Proclima
CVE-2015-7918
MEDIUM
Severity by source
AV:N/AC:M/Au:N/C:P/I:P/A:P
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:M/Au:N/C:P/I:P/A:P
Lifecycle Timeline
1DescriptionCVE.org
Multiple buffer overflows in the F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allow remote attackers to execute arbitrary code via the (1) Attach, (2) DefinedName, (3) DefinedNameLocal, (4) ODBCPrepareEx, (5) ObjCreatePolygon, (6) SetTabbedTextEx, or (7) SetValidationRule method, a different vulnerability than CVE-2015-8561.
AnalysisAI
Multiple buffer overflows in the F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allow remote attackers to execute arbitrary code via the (1) Attach, (2). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 11.2% and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Multiple buffer overflows in the F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allow remote attackers to execute arbitrary code via the (1) Attach, (2) DefinedName, (3) DefinedNameLocal, (4) ODBCPrepareEx, (5) ObjCreatePolygon, (6) SetTabbedTextEx, or (7) SetValidationRule method, a different vulnerability than CVE-2015-8561. Affected products include: Schneider-Electric Proclima. Version information: before 6.2.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.
Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers
Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers t
A CWE-119: Buffer Errors vulnerability exists in ProClima (all versions prior to version 8.0.0) which allows an unauthen
A CWE-94: Code Injection vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow an una
Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers
Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers
Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers t
A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProClima (all versions prior to version 8.0.0) which
The F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allows remote attackers to execu
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today