Lucene search

[email protected]CVE-2014-9188

HistoryDec 27, 2014 - 3:59 p.m.

CVE-2014-9188

2014-12-2715:59:04

CWE-119

[email protected]

web.nvd.nist.gov

cve-2014-9188

buffer overflow

activex control

schneider electric proclima

remote code execution

security vulnerability

nvd

7.9 High

AI Score

Confidence

Low

9 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:C/I:P/A:P

0.27 Low

EPSS

Percentile

96.8%

JSON

Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514. NOTE: this may be clarified later based on details provided by researchers.

Affected configurations

NVD

Node

schneider_electricproclimaRange≤6.0.1

CPENameOperatorVersion
schneider_electric:proclimaschneider electric proclimale6.0.1

CPE	Name	Operator	Version
schneider_electric:proclima	schneider electric proclima	le	6.0.1

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01

ics-cert.us-cert.gov/advisories/ICSA-14-350-01

7.9 High

AI Score

Confidence

Low

9 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:C/I:P/A:P

0.27 Low

EPSS

Percentile

96.8%

JSON

Related for CVE-2014-9188

cvelist3 cve2 nvd3 prion3 checkpoint_advisories1 zdi3 ics1