Sign-up

ID

VAR-202002-0773


CVE

CVE-2014-1617


TITLE

Microsys PROMOTIC ActiveX (PmTrends.dll) Start Function Denial of Service Vulnerability

Trust: 0.8

sources: IVD: 47c6315e-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-00933

DESCRIPTION

Microsys PROMOTIC 8.2.13 contains an ActiveX Control Start Buffer Overflow vulnerability which can lead to denial of service. Microsys PROMOTIC Exists in a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be put into a state. MICROSYS PROMOTIC is a SCADA software. The MICROSYS PROMOTIC PmTrends.dll ActiveX control start function fails to properly filter user input, allowing an attacker to exploit a vulnerability to build a malicious WEB page, enticing the user to resolve and crashing the application. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided

Trust: 2.34

sources: NVD: CVE-2014-1617 // JVNDB: JVNDB-2014-008918 // CNVD: CNVD-2014-00933 // IVD: 47c6315e-2352-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 47c6315e-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-00933

AFFECTED PRODUCTS

vendor:promoticmodel:promoticscope:eqversion:8.2.13

Trust: 1.0

vendor:microsysmodel:spol. s r.o. microsysscope:eqversion:8.2.13

Trust: 0.8

vendor:microsysmodel:promoticscope:eqversion:8.2.13

Trust: 0.8

sources: IVD: 47c6315e-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-00933 // JVNDB: JVNDB-2014-008918 // NVD: CVE-2014-1617

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-1617
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2014-008918
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-00933
value: LOW

Trust: 0.6

CNNVD: CNNVD-202002-777
value: MEDIUM

Trust: 0.6

IVD: 47c6315e-2352-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2014-1617
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2014-008918
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2014-00933
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 47c6315e-2352-11e6-abef-000c29c66e3d
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2014-1617
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2014-008918
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 47c6315e-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-00933 // JVNDB: JVNDB-2014-008918 // CNNVD: CNNVD-202002-777 // NVD: CVE-2014-1617

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.8

sources: JVNDB: JVNDB-2014-008918 // NVD: CVE-2014-1617

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-777

TYPE

Buffer error

Trust: 0.8

sources: IVD: 47c6315e-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-202002-777

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-008918

PATCH
title:Top Pageurl:http://www.promotic.eu/
Trust: 0.8
title:Microsys PROMOTIC ActiveX (PmTrends.dll) Start Function Denial of Service Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/43570
Trust: 0.6
title:Microsys PROMOTIC Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110215
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-00933 // 
            
            
            
            JVNDB: JVNDB-2014-008918 // 
            
            
            
            CNNVD: CNNVD-202002-777

EXTERNAL IDS
db:NVDid:CVE-2014-1617
Trust: 3.2
db:CNVDid:CNVD-2014-00933
Trust: 0.8
db:CNNVDid:CNNVD-202002-777
Trust: 0.8
db:JVNDBid:JVNDB-2014-008918
Trust: 0.8
db:IVDid:47C6315E-2352-11E6-ABEF-000C29C66E3D
Trust: 0.2
sources:
            
            
            IVD: 47c6315e-2352-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2014-00933 // 
            
            
            
            JVNDB: JVNDB-2014-008918 // 
            
            
            
            CNNVD: CNNVD-202002-777 // 
            
            
            
            NVD: CVE-2014-1617

REFERENCES
url:http://fortiguardcenter.com/encyclopedia/ips/38068
Trust: 2.4
url:https://packetstormsecurity.com/files/cve/cve-2014-1617
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1617
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2014-1617
Trust: 0.8
url:http://osvdb.org/ref/102/microsys_promotic_8.2.13_start_activex_control_dos.pdf
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-00933 // 
            
            
            
            JVNDB: JVNDB-2014-008918 // 
            
            
            
            CNNVD: CNNVD-202002-777 // 
            
            
            
            NVD: CVE-2014-1617

SOURCES
db:IVDid:47c6315e-2352-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2014-00933
db:JVNDBid:JVNDB-2014-008918
db:CNNVDid:CNNVD-202002-777
db:NVDid:CVE-2014-1617

LAST UPDATE DATE
2024-11-23T21:36:11.281000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-00933date:2014-02-17T00:00:00
db:JVNDBid:JVNDB-2014-008918date:2020-03-04T00:00:00
db:CNNVDid:CNNVD-202002-777date:2021-01-05T00:00:00
db:NVDid:CVE-2014-1617date:2024-11-21T02:04:43.607

SOURCES RELEASE DATE
db:IVDid:47c6315e-2352-11e6-abef-000c29c66e3ddate:2020-02-13T00:00:00
db:CNVDid:CNVD-2014-00933date:2014-02-14T00:00:00
db:JVNDBid:JVNDB-2014-008918date:2020-03-04T00:00:00
db:CNNVDid:CNNVD-202002-777date:2020-02-13T00:00:00
db:NVDid:CVE-2014-1617date:2020-02-13T22:15:11.127