Sign-up

ID

VAR-201503-0071


CVE

CVE-2015-0982


TITLE

Schneider Electric Pelco DS-NVs of DLL Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2015-001829

DESCRIPTION

Buffer overflow in an unspecified DLL in Schneider Electric Pelco DS-NVs before 7.8.90 allows remote attackers to execute arbitrary code via unspecified vectors. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the Rvctl.RVControl.1 ActiveX Control in rvctl.dll. The control does not check the length of an attacker-supplied string in the SetText method before copying it into a fixed length buffer on the stack. This allows an attacker to execute arbitrary code in the context of the browser process. Schneider Electric Pelco DS-NVs is a set of IP video management software from Schneider Electric of France. Schneider Electric DS-NVs are prone to a stack buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input before copying it into a fixed-size buffer. Failed exploit attempts will likely result in denial-of-service conditions

Trust: 3.15

sources: NVD: CVE-2015-0982 // JVNDB: JVNDB-2015-001829 // ZDI: ZDI-15-090 // CNVD: CNVD-2015-01794 // BID: 73096 // VULHUB: VHN-78928

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-01794

AFFECTED PRODUCTS

vendor:schneider electricmodel:pelco ds-nvscope:ltversion:7.8.90

Trust: 1.0

vendor:schneider electricmodel:pelco ds-nvsscope:ltversion:7.8.90

Trust: 0.8

vendor:schneider electricmodel:ds-nvsscope: - version: -

Trust: 0.7

vendor:schneidermodel:electric pelco ds-nvsscope:ltversion:7.8.90

Trust: 0.6

vendor:schneider electricmodel:pelco ds-nvscope:eqversion:7.6.32

Trust: 0.6

sources: ZDI: ZDI-15-090 // CNVD: CNVD-2015-01794 // JVNDB: JVNDB-2015-001829 // CNNVD: CNNVD-201503-332 // NVD: CVE-2015-0982

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0982
value: HIGH

Trust: 1.0

NVD: CVE-2015-0982
value: HIGH

Trust: 0.8

ZDI: CVE-2015-0982
value: HIGH

Trust: 0.7

CNVD: CNVD-2015-01794
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201503-332
value: HIGH

Trust: 0.6

VULHUB: VHN-78928
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-0982
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 2.5

CNVD: CNVD-2015-01794
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-78928
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: ZDI: ZDI-15-090 // CNVD: CNVD-2015-01794 // VULHUB: VHN-78928 // JVNDB: JVNDB-2015-001829 // CNNVD: CNNVD-201503-332 // NVD: CVE-2015-0982

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-78928 // JVNDB: JVNDB-2015-001829 // NVD: CVE-2015-0982

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201503-332

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201503-332

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-001829

PATCH
title:Pelco DS-NVs Video Management Software Vulnerabilityurl:http://download.schneider-electric.com/files?p_File_Id=755516404&p_File_Name=SEVD-2015-065-01+Pelco+DS-NVs+Video+Mgmt+SW.pdf
Trust: 0.8
title:Schneider Electric has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-15-071-01
Trust: 0.7
title:Patch for Schneider Electric Pelco DS-NVs Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/56335
Trust: 0.6
title:DS Installer 7.8.90url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54442
Trust: 0.6
sources:
            
            
            ZDI: ZDI-15-090 // 
            
            
            
            CNVD: CNVD-2015-01794 // 
            
            
            
            JVNDB: JVNDB-2015-001829 // 
            
            
            
            CNNVD: CNNVD-201503-332

EXTERNAL IDS
db:NVDid:CVE-2015-0982
Trust: 4.1
db:ICS CERTid:ICSA-15-071-01
Trust: 2.5
db:SCHNEIDERid:SEVD-2015-065-01
Trust: 2.3
db:BIDid:73096
Trust: 1.0
db:JVNDBid:JVNDB-2015-001829
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-2341
Trust: 0.7
db:ZDIid:ZDI-15-090
Trust: 0.7
db:CNNVDid:CNNVD-201503-332
Trust: 0.7
db:CNVDid:CNVD-2015-01794
Trust: 0.6
db:VULHUBid:VHN-78928
Trust: 0.1
sources:
            
            
            ZDI: ZDI-15-090 // 
            
            
            
            CNVD: CNVD-2015-01794 // 
            
            
            
            VULHUB: VHN-78928 // 
            
            
            
            BID: 73096 // 
            
            
            
            JVNDB: JVNDB-2015-001829 // 
            
            
            
            CNNVD: CNNVD-201503-332 // 
            
            
            
            NVD: CVE-2015-0982

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-15-071-01
Trust: 3.2
url:http://download.schneider-electric.com/files?p_file_id=755516404&p_file_name=sevd-2015-065-01+pelco+ds-nvs+video+mgmt+sw.pdf
Trust: 2.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0982
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0982
Trust: 0.8
url:http://download.schneider-electric.com/files?p_file_id=755516404&p_file_name=sevd-2015-065-01+pelco+ds-nvs+video+mgmt+sw.pdf
Trust: 0.1
sources:
            
            
            ZDI: ZDI-15-090 // 
            
            
            
            CNVD: CNVD-2015-01794 // 
            
            
            
            VULHUB: VHN-78928 // 
            
            
            
            JVNDB: JVNDB-2015-001829 // 
            
            
            
            CNNVD: CNNVD-201503-332 // 
            
            
            
            NVD: CVE-2015-0982

CREDITS
Ariele Caltabiano (kimiya) and Andrea Micalizzi (rgod)
Trust: 1.0
sources:
            
            
            ZDI: ZDI-15-090 // 
            
            
            
            BID: 73096

SOURCES
db:ZDIid:ZDI-15-090
db:CNVDid:CNVD-2015-01794
db:VULHUBid:VHN-78928
db:BIDid:73096
db:JVNDBid:JVNDB-2015-001829
db:CNNVDid:CNNVD-201503-332
db:NVDid:CVE-2015-0982

LAST UPDATE DATE
2025-04-12T23:34:03.805000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-15-090date:2015-03-12T00:00:00
db:CNVDid:CNVD-2015-01794date:2015-03-18T00:00:00
db:VULHUBid:VHN-78928date:2015-03-16T00:00:00
db:BIDid:73096date:2015-03-13T00:00:00
db:JVNDBid:JVNDB-2015-001829date:2015-03-17T00:00:00
db:CNNVDid:CNNVD-201503-332date:2022-02-07T00:00:00
db:NVDid:CVE-2015-0982date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:ZDIid:ZDI-15-090date:2015-03-12T00:00:00
db:CNVDid:CNVD-2015-01794date:2015-03-18T00:00:00
db:VULHUBid:VHN-78928date:2015-03-14T00:00:00
db:BIDid:73096date:2015-03-13T00:00:00
db:JVNDBid:JVNDB-2015-001829date:2015-03-17T00:00:00
db:CNNVDid:CNNVD-201503-332date:2015-03-16T00:00:00
db:NVDid:CVE-2015-0982date:2015-03-14T01:59:14.657