima_v6.1.8_setup",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53033"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-002"
},
{
"db": "CNVD",
"id": "CNVD-2014-09025"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007423"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-572"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76459"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007423"
},
{
"db": "NVD",
"id": "CVE-2014-8514"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-350-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/71710"
},
{
"trust": 1.7,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-344-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8514"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8514"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/products/ww/en/5100-software/5110-electrical-design-software/2560-proclima/"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
},
{
"trust": 0.3,
"url": "http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cyber-security-vulnerabilities-sorted.page"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-002/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-002"
},
{
"db": "CNVD",
"id": "CNVD-2014-09025"
},
{
"db": "VULHUB",
"id": "VHN-76459"
},
{
"db": "BID",
"id": "71710"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007423"
},
{
"db": "NVD",
"id": "CVE-2014-8514"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-572"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "ae33c182-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-002"
},
{
"db": "CNVD",
"id": "CNVD-2014-09025"
},
{
"db": "VULHUB",
"id": "VHN-76459"
},
{
"db": "BID",
"id": "71710"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007423"
},
{
"db": "NVD",
"id": "CVE-2014-8514"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-572"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-19T00:00:00",
"db": "IVD",
"id": "ae33c182-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-01-07T00:00:00",
"db": "ZDI",
"id": "ZDI-15-002"
},
{
"date": "2014-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-09025"
},
{
"date": "2014-12-27T00:00:00",
"db": "VULHUB",
"id": "VHN-76459"
},
{
"date": "2014-12-10T00:00:00",
"db": "BID",
"id": "71710"
},
{
"date": "2015-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007423"
},
{
"date": "2014-12-27T15:59:03.823000",
"db": "NVD",
"id": "CVE-2014-8514"
},
{
"date": "2014-12-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-572"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-07T00:00:00",
"db": "ZDI",
"id": "ZDI-15-002"
},
{
"date": "2014-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-09025"
},
{
"date": "2016-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-76459"
},
{
"date": "2015-07-15T00:14:00",
"db": "BID",
"id": "71710"
},
{
"date": "2015-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007423"
},
{
"date": "2016-12-31T02:59:14.200000",
"db": "NVD",
"id": "CVE-2014-8514"
},
{
"date": "2015-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-572"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-572"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric ProClima of MDraw30.ocx of ActiveX Control buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007423"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "ae33c182-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-572"
}
],
"trust": 0.8
}
}
VAR-201412-0559
Vulnerability from variot - Updated: 2023-12-18 12:30Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8514 and CVE-2014-9188. NOTE: this may be clarified later based on details provided by researchers. This vulnerability CVE-2014-8514 and CVE-2014-9188 Is a different vulnerability. The details of this issue may become clear in the future based on information provided by researchers.A third party may execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the MetaDraw ActiveX control's ObjectOverlappedBy method. The control dereferences an attacker-supplied memory address and redirects execution flow to the resulting address. An attacker can exploit this condition to achieve code execution under the context of the browser process. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Failed exploit attempts will likely result in denial-of-service conditions. ProClima 6.0.1 and prior are vulnerable. Schneider Electric ProClima is a set of thermal calculation software from Schneider Electric, France
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201412-0559",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "proclima",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "6.0.1"
},
{
"model": "proclima",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "6.1.7"
},
{
"model": "proclima",
"scope": null,
"trust": 0.7,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric proclima",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "6.0.1"
},
{
"model": "proclima",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "6.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "proclima",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "ae319f92-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-001"
},
{
"db": "CNVD",
"id": "CNVD-2014-09017"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007422"
},
{
"db": "NVD",
"id": "CVE-2014-8513"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-571"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider_electric:proclima:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8513"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrea Micalizzi (rgod)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-001"
}
],
"trust": 0.7
},
"cve": "CVE-2014-8513",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-8513",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 1.5,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-09017",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "ae319f92-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-76458",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-8513",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2014-8513",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-09017",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201412-571",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "ae319f92-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-76458",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ae319f92-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-001"
},
{
"db": "CNVD",
"id": "CNVD-2014-09017"
},
{
"db": "VULHUB",
"id": "VHN-76458"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007422"
},
{
"db": "NVD",
"id": "CVE-2014-8513"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-571"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8514 and CVE-2014-9188. NOTE: this may be clarified later based on details provided by researchers. This vulnerability CVE-2014-8514 and CVE-2014-9188 Is a different vulnerability. The details of this issue may become clear in the future based on information provided by researchers.A third party may execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the MetaDraw ActiveX control\u0027s ObjectOverlappedBy method. The control dereferences an attacker-supplied memory address and redirects execution flow to the resulting address. An attacker can exploit this condition to achieve code execution under the context of the browser process. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Failed exploit attempts will likely result in denial-of-service conditions. \nProClima 6.0.1 and prior are vulnerable. Schneider Electric ProClima is a set of thermal calculation software from Schneider Electric, France",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8513"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007422"
},
{
"db": "ZDI",
"id": "ZDI-15-001"
},
{
"db": "CNVD",
"id": "CNVD-2014-09017"
},
{
"db": "BID",
"id": "71707"
},
{
"db": "IVD",
"id": "ae319f92-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-76458"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-8513",
"trust": 4.3
},
{
"db": "ICS CERT",
"id": "ICSA-14-350-01",
"trust": 2.5
},
{
"db": "BID",
"id": "71707",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201412-571",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-09017",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007422",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2480",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-15-001",
"trust": 0.7
},
{
"db": "IVD",
"id": "AE319F92-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-76458",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "ae319f92-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-001"
},
{
"db": "CNVD",
"id": "CNVD-2014-09017"
},
{
"db": "VULHUB",
"id": "VHN-76458"
},
{
"db": "BID",
"id": "71707"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007422"
},
{
"db": "NVD",
"id": "CVE-2014-8513"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-571"
}
]
},
"id": "VAR-201412-0559",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "ae319f92-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-09017"
},
{
"db": "VULHUB",
"id": "VHN-76458"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "ae319f92-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-09017"
}
]
},
"last_update_date": "2023-12-18T12:30:28.986000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ProClima Software Vulnerability Disclosure",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-344-01"
},
{
"title": "Schneider Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-350-01"
},
{
"title": "Patch for Schneider Electric ProClima Remote Buffer Overflow Vulnerability (CNVD-2014-09017)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/52954"
},
{
"title": "ProClima_v6.1.8_setup",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53033"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-001"
},
{
"db": "CNVD",
"id": "CNVD-2014-09017"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007422"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-571"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76458"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007422"
},
{
"db": "NVD",
"id": "CVE-2014-8513"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-350-01"
},
{
"trust": 1.7,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-344-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8513"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8513"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/71707"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-001"
},
{
"db": "CNVD",
"id": "CNVD-2014-09017"
},
{
"db": "VULHUB",
"id": "VHN-76458"
},
{
"db": "BID",
"id": "71707"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007422"
},
{
"db": "NVD",
"id": "CVE-2014-8513"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-571"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "ae319f92-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-001"
},
{
"db": "CNVD",
"id": "CNVD-2014-09017"
},
{
"db": "VULHUB",
"id": "VHN-76458"
},
{
"db": "BID",
"id": "71707"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007422"
},
{
"db": "NVD",
"id": "CVE-2014-8513"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-571"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-19T00:00:00",
"db": "IVD",
"id": "ae319f92-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-01-07T00:00:00",
"db": "ZDI",
"id": "ZDI-15-001"
},
{
"date": "2014-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-09017"
},
{
"date": "2014-12-27T00:00:00",
"db": "VULHUB",
"id": "VHN-76458"
},
{
"date": "2014-12-10T00:00:00",
"db": "BID",
"id": "71707"
},
{
"date": "2015-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007422"
},
{
"date": "2014-12-27T15:59:02.777000",
"db": "NVD",
"id": "CVE-2014-8513"
},
{
"date": "2014-12-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-571"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-07T00:00:00",
"db": "ZDI",
"id": "ZDI-15-001"
},
{
"date": "2014-12-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-09017"
},
{
"date": "2014-12-29T00:00:00",
"db": "VULHUB",
"id": "VHN-76458"
},
{
"date": "2015-01-12T01:02:00",
"db": "BID",
"id": "71707"
},
{
"date": "2015-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007422"
},
{
"date": "2014-12-29T23:12:32.693000",
"db": "NVD",
"id": "CVE-2014-8513"
},
{
"date": "2015-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-571"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-571"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric ProClima of MDraw30.ocx of ActiveX Control buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007422"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "ae319f92-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-571"
}
],
"trust": 0.8
}
}
VAR-201412-0557
Vulnerability from variot - Updated: 2023-12-18 12:30Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8512. NOTE: this may be clarified later based on details provided by researchers. This vulnerability CVE-2014-8512 Is a different vulnerability. The details of this issue may become clear in the future based on information provided by researchers.A third party may execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the ATX45.ATX45Ctrl.1 ActiveX control in Atx45.ocx. The control does not check the length of an attacker-supplied string in the SetHtmlFileName method before copying it into a fixed length buffer on the heap. This allows an attacker to execute arbitrary code in the context of the browser process. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Failed exploit attempts will likely result in denial-of-service conditions. ProClima 6.0.1 and prior are vulnerable. Schneider Electric ProClima is a set of thermal calculation software from Schneider Electric, France
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201412-0557",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "proclima",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "6.0.1"
},
{
"model": "proclima",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "6.1.7"
},
{
"model": "proclima",
"scope": null,
"trust": 0.7,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric proclima",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "6.0.1"
},
{
"model": "proclima",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "6.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "proclima",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "ae2d23fe-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-003"
},
{
"db": "CNVD",
"id": "CNVD-2014-09023"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007420"
},
{
"db": "NVD",
"id": "CVE-2014-8511"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-569"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:proclima:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8511"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ariele Caltabiano (kimiya)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-003"
}
],
"trust": 0.7
},
"cve": "CVE-2014-8511",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2014-8511",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-8511",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-09023",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "ae2d23fe-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-76456",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-8511",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2014-8511",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-09023",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201412-569",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "ae2d23fe-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-76456",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ae2d23fe-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-003"
},
{
"db": "CNVD",
"id": "CNVD-2014-09023"
},
{
"db": "VULHUB",
"id": "VHN-76456"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007420"
},
{
"db": "NVD",
"id": "CVE-2014-8511"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-569"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8512. NOTE: this may be clarified later based on details provided by researchers. This vulnerability CVE-2014-8512 Is a different vulnerability. The details of this issue may become clear in the future based on information provided by researchers.A third party may execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the ATX45.ATX45Ctrl.1 ActiveX control in Atx45.ocx. The control does not check the length of an attacker-supplied string in the SetHtmlFileName method before copying it into a fixed length buffer on the heap. This allows an attacker to execute arbitrary code in the context of the browser process. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Failed exploit attempts will likely result in denial-of-service conditions. \nProClima 6.0.1 and prior are vulnerable. Schneider Electric ProClima is a set of thermal calculation software from Schneider Electric, France",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8511"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007420"
},
{
"db": "ZDI",
"id": "ZDI-15-003"
},
{
"db": "CNVD",
"id": "CNVD-2014-09023"
},
{
"db": "BID",
"id": "71712"
},
{
"db": "IVD",
"id": "ae2d23fe-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-76456"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-8511",
"trust": 4.3
},
{
"db": "ICS CERT",
"id": "ICSA-14-350-01",
"trust": 2.5
},
{
"db": "BID",
"id": "71712",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201412-569",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-09023",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007420",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2477",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-15-003",
"trust": 0.7
},
{
"db": "IVD",
"id": "AE2D23FE-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-76456",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "ae2d23fe-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-003"
},
{
"db": "CNVD",
"id": "CNVD-2014-09023"
},
{
"db": "VULHUB",
"id": "VHN-76456"
},
{
"db": "BID",
"id": "71712"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007420"
},
{
"db": "NVD",
"id": "CVE-2014-8511"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-569"
}
]
},
"id": "VAR-201412-0557",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "ae2d23fe-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-09023"
},
{
"db": "VULHUB",
"id": "VHN-76456"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "ae2d23fe-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-09023"
}
]
},
"last_update_date": "2023-12-18T12:30:28.896000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ProClima Software Vulnerability Disclosure",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-344-01"
},
{
"title": "Schneider Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-350-01"
},
{
"title": "Patch for Schneider Electric ProClima Remote Buffer Overflow Vulnerability (CNVD-2014-09023)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/52960"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-003"
},
{
"db": "CNVD",
"id": "CNVD-2014-09023"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007420"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76456"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007420"
},
{
"db": "NVD",
"id": "CVE-2014-8511"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-350-01"
},
{
"trust": 1.7,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-344-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8511"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8511"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/71712"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-003"
},
{
"db": "CNVD",
"id": "CNVD-2014-09023"
},
{
"db": "VULHUB",
"id": "VHN-76456"
},
{
"db": "BID",
"id": "71712"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007420"
},
{
"db": "NVD",
"id": "CVE-2014-8511"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-569"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "ae2d23fe-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-003"
},
{
"db": "CNVD",
"id": "CNVD-2014-09023"
},
{
"db": "VULHUB",
"id": "VHN-76456"
},
{
"db": "BID",
"id": "71712"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007420"
},
{
"db": "NVD",
"id": "CVE-2014-8511"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-569"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-19T00:00:00",
"db": "IVD",
"id": "ae2d23fe-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-01-07T00:00:00",
"db": "ZDI",
"id": "ZDI-15-003"
},
{
"date": "2014-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-09023"
},
{
"date": "2014-12-27T00:00:00",
"db": "VULHUB",
"id": "VHN-76456"
},
{
"date": "2014-12-10T00:00:00",
"db": "BID",
"id": "71712"
},
{
"date": "2015-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007420"
},
{
"date": "2014-12-27T15:59:00.057000",
"db": "NVD",
"id": "CVE-2014-8511"
},
{
"date": "2014-12-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-569"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-07T00:00:00",
"db": "ZDI",
"id": "ZDI-15-003"
},
{
"date": "2014-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-09023"
},
{
"date": "2015-02-02T00:00:00",
"db": "VULHUB",
"id": "VHN-76456"
},
{
"date": "2015-01-12T00:02:00",
"db": "BID",
"id": "71712"
},
{
"date": "2015-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007420"
},
{
"date": "2015-02-02T16:49:22.903000",
"db": "NVD",
"id": "CVE-2014-8511"
},
{
"date": "2015-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-569"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-569"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric ProClima of Atx45.ocx of ActiveX Control buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007420"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "ae2d23fe-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-569"
}
],
"trust": 0.8
}
}
VAR-201412-0411
Vulnerability from variot - Updated: 2023-12-18 12:30Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514. NOTE: this may be clarified later based on details provided by researchers. This vulnerability CVE-2014-8513 and CVE-2014-8514 Is a different vulnerability. The details of this issue may become clear in the future based on information provided by researchers.A third party may execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the MetaDraw ActiveX control's ArrangeObjects method. The control dereferences an attacker-supplied memory address and redirects execution flow to the resulting address. An attacker can exploit this condition to achieve code execution under the context of the browser process. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Failed exploit attempts will likely result in denial-of-service conditions. ProClima 6.0.1 and prior are vulnerable. Schneider Electric ProClima is a set of thermal calculation software from Schneider Electric, France
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201412-0411",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "proclima",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "6.0.1"
},
{
"model": "proclima",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "6.1.7"
},
{
"model": "proclima",
"scope": null,
"trust": 0.7,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric proclima",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "6.0.1"
},
{
"model": "proclima",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "6.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "proclima",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "ae18d5ca-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-005"
},
{
"db": "CNVD",
"id": "CNVD-2014-09022"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007424"
},
{
"db": "NVD",
"id": "CVE-2014-9188"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-573"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider_electric:proclima:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9188"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrea Micalizzi (rgod)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-005"
}
],
"trust": 0.7
},
"cve": "CVE-2014-9188",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2014-9188",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-9188",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-09022",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "ae18d5ca-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-77133",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-9188",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2014-9188",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-09022",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201412-573",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "ae18d5ca-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-77133",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2014-9188",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ae18d5ca-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-005"
},
{
"db": "CNVD",
"id": "CNVD-2014-09022"
},
{
"db": "VULHUB",
"id": "VHN-77133"
},
{
"db": "VULMON",
"id": "CVE-2014-9188"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007424"
},
{
"db": "NVD",
"id": "CVE-2014-9188"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-573"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514. NOTE: this may be clarified later based on details provided by researchers. This vulnerability CVE-2014-8513 and CVE-2014-8514 Is a different vulnerability. The details of this issue may become clear in the future based on information provided by researchers.A third party may execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the MetaDraw ActiveX control\u0027s ArrangeObjects method. The control dereferences an attacker-supplied memory address and redirects execution flow to the resulting address. An attacker can exploit this condition to achieve code execution under the context of the browser process. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Failed exploit attempts will likely result in denial-of-service conditions. \nProClima 6.0.1 and prior are vulnerable. Schneider Electric ProClima is a set of thermal calculation software from Schneider Electric, France",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9188"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007424"
},
{
"db": "ZDI",
"id": "ZDI-15-005"
},
{
"db": "CNVD",
"id": "CNVD-2014-09022"
},
{
"db": "BID",
"id": "71713"
},
{
"db": "IVD",
"id": "ae18d5ca-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-77133"
},
{
"db": "VULMON",
"id": "CVE-2014-9188"
}
],
"trust": 3.42
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-9188",
"trust": 4.4
},
{
"db": "ICS CERT",
"id": "ICSA-14-350-01",
"trust": 2.6
},
{
"db": "BID",
"id": "71713",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201412-573",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-09022",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007424",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2524",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-15-005",
"trust": 0.7
},
{
"db": "IVD",
"id": "AE18D5CA-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-77133",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-9188",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "ae18d5ca-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-005"
},
{
"db": "CNVD",
"id": "CNVD-2014-09022"
},
{
"db": "VULHUB",
"id": "VHN-77133"
},
{
"db": "VULMON",
"id": "CVE-2014-9188"
},
{
"db": "BID",
"id": "71713"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007424"
},
{
"db": "NVD",
"id": "CVE-2014-9188"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-573"
}
]
},
"id": "VAR-201412-0411",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "ae18d5ca-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-09022"
},
{
"db": "VULHUB",
"id": "VHN-77133"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "ae18d5ca-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-09022"
}
]
},
"last_update_date": "2023-12-18T12:30:28.941000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ProClima Software Vulnerability Disclosure",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-344-01"
},
{
"title": "Schneider Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-350-01"
},
{
"title": "Patch for Schneider Electric ProClima Remote Buffer Overflow Vulnerability (CNVD-2014-09022)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/52961"
},
{
"title": "ProClima_v6.1.8_setup",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53033"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-005"
},
{
"db": "CNVD",
"id": "CNVD-2014-09022"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007424"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-573"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77133"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007424"
},
{
"db": "NVD",
"id": "CVE-2014-9188"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-350-01"
},
{
"trust": 1.8,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-344-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9188"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9188"
},
{
"trust": 0.7,
"url": "http://www.securityfocus.com/bid/71713"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=36781"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-005"
},
{
"db": "CNVD",
"id": "CNVD-2014-09022"
},
{
"db": "VULHUB",
"id": "VHN-77133"
},
{
"db": "VULMON",
"id": "CVE-2014-9188"
},
{
"db": "BID",
"id": "71713"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007424"
},
{
"db": "NVD",
"id": "CVE-2014-9188"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-573"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "ae18d5ca-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-005"
},
{
"db": "CNVD",
"id": "CNVD-2014-09022"
},
{
"db": "VULHUB",
"id": "VHN-77133"
},
{
"db": "VULMON",
"id": "CVE-2014-9188"
},
{
"db": "BID",
"id": "71713"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007424"
},
{
"db": "NVD",
"id": "CVE-2014-9188"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-573"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-19T00:00:00",
"db": "IVD",
"id": "ae18d5ca-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-01-07T00:00:00",
"db": "ZDI",
"id": "ZDI-15-005"
},
{
"date": "2014-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-09022"
},
{
"date": "2014-12-27T00:00:00",
"db": "VULHUB",
"id": "VHN-77133"
},
{
"date": "2014-12-27T00:00:00",
"db": "VULMON",
"id": "CVE-2014-9188"
},
{
"date": "2014-12-10T00:00:00",
"db": "BID",
"id": "71713"
},
{
"date": "2015-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007424"
},
{
"date": "2014-12-27T15:59:04.887000",
"db": "NVD",
"id": "CVE-2014-9188"
},
{
"date": "2014-12-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-573"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-07T00:00:00",
"db": "ZDI",
"id": "ZDI-15-005"
},
{
"date": "2014-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-09022"
},
{
"date": "2014-12-29T00:00:00",
"db": "VULHUB",
"id": "VHN-77133"
},
{
"date": "2014-12-29T00:00:00",
"db": "VULMON",
"id": "CVE-2014-9188"
},
{
"date": "2015-01-12T00:02:00",
"db": "BID",
"id": "71713"
},
{
"date": "2015-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007424"
},
{
"date": "2014-12-29T23:15:03.177000",
"db": "NVD",
"id": "CVE-2014-9188"
},
{
"date": "2015-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-573"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-573"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric ProClima of MDraw30.ocx of ActiveX Control buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007424"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "ae18d5ca-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-573"
}
],
"trust": 0.8
}
}
CVE-2014-9188 (GCVE-0-2014-9188)
Vulnerability from cvelistv5 – Published: 2014-12-27 15:00 – Updated: 2025-07-24 22:39
VLAI?
Summary
Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514. NOTE: this may be clarified later based on details provided by researchers.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Schneider Electric | ProClima |
Affected:
0 , ≤ 6.0.1
(custom)
|
Credits
This vulnerability was reported to ZDI by security researchers Ariele Caltabiano, Andrea Micalizzi, and Brian Gorenc.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:23.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ProClima",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "6.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability was reported to ZDI by security researchers Ariele Caltabiano, Andrea Micalizzi, and Brian Gorenc."
}
],
"datePublic": "2014-12-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eBuffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514. NOTE: this may be clarified later based on details provided by researchers.\u003c/p\u003e"
}
],
"value": "Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514. NOTE: this may be clarified later based on details provided by researchers."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T22:39:42.287Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-350-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSchneider Electric has released an updated version of the ProClima \nsoftware, Version 6.1.7, which mitigates these vulnerabilities. \nCustomers are encouraged to download the new version and update their \ninstallations. It is important that customers first uninstall the \ncurrent version. The new version can be downloaded from Schneider \nElectric\u2019s web site at the following location:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.schneider-electric.com/ww/en/download/document/ProClima_software\"\u003ehttp://www.schneider-electric.com/ww/en/download/document/ProClima_software\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eFor further information on these vulnerabilities, please see \nSchneider Electric\u2019s security notification (SEVD 2014-344-01) at \nSchneider Electric\u2019s cybersecurity web page:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cyber-security-vulnerabilities-sorted.page%20\"\u003ehttp://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cyber-security-vulnerabilities-sorted.page\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Schneider Electric has released an updated version of the ProClima \nsoftware, Version 6.1.7, which mitigates these vulnerabilities. \nCustomers are encouraged to download the new version and update their \ninstallations. It is important that customers first uninstall the \ncurrent version. The new version can be downloaded from Schneider \nElectric\u2019s web site at the following location:\n\n\n http://www.schneider-electric.com/ww/en/download/document/ProClima_software \n\n\nFor further information on these vulnerabilities, please see \nSchneider Electric\u2019s security notification (SEVD 2014-344-01) at \nSchneider Electric\u2019s cybersecurity web page:\n\n\n http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cyber-security-vulnerabilities-sorted.page http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cyber-security-vulnerabilities-sorted.page%20"
}
],
"source": {
"advisory": "ICSA-14-350-01",
"discovery": "EXTERNAL"
},
"title": "Schneider Electric ProClima Command Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-9188",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514. NOTE: this may be clarified later based on details provided by researchers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01",
"refsource": "CONFIRM",
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-9188",
"datePublished": "2014-12-27T15:00:00",
"dateReserved": "2014-12-02T00:00:00",
"dateUpdated": "2025-07-24T22:39:42.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9188 (GCVE-0-2014-9188)
Vulnerability from nvd – Published: 2014-12-27 15:00 – Updated: 2025-07-24 22:39
VLAI?
Summary
Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514. NOTE: this may be clarified later based on details provided by researchers.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Schneider Electric | ProClima |
Affected:
0 , ≤ 6.0.1
(custom)
|
Credits
This vulnerability was reported to ZDI by security researchers Ariele Caltabiano, Andrea Micalizzi, and Brian Gorenc.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:23.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ProClima",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "6.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability was reported to ZDI by security researchers Ariele Caltabiano, Andrea Micalizzi, and Brian Gorenc."
}
],
"datePublic": "2014-12-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eBuffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514. NOTE: this may be clarified later based on details provided by researchers.\u003c/p\u003e"
}
],
"value": "Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514. NOTE: this may be clarified later based on details provided by researchers."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T22:39:42.287Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-350-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSchneider Electric has released an updated version of the ProClima \nsoftware, Version 6.1.7, which mitigates these vulnerabilities. \nCustomers are encouraged to download the new version and update their \ninstallations. It is important that customers first uninstall the \ncurrent version. The new version can be downloaded from Schneider \nElectric\u2019s web site at the following location:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.schneider-electric.com/ww/en/download/document/ProClima_software\"\u003ehttp://www.schneider-electric.com/ww/en/download/document/ProClima_software\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eFor further information on these vulnerabilities, please see \nSchneider Electric\u2019s security notification (SEVD 2014-344-01) at \nSchneider Electric\u2019s cybersecurity web page:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cyber-security-vulnerabilities-sorted.page%20\"\u003ehttp://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cyber-security-vulnerabilities-sorted.page\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Schneider Electric has released an updated version of the ProClima \nsoftware, Version 6.1.7, which mitigates these vulnerabilities. \nCustomers are encouraged to download the new version and update their \ninstallations. It is important that customers first uninstall the \ncurrent version. The new version can be downloaded from Schneider \nElectric\u2019s web site at the following location:\n\n\n http://www.schneider-electric.com/ww/en/download/document/ProClima_software \n\n\nFor further information on these vulnerabilities, please see \nSchneider Electric\u2019s security notification (SEVD 2014-344-01) at \nSchneider Electric\u2019s cybersecurity web page:\n\n\n http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cyber-security-vulnerabilities-sorted.page http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cyber-security-vulnerabilities-sorted.page%20"
}
],
"source": {
"advisory": "ICSA-14-350-01",
"discovery": "EXTERNAL"
},
"title": "Schneider Electric ProClima Command Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-9188",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514. NOTE: this may be clarified later based on details provided by researchers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01",
"refsource": "CONFIRM",
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-9188",
"datePublished": "2014-12-27T15:00:00",
"dateReserved": "2014-12-02T00:00:00",
"dateUpdated": "2025-07-24T22:39:42.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}