Lucene search

[email protected]CVE-2015-8561

HistoryOct 03, 2022 - 4:16 p.m.

CVE-2015-8561

2022-10-0316:16:00

CWE-119

[email protected]

web.nvd.nist.gov

cve

schneider electric proclima

activex

remote code execution

denial of service

memory corruption

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

High

0.443 Medium

EPSS

Percentile

97.4%

JSON

The F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted integer value to the (1) AttachToSS, (2) CopyAll, (3) CopyRange, (4) CopyRangeEx, or (5) SwapTable method, a different vulnerability than CVE-2015-7918.

Affected configurations

NVD

Node

schneider-electricproclimaRange≤6.1

CPENameOperatorVersion
schneider-electric:proclimaschneider-electric proclimale6.1

CPE	Name	Operator	Version
schneider-electric:proclima	schneider-electric proclima	le	6.1

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-329-01

www.zerodayinitiative.com/advisories/ZDI-15-626

www.zerodayinitiative.com/advisories/ZDI-15-627

www.zerodayinitiative.com/advisories/ZDI-15-628

www.zerodayinitiative.com/advisories/ZDI-15-629

ics-cert.us-cert.gov/advisories/ICSA-15-335-02

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

High

0.443 Medium

EPSS

Percentile

97.4%

JSON

Related for CVE-2015-8561

checkpoint_advisories1 cvelist2 nvd2 cve1 prion2 zdi11 ics1