Details of VAR-201412-0411

ID

VAR-201412-0411

CVE

CVE-2014-9188

TITLE

Schneider Electric ProClima of MDraw30.ocx of ActiveX Control buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-007424

DESCRIPTION

Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514. NOTE: this may be clarified later based on details provided by researchers. This vulnerability CVE-2014-8513 and CVE-2014-8514 Is a different vulnerability. The details of this issue may become clear in the future based on information provided by researchers.A third party may execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the MetaDraw ActiveX control's ArrangeObjects method. The control dereferences an attacker-supplied memory address and redirects execution flow to the resulting address. An attacker can exploit this condition to achieve code execution under the context of the browser process. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Failed exploit attempts will likely result in denial-of-service conditions. ProClima 6.0.1 and prior are vulnerable. Schneider Electric ProClima is a set of thermal calculation software from Schneider Electric, France

Trust: 3.42

sources: NVD: CVE-2014-9188 // JVNDB: JVNDB-2014-007424 // ZDI: ZDI-15-005 // CNVD: CNVD-2014-09022 // BID: 71713 // IVD: ae18d5ca-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-77133 // VULMON: CVE-2014-9188

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: ae18d5ca-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-09022

AFFECTED PRODUCTS

vendor:	schneider electric	model:	proclima	scope:	lte	version:	6.0.1	Trust: 1.0
vendor:	schneider electric	model:	proclima	scope:	lt	version:	6.1.7	Trust: 0.8
vendor:	schneider electric	model:	proclima	scope:	-	version:	-	Trust: 0.7
vendor:	schneider	model:	electric proclima	scope:	lt	version:	6.0.1	Trust: 0.6
vendor:	schneider electric	model:	proclima	scope:	eq	version:	6.0.1	Trust: 0.6
vendor:	proclima	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: ae18d5ca-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-15-005 // CNVD: CNVD-2014-09022 // JVNDB: JVNDB-2014-007424 // CNNVD: CNNVD-201412-573 // NVD: CVE-2014-9188

CVSS

SEVERITY

CVSSV2

CVSSV3

ics-cert@hq.dhs.gov:	CVE-2014-9188
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2014-9188
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-9188
value:	HIGH
Trust: 0.8
ZDI:	CVE-2014-9188
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2014-09022
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201412-573
value:	CRITICAL
Trust: 0.6
IVD:	ae18d5ca-2351-11e6-abef-000c29c66e3d
value:	CRITICAL
Trust: 0.2
VULHUB:	VHN-77133
value:	HIGH
Trust: 0.1
VULMON:	CVE-2014-9188
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-9188
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
ics-cert@hq.dhs.gov:	CVE-2014-9188
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
ZDI:	CVE-2014-9188
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
CNVD:	CNVD-2014-09022
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	ae18d5ca-2351-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-77133
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: ae18d5ca-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-15-005 // CNVD: CNVD-2014-09022 // VULHUB: VHN-77133 // VULMON: CVE-2014-9188 // JVNDB: JVNDB-2014-007424 // CNNVD: CNNVD-201412-573 // NVD: CVE-2014-9188 // NVD: CVE-2014-9188

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.9
problemtype:	CWE-77	Trust: 1.0

sources: VULHUB: VHN-77133 // JVNDB: JVNDB-2014-007424 // NVD: CVE-2014-9188

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201412-573

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: ae18d5ca-2351-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201412-573

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-007424

PATCH

title:	ProClima Software Vulnerability Disclosure	url:	http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01	Trust: 0.8
title:	Schneider Electric has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01	Trust: 0.7
title:	Patch for Schneider Electric ProClima Remote Buffer Overflow Vulnerability (CNVD-2014-09022)	url:	https://www.cnvd.org.cn/patchInfo/show/52961	Trust: 0.6
title:	ProClima_v6.1.8_setup	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53033	Trust: 0.6

sources: ZDI: ZDI-15-005 // CNVD: CNVD-2014-09022 // JVNDB: JVNDB-2014-007424 // CNNVD: CNNVD-201412-573

EXTERNAL IDS

db:	NVD	id:	CVE-2014-9188	Trust: 4.4
db:	ICS CERT	id:	ICSA-14-350-01	Trust: 2.6
db:	BID	id:	71713	Trust: 1.1
db:	CNNVD	id:	CNNVD-201412-573	Trust: 0.9
db:	CNVD	id:	CNVD-2014-09022	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-007424	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-2524	Trust: 0.7
db:	ZDI	id:	ZDI-15-005	Trust: 0.7
db:	IVD	id:	AE18D5CA-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-77133	Trust: 0.1
db:	VULMON	id:	CVE-2014-9188	Trust: 0.1

sources: IVD: ae18d5ca-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-15-005 // CNVD: CNVD-2014-09022 // VULHUB: VHN-77133 // VULMON: CVE-2014-9188 // BID: 71713 // JVNDB: JVNDB-2014-007424 // CNNVD: CNNVD-201412-573 // NVD: CVE-2014-9188

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-14-350-01	Trust: 3.4
url:	http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-344-01	Trust: 1.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-14-350-01	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9188	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9188	Trust: 0.8
url:	http://www.securityfocus.com/bid/71713	Trust: 0.7
url:	http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=36781	Trust: 0.1

sources: ZDI: ZDI-15-005 // CNVD: CNVD-2014-09022 // VULHUB: VHN-77133 // VULMON: CVE-2014-9188 // BID: 71713 // JVNDB: JVNDB-2014-007424 // CNNVD: CNNVD-201412-573 // NVD: CVE-2014-9188

CREDITS

Andrea Micalizzi (rgod)

Trust: 0.7

sources: ZDI: ZDI-15-005

SOURCES

db:	IVD	id:	ae18d5ca-2351-11e6-abef-000c29c66e3d
db:	ZDI	id:	ZDI-15-005
db:	CNVD	id:	CNVD-2014-09022
db:	VULHUB	id:	VHN-77133
db:	VULMON	id:	CVE-2014-9188
db:	BID	id:	71713
db:	JVNDB	id:	JVNDB-2014-007424
db:	CNNVD	id:	CNNVD-201412-573
db:	NVD	id:	CVE-2014-9188

LAST UPDATE DATE

2025-07-26T23:05:10.289000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-15-005	date:	2015-01-07T00:00:00
db:	CNVD	id:	CNVD-2014-09022	date:	2014-12-19T00:00:00
db:	VULHUB	id:	VHN-77133	date:	2014-12-29T00:00:00
db:	VULMON	id:	CVE-2014-9188	date:	2014-12-29T00:00:00
db:	BID	id:	71713	date:	2015-01-12T00:02:00
db:	JVNDB	id:	JVNDB-2014-007424	date:	2015-01-06T00:00:00
db:	CNNVD	id:	CNNVD-201412-573	date:	2015-01-04T00:00:00
db:	NVD	id:	CVE-2014-9188	date:	2025-07-24T23:15:24.770

SOURCES RELEASE DATE

db:	IVD	id:	ae18d5ca-2351-11e6-abef-000c29c66e3d	date:	2014-12-19T00:00:00
db:	ZDI	id:	ZDI-15-005	date:	2015-01-07T00:00:00
db:	CNVD	id:	CNVD-2014-09022	date:	2014-12-19T00:00:00
db:	VULHUB	id:	VHN-77133	date:	2014-12-27T00:00:00
db:	VULMON	id:	CVE-2014-9188	date:	2014-12-27T00:00:00
db:	BID	id:	71713	date:	2014-12-10T00:00:00
db:	JVNDB	id:	JVNDB-2014-007424	date:	2015-01-06T00:00:00
db:	CNNVD	id:	CNNVD-201412-573	date:	2014-12-27T00:00:00
db:	NVD	id:	CVE-2014-9188	date:	2014-12-27T15:59:04.887