Lucene search

[email protected]CVE-2014-8513

HistoryDec 27, 2014 - 3:59 p.m.

CVE-2014-8513

2014-12-2715:59:02

CWE-119

[email protected]

web.nvd.nist.gov

cve-2014-8513

buffer overflow

mdraw30.ocx

schneider electric proclima

remote code execution

activex control

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.27 Low

EPSS

Percentile

96.8%

JSON

Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8514 and CVE-2014-9188. NOTE: this may be clarified later based on details provided by researchers.

Affected configurations

NVD

Node

schneider_electricproclimaRange≤6.0.1

CPENameOperatorVersion
schneider_electric:proclimaschneider electric proclimale6.0.1

CPE	Name	Operator	Version
schneider_electric:proclima	schneider electric proclima	le	6.0.1

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01

ics-cert.us-cert.gov/advisories/ICSA-14-350-01

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.27 Low

EPSS

Percentile

96.8%

JSON

Related for CVE-2014-8513

prion3 cve2 nvd3 cvelist3 ics1 zdi3 checkpoint_advisories1