Details of VAR-201511-0016

ID

VAR-201511-0016

CVE

CVE-2015-7905

TITLE

Unitronics VisiLogic OPLC IDE Code injection vulnerability

Trust: 1.4

sources: IVD: 6d539d54-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-07636 // CNNVD: CNNVD-201511-245

DESCRIPTION

Unitronics VisiLogic OPLC IDE before 9.8.02 allows remote attackers to execute unspecified code via unknown vectors. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within implementation of the WinSockPath property of the HTTPS ActiveX control. The control passes this property as the URL for a DLL to the LoadLibraryA API, which will automatically execute DllMain in the DLL. This can be leveraged by an attacker for remote code execution in the context of the process. A crafted value can cause system software to treat arbitrary memory as a certificate structure which is then modified. Unitronics VisiLogic OPLC IDE is Unitronics' suite of human machine interface (HMI) and PLC application programming environments for SAMBA series controllers. A security vulnerability exists in Unitronics VisiLogic OPLC IDE 9.8.0.0 and earlier. Unitronics VisiLogic is prone to multiple remote code-execution vulnerabilities. Failed exploit attempts will likely result in denial-of-service conditions. The affected ActiveX control is identified by CLSID: 3D6F2DBA-F4E5-40A6-8725-E99BC96CC23A. Note: This issue was previously titled 'Unitronics VisiLogic ActiveX Control Security Bypass and Arbitrary Code Injection Vulnerabilities'. The title and technical details have been changed to better reflect the underlying component affected. Unitronics VisiLogic 9.8.0.00 and prior versions are vulnerable

Trust: 4.5

sources: NVD: CVE-2015-7905 // JVNDB: JVNDB-2015-005913 // ZDI: ZDI-15-576 // ZDI: ZDI-15-574 // ZDI: ZDI-15-575 // CNVD: CNVD-2015-07636 // BID: 77571 // IVD: 6d539d54-2351-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 6d539d54-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-07636

AFFECTED PRODUCTS

vendor:	unitronicsunitronics	model:	unidownloader visilogic oplc ide	scope:	-	version:	-	Trust: 1.4
vendor:	unitronics	model:	visilogic oplc ide	scope:	lte	version:	9.8.0.00	Trust: 1.0
vendor:	unitronics	model:	visilogic oplc ide	scope:	lt	version:	9.8.02	Trust: 0.8
vendor:	unitronics	model:	unidownloader	scope:	-	version:	-	Trust: 0.7
vendor:	unitronics	model:	visilogic oplc ide	scope:	lte	version:	<=9.8.0.00	Trust: 0.6
vendor:	unitronics	model:	visilogic oplc ide	scope:	eq	version:	9.8.0.00	Trust: 0.6
vendor:	visilogic oplc ide	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 6d539d54-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-15-576 // ZDI: ZDI-15-574 // ZDI: ZDI-15-575 // CNVD: CNVD-2015-07636 // JVNDB: JVNDB-2015-005913 // CNNVD: CNNVD-201511-245 // NVD: CVE-2015-7905

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2015-7905
value:	MEDIUM
Trust: 2.1
nvd@nist.gov:	CVE-2015-7905
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-7905
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2015-07636
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201511-245
value:	HIGH
Trust: 0.6
IVD:	6d539d54-2351-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2

ZDI:	CVE-2015-7905
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 2.1
nvd@nist.gov:	CVE-2015-7905
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-07636
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	6d539d54-2351-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

PROBLEMTYPE DATA

problemtype:

CWE-94

Trust: 1.8

sources: JVNDB: JVNDB-2015-005913 // NVD: CVE-2015-7905

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201511-245

TYPE

Code injection

Trust: 0.8

sources: IVD: 6d539d54-2351-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201511-245

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-005913

PATCH

title:	Unitronics has issued an update to correct this vulnerability. Unitronics has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-15-274-02	Trust: 2.1
title:	Download -VisiLogic (Vision Series)	url:	http://www.unitronics.com/support/downloads	Trust: 0.8
title:	Patch for Unitronics VisiLogic OPLC IDE Code Injection Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/66867	Trust: 0.6
title:	Unitronics VisiLogic OPLC IDE Fixes for code injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58734	Trust: 0.6

sources: ZDI: ZDI-15-576 // ZDI: ZDI-15-574 // ZDI: ZDI-15-575 // CNVD: CNVD-2015-07636 // JVNDB: JVNDB-2015-005913 // CNNVD: CNNVD-201511-245

EXTERNAL IDS

db:	NVD	id:	CVE-2015-7905	Trust: 5.6
db:	ICS CERT	id:	ICSA-15-274-02	Trust: 3.0
db:	BID	id:	77571	Trust: 1.9
db:	ZDI	id:	ZDI-15-576	Trust: 1.7
db:	ZDI	id:	ZDI-15-574	Trust: 1.7
db:	ZDI	id:	ZDI-15-575	Trust: 1.7
db:	CNVD	id:	CNVD-2015-07636	Trust: 0.8
db:	CNNVD	id:	CNNVD-201511-245	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-005913	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-2965	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-2964	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-2930	Trust: 0.7
db:	IVD	id:	6D539D54-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: 6d539d54-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-15-576 // ZDI: ZDI-15-574 // ZDI: ZDI-15-575 // CNVD: CNVD-2015-07636 // BID: 77571 // JVNDB: JVNDB-2015-005913 // CNNVD: CNNVD-201511-245 // NVD: CVE-2015-7905

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-15-274-02	Trust: 6.5
url:	http://www.zerodayinitiative.com/advisories/zdi-15-575	Trust: 1.0
url:	http://www.securityfocus.com/bid/77571	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-15-576	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-15-574	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7905	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7905	Trust: 0.8
url:	http://support.microsoft.com/kb/240797	Trust: 0.3

sources: ZDI: ZDI-15-576 // ZDI: ZDI-15-574 // ZDI: ZDI-15-575 // CNVD: CNVD-2015-07636 // BID: 77571 // JVNDB: JVNDB-2015-005913 // CNNVD: CNNVD-201511-245 // NVD: CVE-2015-7905

CREDITS

Andrea Micalizzi (rgod)

Trust: 2.1

sources: ZDI: ZDI-15-576 // ZDI: ZDI-15-574 // ZDI: ZDI-15-575

SOURCES

db:	IVD	id:	6d539d54-2351-11e6-abef-000c29c66e3d
db:	ZDI	id:	ZDI-15-576
db:	ZDI	id:	ZDI-15-574
db:	ZDI	id:	ZDI-15-575
db:	CNVD	id:	CNVD-2015-07636
db:	BID	id:	77571
db:	JVNDB	id:	JVNDB-2015-005913
db:	CNNVD	id:	CNNVD-201511-245
db:	NVD	id:	CVE-2015-7905

LAST UPDATE DATE

2025-04-13T23:22:23.202000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-15-576	date:	2015-12-02T00:00:00
db:	ZDI	id:	ZDI-15-574	date:	2015-12-02T00:00:00
db:	ZDI	id:	ZDI-15-575	date:	2015-12-02T00:00:00
db:	CNVD	id:	CNVD-2015-07636	date:	2015-11-18T00:00:00
db:	BID	id:	77571	date:	2015-12-08T22:23:00
db:	JVNDB	id:	JVNDB-2015-005913	date:	2015-11-16T00:00:00
db:	CNNVD	id:	CNNVD-201511-245	date:	2015-11-16T00:00:00
db:	NVD	id:	CVE-2015-7905	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	IVD	id:	6d539d54-2351-11e6-abef-000c29c66e3d	date:	2015-11-18T00:00:00
db:	ZDI	id:	ZDI-15-576	date:	2015-12-02T00:00:00
db:	ZDI	id:	ZDI-15-574	date:	2015-12-02T00:00:00
db:	ZDI	id:	ZDI-15-575	date:	2015-12-02T00:00:00
db:	CNVD	id:	CNVD-2015-07636	date:	2015-11-18T00:00:00
db:	BID	id:	77571	date:	2015-11-12T00:00:00
db:	JVNDB	id:	JVNDB-2015-005913	date:	2015-11-16T00:00:00
db:	CNNVD	id:	CNNVD-201511-245	date:	2015-11-16T00:00:00
db:	NVD	id:	CVE-2015-7905	date:	2015-11-13T03:59:04.977