Details of VAR-201512-0015

ID

VAR-201512-0015

CVE

CVE-2015-7918

TITLE

Schneider Electric ProClima ActiveX Control Code injection vulnerability

Trust: 0.8

sources: IVD: 6d683610-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-07899

DESCRIPTION

Multiple buffer overflows in the F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allow remote attackers to execute arbitrary code via the (1) Attach, (2) DefinedName, (3) DefinedNameLocal, (4) ODBCPrepareEx, (5) ObjCreatePolygon, (6) SetTabbedTextEx, or (7) SetValidationRule method, a different vulnerability than CVE-2015-8561. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the implementation of the DefinedName method. Memory corruption occurs when a long user-supplied name is supplied. Later in processing, the code jumps to an address outside of normal flow. An attacker may be able to leverage this flaw to execute code under the context of the process. A buffer overrun occurs when a long string is passed by the user to the method. Schneider Electric ProClima is a thermal calculation software from Schneider Electric, France. Failed exploit attempts will likely cause a denial-of-service condition. The affected ActiveX control is identified by CLSID: 3D6F2DBA-F4E5-40A6-8725-E99BC96CC23A

Trust: 7.11

sources: NVD: CVE-2015-7918 // JVNDB: JVNDB-2015-006424 // ZDI: ZDI-15-635 // ZDI: ZDI-15-634 // ZDI: ZDI-15-632 // ZDI: ZDI-15-630 // ZDI: ZDI-15-625 // ZDI: ZDI-15-633 // ZDI: ZDI-15-631 // CNVD: CNVD-2015-07899 // BID: 78421 // IVD: 6d683610-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-85879

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 6d683610-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-07899

AFFECTED PRODUCTS

vendor:	schneider electric	model:	proclima	scope:	-	version:	-	Trust: 4.9
vendor:	schneider electric	model:	proclima	scope:	lte	version:	6.1	Trust: 1.0
vendor:	schneider electric	model:	proclima	scope:	eq	version:	6.1	Trust: 0.9
vendor:	schneider electric	model:	proclima	scope:	lt	version:	6.2	Trust: 0.8
vendor:	schneider	model:	electric proclima	scope:	lt	version:	6.1	Trust: 0.6
vendor:	schneider electric	model:	proclima	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	schneider electric	model:	proclima	scope:	eq	version:	6.0	Trust: 0.3
vendor:	schneider electric	model:	proclima	scope:	ne	version:	6.2	Trust: 0.3
vendor:	proclima	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 6d683610-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-15-635 // ZDI: ZDI-15-634 // ZDI: ZDI-15-632 // ZDI: ZDI-15-630 // ZDI: ZDI-15-625 // ZDI: ZDI-15-633 // ZDI: ZDI-15-631 // CNVD: CNVD-2015-07899 // BID: 78421 // JVNDB: JVNDB-2015-006424 // CNNVD: CNNVD-201512-005 // NVD: CVE-2015-7918

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2015-7918
value:	MEDIUM
Trust: 4.9
nvd@nist.gov:	CVE-2015-7918
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-7918
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-07899
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201512-005
value:	MEDIUM
Trust: 0.6
IVD:	6d683610-2351-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-85879
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-7918
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 6.7
CNVD:	CNVD-2015-07899
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	6d683610-2351-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-85879
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 6d683610-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-15-635 // ZDI: ZDI-15-634 // ZDI: ZDI-15-632 // ZDI: ZDI-15-630 // ZDI: ZDI-15-625 // ZDI: ZDI-15-633 // ZDI: ZDI-15-631 // CNVD: CNVD-2015-07899 // VULHUB: VHN-85879 // JVNDB: JVNDB-2015-006424 // CNNVD: CNNVD-201512-005 // NVD: CVE-2015-7918

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-85879 // JVNDB: JVNDB-2015-006424 // NVD: CVE-2015-7918

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-005

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: 6d683610-2351-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201512-005

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-006424

PATCH

title:	Schneider Electric has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-15-335-02	Trust: 4.9
title:	SEVD-2015-329-01	url:	http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-329-01	Trust: 0.8
title:	Schneider Electric ProClima ActiveX Control code injection vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/67570	Trust: 0.6
title:	Schneider Electric ProClima F1BookView ActiveX Fixes for Control Buffer Overflow Vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58873	Trust: 0.6

sources: ZDI: ZDI-15-635 // ZDI: ZDI-15-634 // ZDI: ZDI-15-632 // ZDI: ZDI-15-630 // ZDI: ZDI-15-625 // ZDI: ZDI-15-633 // ZDI: ZDI-15-631 // CNVD: CNVD-2015-07899 // JVNDB: JVNDB-2015-006424 // CNNVD: CNNVD-201512-005

EXTERNAL IDS

db:	NVD	id:	CVE-2015-7918	Trust: 8.5
db:	ICS CERT	id:	ICSA-15-335-02	Trust: 3.1
db:	ZDI	id:	ZDI-15-635	Trust: 2.4
db:	ZDI	id:	ZDI-15-634	Trust: 2.4
db:	ZDI	id:	ZDI-15-632	Trust: 2.4
db:	ZDI	id:	ZDI-15-630	Trust: 2.4
db:	ZDI	id:	ZDI-15-625	Trust: 2.4
db:	ZDI	id:	ZDI-15-633	Trust: 2.4
db:	ZDI	id:	ZDI-15-631	Trust: 2.4
db:	SCHNEIDER	id:	SEVD-2015-329-01	Trust: 1.7
db:	CNNVD	id:	CNNVD-201512-005	Trust: 0.9
db:	CNVD	id:	CNVD-2015-07899	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-006424	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-3095	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3093	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3078	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3076	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3094	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3092	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3077	Trust: 0.7
db:	BID	id:	78421	Trust: 0.4
db:	ZDI	id:	ZDI-15-626	Trust: 0.3
db:	ZDI	id:	ZDI-15-628	Trust: 0.3
db:	IVD	id:	6D683610-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-85879	Trust: 0.1

sources: IVD: 6d683610-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-15-635 // ZDI: ZDI-15-634 // ZDI: ZDI-15-632 // ZDI: ZDI-15-630 // ZDI: ZDI-15-625 // ZDI: ZDI-15-633 // ZDI: ZDI-15-631 // CNVD: CNVD-2015-07899 // VULHUB: VHN-85879 // BID: 78421 // JVNDB: JVNDB-2015-006424 // CNNVD: CNNVD-201512-005 // NVD: CVE-2015-7918

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-15-335-02	Trust: 8.0
url:	http://download.schneider-electric.com/files?p_doc_ref=sevd-2015-329-01	Trust: 1.7
url:	http://www.zerodayinitiative.com/advisories/zdi-15-625	Trust: 1.7
url:	http://www.zerodayinitiative.com/advisories/zdi-15-630	Trust: 1.7
url:	http://www.zerodayinitiative.com/advisories/zdi-15-631	Trust: 1.7
url:	http://www.zerodayinitiative.com/advisories/zdi-15-632	Trust: 1.7
url:	http://www.zerodayinitiative.com/advisories/zdi-15-633	Trust: 1.7
url:	http://www.zerodayinitiative.com/advisories/zdi-15-634	Trust: 1.7
url:	http://www.zerodayinitiative.com/advisories/zdi-15-635	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7918	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7918	Trust: 0.8
url:	http://support.microsoft.com/kb/240797	Trust: 0.3
url:	http://www.schneider-electric.com/en/product-range-download/2560-proclima	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-15-626	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-15-628	Trust: 0.3

sources: ZDI: ZDI-15-635 // ZDI: ZDI-15-634 // ZDI: ZDI-15-632 // ZDI: ZDI-15-630 // ZDI: ZDI-15-625 // ZDI: ZDI-15-633 // ZDI: ZDI-15-631 // CNVD: CNVD-2015-07899 // VULHUB: VHN-85879 // BID: 78421 // JVNDB: JVNDB-2015-006424 // CNNVD: CNNVD-201512-005 // NVD: CVE-2015-7918

CREDITS

Fritz Sands - HP Zero Day Initiative

Trust: 4.9

sources: ZDI: ZDI-15-635 // ZDI: ZDI-15-634 // ZDI: ZDI-15-632 // ZDI: ZDI-15-630 // ZDI: ZDI-15-625 // ZDI: ZDI-15-633 // ZDI: ZDI-15-631

SOURCES

db:	IVD	id:	6d683610-2351-11e6-abef-000c29c66e3d
db:	ZDI	id:	ZDI-15-635
db:	ZDI	id:	ZDI-15-634
db:	ZDI	id:	ZDI-15-632
db:	ZDI	id:	ZDI-15-630
db:	ZDI	id:	ZDI-15-625
db:	ZDI	id:	ZDI-15-633
db:	ZDI	id:	ZDI-15-631
db:	CNVD	id:	CNVD-2015-07899
db:	VULHUB	id:	VHN-85879
db:	BID	id:	78421
db:	JVNDB	id:	JVNDB-2015-006424
db:	CNNVD	id:	CNNVD-201512-005
db:	NVD	id:	CVE-2015-7918

LAST UPDATE DATE

2025-04-13T23:31:32.998000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-15-635	date:	2015-12-08T00:00:00
db:	ZDI	id:	ZDI-15-634	date:	2015-12-08T00:00:00
db:	ZDI	id:	ZDI-15-632	date:	2015-12-08T00:00:00
db:	ZDI	id:	ZDI-15-630	date:	2015-12-08T00:00:00
db:	ZDI	id:	ZDI-15-625	date:	2015-12-08T00:00:00
db:	ZDI	id:	ZDI-15-633	date:	2015-12-08T00:00:00
db:	ZDI	id:	ZDI-15-631	date:	2015-12-08T00:00:00
db:	CNVD	id:	CNVD-2015-07899	date:	2015-12-03T00:00:00
db:	VULHUB	id:	VHN-85879	date:	2015-12-16T00:00:00
db:	BID	id:	78421	date:	2015-12-01T00:00:00
db:	JVNDB	id:	JVNDB-2015-006424	date:	2015-12-17T00:00:00
db:	CNNVD	id:	CNNVD-201512-005	date:	2015-12-16T00:00:00
db:	NVD	id:	CVE-2015-7918	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	IVD	id:	6d683610-2351-11e6-abef-000c29c66e3d	date:	2015-12-03T00:00:00
db:	ZDI	id:	ZDI-15-635	date:	2015-12-08T00:00:00
db:	ZDI	id:	ZDI-15-634	date:	2015-12-08T00:00:00
db:	ZDI	id:	ZDI-15-632	date:	2015-12-08T00:00:00
db:	ZDI	id:	ZDI-15-630	date:	2015-12-08T00:00:00
db:	ZDI	id:	ZDI-15-625	date:	2015-12-08T00:00:00
db:	ZDI	id:	ZDI-15-633	date:	2015-12-08T00:00:00
db:	ZDI	id:	ZDI-15-631	date:	2015-12-08T00:00:00
db:	CNVD	id:	CNVD-2015-07899	date:	2015-12-03T00:00:00
db:	VULHUB	id:	VHN-85879	date:	2015-12-15T00:00:00
db:	BID	id:	78421	date:	2015-12-01T00:00:00
db:	JVNDB	id:	JVNDB-2015-006424	date:	2015-12-17T00:00:00
db:	CNNVD	id:	CNNVD-201512-005	date:	2015-12-02T00:00:00
db:	NVD	id:	CVE-2015-7918	date:	2015-12-15T05:59:08.857