Details of VAR-201506-0066

ID

VAR-201506-0066

CVE

CVE-2015-1000

TITLE

Moxa SoftCMS of RTSPVIDEO.rtspvideoCtrl.1 ActiveX Stack-based buffer overflow vulnerability in Control

Trust: 0.8

sources: JVNDB: JVNDB-2015-002947

DESCRIPTION

Stack-based buffer overflow in the OpenForIPCamTest method in the RTSPVIDEO.rtspvideoCtrl.1 (aka SStreamVideo) ActiveX control in Moxa SoftCMS before 1.3 allows remote attackers to execute arbitrary code via the StrRtspPath parameter. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the RTSPVIDEO.rtspvideoCtrl.1 ActiveX control. By passing an overly long string to the OpenForIPCamTest method's StrRtspPath parameter, an attacker can overflow a buffer on the stack. This vulnerability could be used to execute arbitrary code in the context of the browser. Moxa SoftCMS is a set of central management software developed by Moxa for large-scale monitoring systems. The software supports real-time video surveillance, video playback, and event management. Moxa SoftCMS is prone to a stack-based buffer-overflow vulnerability. Failed exploit attempts will result in denial-of-service conditions. Moxa SoftCMS 1.2 is vulnerable

Trust: 3.78

sources: NVD: CVE-2015-1000 // JVNDB: JVNDB-2015-002947 // ZDI: ZDI-15-120 // ZDI: ZDI-15-391 // CNVD: CNVD-2015-02382 // BID: 74966 // VULHUB: VHN-78946

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-02382

AFFECTED PRODUCTS

vendor:	moxa	model:	softcms	scope:	-	version:	-	Trust: 1.3
vendor:	moxa	model:	softcms	scope:	lte	version:	1.2	Trust: 1.0
vendor:	moxa	model:	softcms	scope:	eq	version:	1.2	Trust: 0.9
vendor:	moxa	model:	softcms	scope:	lt	version:	1.3	Trust: 0.8
vendor:	moxa	model:	vport activex sdk plus	scope:	-	version:	-	Trust: 0.7
vendor:	moxa	model:	softcms	scope:	ne	version:	1.3	Trust: 0.3

sources: ZDI: ZDI-15-120 // ZDI: ZDI-15-391 // CNVD: CNVD-2015-02382 // BID: 74966 // JVNDB: JVNDB-2015-002947 // CNNVD: CNNVD-201504-107 // NVD: CVE-2015-1000

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2015-1000
value:	HIGH
Trust: 1.4
nvd@nist.gov:	CVE-2015-1000
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-1000
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-02382
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201504-107
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-78946
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-1000
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
ZDI:	CVE-2015-1000
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.4
CNVD:	CNVD-2015-02382
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-78946
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: ZDI: ZDI-15-120 // ZDI: ZDI-15-391 // CNVD: CNVD-2015-02382 // VULHUB: VHN-78946 // JVNDB: JVNDB-2015-002947 // CNNVD: CNNVD-201504-107 // NVD: CVE-2015-1000

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-78946 // JVNDB: JVNDB-2015-002947 // NVD: CVE-2015-1000

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201504-107

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201504-107

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002947

PATCH

title:	SoftCMS	url:	http://www.moxa.com/product/SoftCMS.htm	Trust: 0.8
title:	Moxa has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-15-097-01	Trust: 0.7
title:	Moxa has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-15-153-02	Trust: 0.7
title:	Patch for Moxa SoftCMS RTSPVIDEO.rtspvideoCtrl.1 ActiveX Stack Buffer Overflow Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/57249	Trust: 0.6
title:	SoftCMS_Trial	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56137	Trust: 0.6

sources: ZDI: ZDI-15-120 // ZDI: ZDI-15-391 // CNVD: CNVD-2015-02382 // JVNDB: JVNDB-2015-002947 // CNNVD: CNNVD-201504-107

EXTERNAL IDS

db:	NVD	id:	CVE-2015-1000	Trust: 4.8
db:	ZDI	id:	ZDI-15-120	Trust: 3.0
db:	ICS CERT	id:	ICSA-15-153-02	Trust: 2.5
db:	BID	id:	74966	Trust: 2.0
db:	JVNDB	id:	JVNDB-2015-002947	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-2519	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-2496	Trust: 0.7
db:	ZDI	id:	ZDI-15-391	Trust: 0.7
db:	CNNVD	id:	CNNVD-201504-107	Trust: 0.7
db:	CNVD	id:	CNVD-2015-02382	Trust: 0.6
db:	VULHUB	id:	VHN-78946	Trust: 0.1

sources: ZDI: ZDI-15-120 // ZDI: ZDI-15-391 // CNVD: CNVD-2015-02382 // VULHUB: VHN-78946 // BID: 74966 // JVNDB: JVNDB-2015-002947 // CNNVD: CNNVD-201504-107 // NVD: CVE-2015-1000

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-15-153-02	Trust: 3.2
url:	http://zerodayinitiative.com/advisories/zdi-15-120/	Trust: 1.7
url:	http://www.securityfocus.com/bid/74966	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1000	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1000	Trust: 0.8
url:	https://ics-cert.us-cert.gov/advisories/icsa-15-097-01	Trust: 0.7
url:	http://www.zerodayinitiative.com/advisories/zdi-15-120	Trust: 0.6

sources: ZDI: ZDI-15-120 // ZDI: ZDI-15-391 // CNVD: CNVD-2015-02382 // VULHUB: VHN-78946 // JVNDB: JVNDB-2015-002947 // CNNVD: CNNVD-201504-107 // NVD: CVE-2015-1000

CREDITS

Ariele Caltabiano (kimiya)

Trust: 2.0

sources: ZDI: ZDI-15-120 // ZDI: ZDI-15-391 // CNNVD: CNNVD-201504-107

SOURCES

db:	ZDI	id:	ZDI-15-120
db:	ZDI	id:	ZDI-15-391
db:	CNVD	id:	CNVD-2015-02382
db:	VULHUB	id:	VHN-78946
db:	BID	id:	74966
db:	JVNDB	id:	JVNDB-2015-002947
db:	CNNVD	id:	CNNVD-201504-107
db:	NVD	id:	CVE-2015-1000

LAST UPDATE DATE

2025-04-13T23:25:14.077000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-15-120	date:	2015-04-08T00:00:00
db:	ZDI	id:	ZDI-15-391	date:	2015-08-13T00:00:00
db:	CNVD	id:	CNVD-2015-02382	date:	2015-04-14T00:00:00
db:	VULHUB	id:	VHN-78946	date:	2016-11-28T00:00:00
db:	BID	id:	74966	date:	2015-11-03T19:03:00
db:	JVNDB	id:	JVNDB-2015-002947	date:	2015-06-08T00:00:00
db:	CNNVD	id:	CNNVD-201504-107	date:	2015-06-08T00:00:00
db:	NVD	id:	CVE-2015-1000	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-15-120	date:	2015-04-08T00:00:00
db:	ZDI	id:	ZDI-15-391	date:	2015-08-13T00:00:00
db:	CNVD	id:	CNVD-2015-02382	date:	2015-04-14T00:00:00
db:	VULHUB	id:	VHN-78946	date:	2015-06-05T00:00:00
db:	BID	id:	74966	date:	2015-06-02T00:00:00
db:	JVNDB	id:	JVNDB-2015-002947	date:	2015-06-08T00:00:00
db:	CNNVD	id:	CNNVD-201504-107	date:	2015-04-10T00:00:00
db:	NVD	id:	CVE-2015-1000	date:	2015-06-05T10:59:02.287