PT-2015-7806 · Schneider Electric · Proclima

Ariele Caltabiano

Publicado

2015-12-08

Atualizado

2015-12-16

CVE-2015-8561

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Schneider Electric ProClima versions prior to 6.2

Description The issue allows remote attackers to execute arbitrary code or cause a denial of service due to memory corruption. This can be achieved by providing a crafted integer value to certain methods in the F1BookView ActiveX control, including the AttachToSS, CopyAll, CopyRange, CopyRangeEx, or SwapTable method.

Recommendations For versions prior to 6.2, update to version 6.2 or later to resolve the issue. As a temporary workaround, consider disabling the AttachToSS, CopyAll, CopyRange, CopyRangeEx, and SwapTable methods in the F1BookView ActiveX control until a patch is available.

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

CVE-2015-8561

ZDI-15-626

ZDI-15-627

ZDI-15-628

ZDI-15-629

Produtos afetados

Proclima

PT-2015-7806 · Schneider Electric · Proclima

CVE-2015-8561

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11