PT-2015-7663 · Unitronics+1 · Unitronics Visilogic Oplc Ide+2

Andrea Micalizzi

Publicado

2015-11-13

Atualizado

2017-01-12

CVE-2015-7905

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Unitronics VisiLogic OPLC IDE versions prior to 9.8.02 Unitronics UniDownloader (affected versions not specified)

Description The issue allows remote attackers to execute unspecified code. It involves the IPWorksSSL.HTTPS.1 ActiveX Control, where properties such as WinSockPath, PostDataB, FirewallDataB, and SSLCertHandle are vulnerable to remote code execution.

Recommendations For Unitronics VisiLogic OPLC IDE versions prior to 9.8.02, update to version 9.8.02 or later. For Unitronics UniDownloader, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2015-7905

ZDI-15-574

ZDI-15-575

ZDI-15-576

Produtos afetados

Ipworksssl.Https.1 Activex Control

Unitronics Unidownloader

Unitronics Visilogic Oplc Ide

PT-2015-7663 · Unitronics+1 · Unitronics Visilogic Oplc Ide+2

CVE-2015-7905

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9