Lucene search

[email protected]CVE-2015-7918

HistoryDec 15, 2015 - 5:59 a.m.

CVE-2015-7918

2015-12-1505:59:08

CWE-119

[email protected]

web.nvd.nist.gov

cve-2015-7918

buffer overflow

f1bookview

activex control

schneider electric proclima

remote code execution

vulnerability

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

Low

0.443 Medium

EPSS

Percentile

97.4%

JSON

Multiple buffer overflows in the F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allow remote attackers to execute arbitrary code via the (1) Attach, (2) DefinedName, (3) DefinedNameLocal, (4) ODBCPrepareEx, (5) ObjCreatePolygon, (6) SetTabbedTextEx, or (7) SetValidationRule method, a different vulnerability than CVE-2015-8561.

Affected configurations

NVD

Node

schneider-electricproclimaRange≤6.1

CPENameOperatorVersion
schneider-electric:proclimaschneider-electric proclimale6.1

CPE	Name	Operator	Version
schneider-electric:proclima	schneider-electric proclima	le	6.1

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-329-01

www.zerodayinitiative.com/advisories/ZDI-15-625

www.zerodayinitiative.com/advisories/ZDI-15-630

www.zerodayinitiative.com/advisories/ZDI-15-631

www.zerodayinitiative.com/advisories/ZDI-15-632

www.zerodayinitiative.com/advisories/ZDI-15-633

www.zerodayinitiative.com/advisories/ZDI-15-634

www.zerodayinitiative.com/advisories/ZDI-15-635

ics-cert.us-cert.gov/advisories/ICSA-15-335-02

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

Low

0.443 Medium

EPSS

Percentile

97.4%

JSON

Related for CVE-2015-7918

checkpoint_advisories1 cvelist2 nvd2 prion2 cve1 ics1 zdi11