Sign-up

ID

VAR-201511-0047


CVE

CVE-2015-6478


TITLE

Unitronics VisiLogic OPLC IDE Arbitrary code execution vulnerability

Trust: 1.4

sources: IVD: 7c5e661c-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-07635 // CNNVD: CNNVD-201511-244

DESCRIPTION

Unitronics VisiLogic OPLC IDE before 9.8.02 does not properly restrict access to ActiveX controls, which allows remote attackers to have an unspecified impact via a crafted web site. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the TeeChart object in TeeChart5.ocx. The RemoveSeries method of the object takes a user-supplied integer as an index into an array of object pointers. The index is not checked for validity and this can cause arbitrary memory to be interpreted as an object. An attacker can leverage this vulnerability to execute arbitrary code under the context of the user. Unitronics VisiLogic OPLC IDE is Unitronics' suite of human machine interface (HMI) and PLC application programming environments for SAMBA series controllers. Unitronics VisiLogic is prone to multiple remote code-execution vulnerabilities. Failed exploit attempts will likely result in denial-of-service conditions. The affected ActiveX control is identified by CLSID: 3D6F2DBA-F4E5-40A6-8725-E99BC96CC23A. Note: This issue was previously titled 'Unitronics VisiLogic ActiveX Control Security Bypass and Arbitrary Code Injection Vulnerabilities'. The title and technical details have been changed to better reflect the underlying component affected. Unitronics VisiLogic 9.8.0.00 and prior versions are vulnerable

Trust: 5.76

sources: NVD: CVE-2015-6478 // JVNDB: JVNDB-2015-005912 // ZDI: ZDI-15-578 // ZDI: ZDI-15-577 // ZDI: ZDI-15-580 // ZDI: ZDI-15-573 // ZDI: ZDI-15-579 // CNVD: CNVD-2015-07635 // BID: 77571 // IVD: 7c5e661c-2351-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 7c5e661c-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-07635

AFFECTED PRODUCTS

vendor:unitronicsmodel:visilogic oplc idescope: - version: -

Trust: 3.5

vendor:unitronicsmodel:visilogic oplc idescope:lteversion:9.8.0.0

Trust: 1.0

vendor:unitronicsmodel:visilogic oplc idescope:ltversion:9.8.02

Trust: 0.8

vendor:unitronicsmodel:visilogic oplc idescope:lteversion:<=9.8.0.00

Trust: 0.6

vendor:unitronicsmodel:visilogic oplc idescope:eqversion:9.8.0.0

Trust: 0.6

vendor:visilogic oplc idemodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 7c5e661c-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-15-578 // ZDI: ZDI-15-577 // ZDI: ZDI-15-580 // ZDI: ZDI-15-573 // ZDI: ZDI-15-579 // CNVD: CNVD-2015-07635 // JVNDB: JVNDB-2015-005912 // CNNVD: CNNVD-201511-244 // NVD: CVE-2015-6478

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2015-6478
value: MEDIUM

Trust: 3.5

nvd@nist.gov: CVE-2015-6478
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6478
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-07635
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201511-244
value: MEDIUM

Trust: 0.6

IVD: 7c5e661c-2351-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2015-6478
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 5.3

CNVD: CNVD-2015-07635
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 7c5e661c-2351-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 7c5e661c-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-15-578 // ZDI: ZDI-15-577 // ZDI: ZDI-15-580 // ZDI: ZDI-15-573 // ZDI: ZDI-15-579 // CNVD: CNVD-2015-07635 // JVNDB: JVNDB-2015-005912 // CNNVD: CNNVD-201511-244 // NVD: CVE-2015-6478

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2015-005912 // NVD: CVE-2015-6478

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201511-244

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 77571

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-005912

PATCH
title:Unitronics has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-15-274-02
Trust: 3.5
title:Download - VisiLogic (Vision Series)url:http://www.unitronics.com/support/downloads
Trust: 0.8
title:Unitronics VisiLogic OPLC IDE patch for arbitrary code execution vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/66868
Trust: 0.6
title:Unitronics VisiLogic OPLC IDE Fixes for arbitrary code execution vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58733
Trust: 0.6
sources:
            
            
            ZDI: ZDI-15-578 // 
            
            
            
            ZDI: ZDI-15-577 // 
            
            
            
            ZDI: ZDI-15-580 // 
            
            
            
            ZDI: ZDI-15-573 // 
            
            
            
            ZDI: ZDI-15-579 // 
            
            
            
            CNVD: CNVD-2015-07635 // 
            
            
            
            JVNDB: JVNDB-2015-005912 // 
            
            
            
            CNNVD: CNNVD-201511-244

EXTERNAL IDS
db:NVDid:CVE-2015-6478
Trust: 7.0
db:ICS CERTid:ICSA-15-274-02
Trust: 3.0
db:BIDid:77571
Trust: 1.9
db:ZDIid:ZDI-15-578
Trust: 1.7
db:ZDIid:ZDI-15-577
Trust: 1.7
db:ZDIid:ZDI-15-580
Trust: 1.7
db:ZDIid:ZDI-15-573
Trust: 1.7
db:ZDIid:ZDI-15-579
Trust: 1.7
db:CNVDid:CNVD-2015-07635
Trust: 0.8
db:CNNVDid:CNNVD-201511-244
Trust: 0.8
db:JVNDBid:JVNDB-2015-005912
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-2910
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-2911
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-2918
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-2904
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-2919
Trust: 0.7
db:IVDid:7C5E661C-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
sources:
            
            
            IVD: 7c5e661c-2351-11e6-abef-000c29c66e3d // 
            
            
            
            ZDI: ZDI-15-578 // 
            
            
            
            ZDI: ZDI-15-577 // 
            
            
            
            ZDI: ZDI-15-580 // 
            
            
            
            ZDI: ZDI-15-573 // 
            
            
            
            ZDI: ZDI-15-579 // 
            
            
            
            CNVD: CNVD-2015-07635 // 
            
            
            
            BID: 77571 // 
            
            
            
            JVNDB: JVNDB-2015-005912 // 
            
            
            
            CNNVD: CNNVD-201511-244 // 
            
            
            
            NVD: CVE-2015-6478

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-15-274-02
Trust: 6.5
url:http://www.zerodayinitiative.com/advisories/zdi-15-577
Trust: 1.0
url:http://www.zerodayinitiative.com/advisories/zdi-15-579
Trust: 1.0
url:http://www.zerodayinitiative.com/advisories/zdi-15-580
Trust: 1.0
url:http://www.zerodayinitiative.com/advisories/zdi-15-573
Trust: 1.0
url:http://www.securityfocus.com/bid/77571
Trust: 1.0
url:http://www.zerodayinitiative.com/advisories/zdi-15-578
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6478
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6478
Trust: 0.8
url:http://support.microsoft.com/kb/240797
Trust: 0.3
sources:
            
            
            ZDI: ZDI-15-578 // 
            
            
            
            ZDI: ZDI-15-577 // 
            
            
            
            ZDI: ZDI-15-580 // 
            
            
            
            ZDI: ZDI-15-573 // 
            
            
            
            ZDI: ZDI-15-579 // 
            
            
            
            CNVD: CNVD-2015-07635 // 
            
            
            
            BID: 77571 // 
            
            
            
            JVNDB: JVNDB-2015-005912 // 
            
            
            
            CNNVD: CNNVD-201511-244 // 
            
            
            
            NVD: CVE-2015-6478

CREDITS
Steven Seeley of Source Incite
Trust: 2.1
sources:
            
            
            ZDI: ZDI-15-578 // 
            
            
            
            ZDI: ZDI-15-577 // 
            
            
            
            ZDI: ZDI-15-573

SOURCES
db:IVDid:7c5e661c-2351-11e6-abef-000c29c66e3d
db:ZDIid:ZDI-15-578
db:ZDIid:ZDI-15-577
db:ZDIid:ZDI-15-580
db:ZDIid:ZDI-15-573
db:ZDIid:ZDI-15-579
db:CNVDid:CNVD-2015-07635
db:BIDid:77571
db:JVNDBid:JVNDB-2015-005912
db:CNNVDid:CNNVD-201511-244
db:NVDid:CVE-2015-6478

LAST UPDATE DATE
2025-04-13T23:22:23.257000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-15-578date:2015-12-02T00:00:00
db:ZDIid:ZDI-15-577date:2015-12-02T00:00:00
db:ZDIid:ZDI-15-580date:2015-12-02T00:00:00
db:ZDIid:ZDI-15-573date:2015-12-02T00:00:00
db:ZDIid:ZDI-15-579date:2015-12-02T00:00:00
db:CNVDid:CNVD-2015-07635date:2015-11-18T00:00:00
db:BIDid:77571date:2015-12-08T22:23:00
db:JVNDBid:JVNDB-2015-005912date:2015-11-16T00:00:00
db:CNNVDid:CNNVD-201511-244date:2015-11-16T00:00:00
db:NVDid:CVE-2015-6478date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:IVDid:7c5e661c-2351-11e6-abef-000c29c66e3ddate:2015-11-18T00:00:00
db:ZDIid:ZDI-15-578date:2015-12-02T00:00:00
db:ZDIid:ZDI-15-577date:2015-12-02T00:00:00
db:ZDIid:ZDI-15-580date:2015-12-02T00:00:00
db:ZDIid:ZDI-15-573date:2015-12-02T00:00:00
db:ZDIid:ZDI-15-579date:2015-12-02T00:00:00
db:CNVDid:CNVD-2015-07635date:2015-11-18T00:00:00
db:BIDid:77571date:2015-11-12T00:00:00
db:JVNDBid:JVNDB-2015-005912date:2015-11-16T00:00:00
db:CNNVDid:CNNVD-201511-244date:2015-11-16T00:00:00
db:NVDid:CVE-2015-6478date:2015-11-13T03:59:03.960