Lucene search

[email protected]CVE-2015-7939

HistoryJan 09, 2016 - 2:59 a.m.

CVE-2015-7939

2016-01-0902:59:00

CWE-119

[email protected]

web.nvd.nist.gov

cve

2015

7939

buffer overflow

unitronics

visilogic

oplc

ide

nvd

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.276 Low

EPSS

Percentile

96.8%

JSON

Heap-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.09 allows remote attackers to execute arbitrary code via a long vlp filename.

CPENameOperatorVersion
unitronics:visilogic_oplc_ideunitronics visilogic oplc idele9.8.0.00

CPE	Name	Operator	Version
unitronics:visilogic_oplc_ide	unitronics visilogic oplc ide	le	9.8.0.00

References

www.zerodayinitiative.com/advisories/ZDI-16-001

ics-cert.us-cert.gov/advisories/ICSA-15-274-02A

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.276 Low

EPSS

Percentile

96.8%

JSON

Related for CVE-2015-7939

checkpoint_advisories1 prion1 cvelist1 zdi1 ics1