Lucene search

[email protected]CVE-2014-8512

HistoryDec 27, 2014 - 3:59 p.m.

CVE-2014-8512

2014-12-2715:59:01

CWE-119

[email protected]

web.nvd.nist.gov

cve-2014-8512

buffer overflow

activex control

schneider electric

proclima

remote code execution

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.399 Low

EPSS

Percentile

97.3%

JSON

Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8511. NOTE: this may be clarified later based on details provided by researchers.

Affected configurations

NVD

Node

schneider_electricproclimaRange≤6.0.1

CPENameOperatorVersion
schneider_electric:proclimaschneider electric proclimale6.0.1

CPE	Name	Operator	Version
schneider_electric:proclima	schneider electric proclima	le	6.0.1

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01

ics-cert.us-cert.gov/advisories/ICSA-14-350-01

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.399 Low

EPSS

Percentile

97.3%

JSON

Related for CVE-2014-8512

prion2 cve1 cvelist2 nvd2 zdi2 ics1 checkpoint_advisories1