mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
119 lines
3.7 KiB
JSON
119 lines
3.7 KiB
JSON
{
|
|
"id": "CVE-2015-7918",
|
|
"sourceIdentifier": "ics-cert@hq.dhs.gov",
|
|
"published": "2015-12-15T05:59:08.857",
|
|
"lastModified": "2015-12-16T13:21:54.250",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Multiple buffer overflows in the F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allow remote attackers to execute arbitrary code via the (1) Attach, (2) DefinedName, (3) DefinedNameLocal, (4) ODBCPrepareEx, (5) ObjCreatePolygon, (6) SetTabbedTextEx, or (7) SetValidationRule method, a different vulnerability than CVE-2015-8561."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "M\u00faltiples desbordamientos de buffer en el control F1BookView ActiveX en F1 Bookview en Schneider Electric ProClima en versiones anteriores a 6.2 permite atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s del m\u00e9todo (1) Attach, (2) DefinedName, (3) DefinedNameLocal, (4) ODBCPrepareEx, (5) ObjCreatePolygon, (6) SetTabbedTextEx o (7) SetValidationRule, una vulnerabilidad diferente a CVE-2015-8561."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "PARTIAL",
|
|
"baseScore": 6.8
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 8.6,
|
|
"impactScore": 6.4,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": true
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-119"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:schneider-electric:proclima:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "6.1",
|
|
"matchCriteriaId": "12DFD1A6-BDB8-4864-A3E3-1CBF1609C17B"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-329-01",
|
|
"source": "ics-cert@hq.dhs.gov",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-625",
|
|
"source": "ics-cert@hq.dhs.gov"
|
|
},
|
|
{
|
|
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-630",
|
|
"source": "ics-cert@hq.dhs.gov"
|
|
},
|
|
{
|
|
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-631",
|
|
"source": "ics-cert@hq.dhs.gov"
|
|
},
|
|
{
|
|
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-632",
|
|
"source": "ics-cert@hq.dhs.gov"
|
|
},
|
|
{
|
|
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-633",
|
|
"source": "ics-cert@hq.dhs.gov"
|
|
},
|
|
{
|
|
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-634",
|
|
"source": "ics-cert@hq.dhs.gov"
|
|
},
|
|
{
|
|
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-635",
|
|
"source": "ics-cert@hq.dhs.gov"
|
|
},
|
|
{
|
|
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-335-02",
|
|
"source": "ics-cert@hq.dhs.gov",
|
|
"tags": [
|
|
"Third Party Advisory",
|
|
"US Government Resource"
|
|
]
|
|
}
|
|
]
|
|
} |