VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-201503-0091 CVE-2015-1067 SSL/TLS implementations accept export-grade RSA keys (FREAK attack) CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1637. This case "FREAK" Vulnerability related to the problem. This vulnerability CVE-2015-0204 and CVE-2015-1637 Is a different vulnerability.Skillfully crafted by a third party TLS Through traffic EXPORT_RSA A cipher suite downgrade attack may be performed on the cipher. SSL/TLS Some implementations of export grade without intentional setting (512 Below bit ) of RSA Something accepts the key. Man-in-the-middle attacks against such software (man-in-the-middle attack) Is performed, the key used for encryption is decrypted, SSL/TLS The traffic content may be decrypted. this is" FREAK It is also called “attack”. Algorithm downgrade (CWE-757) CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') https://cwe.mitre.org/data/definitions/757.html Incorrect cipher strength (CWE-326) CWE-326: Inadequate Encryption Strength https://cwe.mitre.org/data/definitions/326.html SSL/TLS Some implementations of export grade without intentional setting (512 Below bit ) of RSA Something accepts the key. If a man-in-the-middle attack is performed on such software, it is guided to use a weak key in the negotiation at the start of communication, and as a result, encrypted information may be decrypted. The discoverer has released detailed information about this matter. FREAK: Factoring RSA Export Keys https://www.smacktls.com/#freakMan-in-the-middle attacks (man-in-the-middle attack) By SSL/TLS The contents of the communication may be decrypted. Apple iOS, Mac Os X, and TV are prone to a security-bypass vulnerability. Successfully exploiting these issues may allow attackers to perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. in the United States. A security vulnerability exists in the Secure Transport of several Apple products. The vulnerability is caused by the program not properly restricting the transition of TLS state. The following products and versions are affected: Apple iOS versions prior to 8.2, Apple OS X versions prior to 10.10.2, and Apple TV versions prior to 7.1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-05-19-1 Watch OS 1.0.1 Watch OS 1.0.1 is now available and addresses the following: Certificate Trust Policy Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at https://support.apple.com/kb/204873 FontParser Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1093 : Marc Schoenefeld Foundation Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition Impact: An application using NSXMLParser may be misused to disclose information Description: An XML External Entity issue existed in NSXMLParser's handling of XML. This issue was addressed by not loading external entities across origins. CVE-ID CVE-2015-1092 : Ikuya Fukumoto IOHIDFamily Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in IOHIDFamily that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1096 : Ilja van Sprundel of IOActive IOAcceleratorFamily Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in IOAcceleratorFamily that led to the disclosure of kernel memory content. This issue was addressed by removing unneeded code. CVE-ID CVE-2015-1094 : Cererdlong of Alibaba Mobile Security Team Kernel Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition Impact: A malicious application may be able to cause a system denial of service Description: A race condition existed in the kernel's setreuid system call. This issue was addressed through improved state management. CVE-ID CVE-2015-1099 : Mark Mentovai of Google Inc. Kernel Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition Impact: An attacker with a privileged network position may be able to redirect user traffic to arbitrary hosts Description: ICMP redirects were enabled by default. This issue was addressed by disabling ICMP redirects. CVE-ID CVE-2015-1103 : Zimperium Mobile Security Labs Kernel Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition Impact: A remote attacker may be able to cause a denial of service Description: A state inconsistency issue existed in the handling of TCP out of band data. This issue was addressed through improved state management. CVE-ID CVE-2015-1105 : Kenton Varda of Sandstorm.io Kernel Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition Impact: A malicious application may escalate privileges using a compromised service intended to run with reduced privileges Description: setreuid and setregid system calls failed to drop privileges permanently. This issue was addressed by correctly dropping privileges. CVE-ID CVE-2015-1117 : Mark Mentovai of Google Inc. Kernel Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition Impact: A remote attacker may be able to bypass network filters Description: The system would treat some IPv6 packets from remote network interfaces as local packets. The issue was addressed by rejecting these packets. CVE-ID CVE-2015-1104 : Stephen Roettger of the Google Security Team Kernel Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition Impact: An attacker with a privileged network position may be able to cause a denial of service Description: A state inconsistency existed in the processing of TCP headers. This issue was addressed through improved state handling. CVE-ID CVE-2015-1102 : Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab Kernel Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition Impact: A malicious application may be able to cause unexpected system termination or read kernel memory Description: An out of bounds memory access issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1100 : Maxime Villard of m00nbsd Kernel Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1101 : lokihardt@ASRT working with HP's Zero Day Initiative Secure Transport Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition Impact: An attacker with a privileged network position may intercept SSL/TLS connections Description: Secure Transport accepted short ephemeral RSA keys, usually used only in export-strength RSA cipher suites, on connections using full-strength RSA cipher suites. This issue, also known as FREAK, only affected connections to servers which support export-strength RSA cipher suites, and was addressed by removing support for ephemeral RSA keys. CVE-ID CVE-2015-1067 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of Prosecco at Inria Paris Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/en-us/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJVW38oAAoJEBcWfLTuOo7tXpIP/3v/tqCIVXg28xQpAK2vRVtw S3clbM17RBsJ1b239DmGUdRNNCVimQCHk1dQ4M3szrXx73VjWroh1hSq2+hObL65 FGa4jYbns7OGbTr9YZW/fScJ9mnAuG1nDHcNLL8W2DyFuxNEJsCB668QPdTTMOoO Xpx8jZUZyXIyX2V3Ch1qasXsSV0IwSA5GPg5IFFFuaNXGC62AXx49UmFTtjBCs4w bvTRPKKBowuP80zmIaxlWpGXhTIe8TwjCDGSejk5kdddcqjXe1yzA1UPM+uBTHZK 7xOX55CctqT2LkO4ND6EWaaPUozDJtEoUf+pFjnJmZxNd6BHPx86KbkUw3lcBXso xZplhgaFlaA4UTxMLFJONId0DYtyXH7CLOYW9BKjyzMMo0YZHdt/2CQ1HQKfzQ9m bT+MT/wdFcgCjr90GLG9OFLCwf5h8bAHRtpvhWrV78ek6V92GuwjZUA8x18avNQO 1th8l49j+JN+OcVv0bvmxVSQpFurTfVRAxZ9lTq4VDdqZanwbvP6INOB8wxhKNbK 8phc4Amh8TwFf2esdmMWawWWAqxXL1+2D+MWxR+C8Hm4CWyxYvKhvHacM20IDTfF 6exVyn4D9FhnT16ggkF6qH9vOOrQk3msHmxdC3fdE4dRhR8W7xRbuNEMXn3CyP6f ssKTqTcaARrUZzOjyx2Z =HMct -----END PGP SIGNATURE----- . CVE-ID CVE-2015-1063 : Roman Digerberg, Sweden iCloud Keychain Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: Multiple buffer overflows existed in the handling of data during iCloud Keychain recovery. CVE-ID CVE-2015-1061 : Ian Beer of Google Project Zero MobileStorageMounter Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to create folders in trusted locations in the file system Description: An issue existed in the developer disk mounting logic which resulted in invalid disk image folders not being deleted. CVE-ID CVE-2015-1067 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of Prosecco at Inria Paris Springboard Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to see the home screen of the device even if the device is not activated Description: An unexpected application termination during activation could have caused the device to show the home screen. CVE-ID CVE-2015-1064 Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "8.2". CVE-ID CVE-2015-1061 : Ian Beer of Google Project Zero Kernel Available for: OS X Yosemite v10.10.2 Impact: Maliciously crafted or compromised applications may be able to determine addresses in the kernel Description: The mach_port_kobject kernel interface leaked kernel addresses and heap permutation value, which may aid in bypassing address space layout randomization protection
VAR-201503-0017 CVE-2015-1595 SPCanywhere Information Disclosure Vulnerability CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
The Siemens SPCanywhere application for Android and iOS does not use encryption during lookups of system ID to IP address mappings, which allows man-in-the-middle attackers to discover alarm IP addresses and spoof servers by intercepting the client-server data stream. SPCanywhere is a mobile app. The Siemens SPC intrusion alarm system can be accessed remotely via a mobile phone. SPCanywhere has an information disclosure vulnerability that allows an attacker to exploit a vulnerability to obtain sensitive information. SPCanywhere is prone to an information-disclosure vulnerability. A security vulnerability exists in the Siemens SPCanywhere application based on the Android and iOS platforms
VAR-201503-0018 CVE-2015-1596 SPCanywhere SSL Certificate Verification Security Restriction Bypass Vulnerability CVSS V2: 5.8
CVSS V3: -
Severity: MEDIUM
The Siemens SPCanywhere application for Android and iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. SPCanywhere is a mobile app that provides remote access to the Siemens SPC intrusion alarm system via a mobile phone. SPCanywhere has an SSL certificate verification security limit bypass vulnerability that is caused by an application failing to properly validate an SSL certificate. Allows an attacker to conduct a man-in-the-middle attack, or pretend to be a trusted server, initiating further attack assistance. There is a security vulnerability in the Siemens SPCanywhere application based on Android and iOS platforms
VAR-201503-0020 CVE-2015-1598 SPCanywhere Local Information Disclosure Vulnerability CVSS V2: 2.1
CVSS V3: -
Severity: LOW
The Siemens SPCanywhere application for Android does not properly store application passwords, which allows physically proximate attackers to obtain sensitive information by examining the device filesystem. SPCanywhere is a mobile app. The Siemens SPC intrusion alarm system can be accessed remotely via a mobile phone. SPCanywhere has a local information disclosure vulnerability that allows an attacker to exploit a vulnerability to obtain sensitive information. SPCanywhere is prone to local information-disclosure vulnerability. Information obtained may lead to further attacks. The vulnerability stems from the program not storing the application password correctly
VAR-201503-0021 CVE-2015-1599 SPCanywhere Authentication Bypass Vulnerability CVSS V2: 2.1
CVSS V3: -
Severity: LOW
The Siemens SPCanywhere application for iOS allows physically proximate attackers to bypass intended access restrictions by leveraging a filesystem architectural error. SPCanywhere is a mobile app. The Siemens SPC intrusion alarm system can be accessed remotely via a mobile phone. SPCanywhere has an authentication bypass vulnerability that allows an attacker to bypass certain security restrictions and perform unauthorized operations. Siemens SPCanywhere is prone to an authentication-bypass vulnerability. A security vulnerability exists in the Siemens SPCanywhere application based on the iOS platform
VAR-201503-0009 CVE-2014-9369 Multiple products Siemens SPC Service disruption in the controller (DoS) Vulnerabilities CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
Siemens SPC controllers SPC4000, SPC5000, and SPC6000 before 3.6.0 allow remote attackers to cause a denial of service (device restart) via crafted packets. The Siemens SPC controller is a controller device from Siemens
VAR-201503-0239 CVE-2015-2177 Siemens SIMATIC S7-300 CPU Service disruption on devices (DoS) Vulnerabilities

Related entries in the VARIoT exploits database: VAR-E-201805-0048
CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
Siemens SIMATIC S7-300 CPU devices allow remote attackers to cause a denial of service (defect-mode transition) via crafted packets on (1) TCP port 102 or (2) Profibus. Siemens SIMATIC is an automation software in a single engineering environment. The Siemens SIMATIC S7-300 fails to correctly handle the messages sent by the user via Proibus to Port 102/TCP (ISO-TSAP), allowing the attacker to exploit the vulnerability to crash the application. Siemens SIMATIC S7-300 is prone to a denial-of-service vulnerability. Remote attackers may exploit this issue to cause denial-of-service conditions, denying service to legitimate users. Siemens SIMATIC S7-300 CPU is a modular general-purpose controller used in the manufacturing industry by Siemens of Germany. A security vulnerability exists in Siemens SIMATIC S7-300 CPU devices
VAR-201503-0113 CVE-2015-0598 Cisco IOS and IOS XE of RADIUS Service disruption in implementations (DoS) Vulnerabilities CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
The RADIUS implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted IPv6 Attributes in Access-Accept packets, aka Bug IDs CSCur84322 and CSCur27693. Vendors have confirmed this vulnerability Bug ID CSCur84322 ,and CSCur27693 It is released as. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. http://cwe.mitre.org/data/definitions/19.htmlSkillfully crafted by a third party Access-Accept Packet IPv6 Service disruption through the attributes of ( Device reload ) There is a possibility of being put into a state. Both Cisco IOS and IOS-XE are operating systems developed by Cisco for its network devices. Successful exploits may allow attackers to cause denial-of-service condition, denying service to legitimate users. This issue is being tracked by Cisco Bug IDs CSCur84322 and CSCur27693
VAR-201503-0161 CVE-2015-0657 Cisco IOS XR Service disruption in (DoS) Vulnerabilities CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCur69192. Cisco IOS XR is a fully modular, distributed network operating system from Cisco's IOS software family. This issue is being tracked by Cisco Bug ID CSCur69192
VAR-201503-0163 CVE-2015-0659 Cisco IOS of Autonomic Networking Infrastructure Vulnerabilities triggered by self-reference adjacency in implementations CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS allows remote attackers to trigger self-referential adjacencies via a crafted Autonomic Networking (AN) message, aka Bug ID CSCup62157. Cisco IOS is an operating system developed by Cisco Systems for its network devices. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. This issue is being tracked by Cisco Bug ID CSCup62157
VAR-201503-0165 CVE-2015-0661 Cisco IOS XR of SNMPv2 Service disruption in implementations (DoS) Vulnerabilities CVSS V2: 4.0
CVSS V3: -
Severity: MEDIUM
The SNMPv2 implementation in Cisco IOS XR allows remote authenticated users to cause a denial of service (snmpd daemon reload) via a malformed SNMP packet, aka Bug ID CSCur25858. Cisco IOS XR is a fully modular, distributed network operating system from Cisco's IOS software family. A security vulnerability exists in the Cisco Network IOS XR Simple Network Management Protocol version 2 (SNMPv2) process. Attackers can exploit this issue to cause the snmpd process on the affected device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCur25858
VAR-201503-0327 CVE-2014-7895 HP Point of Sale PCs Running Windows With OPOS Drivers Arbitrary Code Execution Vulnerability CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSCashDrawer.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, Value Serial/USB Receipt printers, and USB Standard Duty cash drawers, aka ZDI-CAN-2505. Windows for HP Point of Sale Run on product OLE Point of Sale (OPOS) The driver contains a vulnerability that allows arbitrary code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the Open method in OPOSCashDrawer.ocx. By supplying an overly long string to this method, an attacker can exploit this condition to achieve code execution under the context of the browser process. Attackers can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts may result in a denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04583185 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04583185 Version: 2 HPSBHF03279 rev.2 - HP Point of Sale PCs Running Windows with OPOS Drivers, Remote Execution of Code NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. These vulnerabilities could be remotely exploited resulting in execution of code. References: CVE-2014-7888 (ZDI-CAN-2512, SSRT101696) CVE-2014-7889 (ZDI-CAN-2511, SSRT101695) CVE-2014-7890 (ZDI-CAN-2510, SSRT101694) CVE-2014-7891 (ZDI-CAN-2509, SSRT101693) CVE-2014-7892 (ZDI-CAN-2508, SSRT101692) CVE-2014-7893 (ZDI-CAN-2507, SSRT101691) CVE-2014-7894 (ZDI-CAN-2506, SSRT101690) CVE-2014-7895 (ZDI-CAN-2505, SSRT101689) CVE-2014-7897 (SSRT101689) CVE-2014-7898 (SSRT101689) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The package contains update common control objects for all of the impacted products in the table below. Download the SP70564 from the Support and Drivers site for the impacted product. Go to http://www.hp.com : Chose Support then Download Drivers Enter in your POS system name, such as product name HP rp5800 Retail System then click on Go. Choose the Appropriate OS after selecting the link for the appropriate product. The latest drivers will be in the Software - POS section. Download the OPOS Common Control Objects v1.13.003 Softpaq. HP Product Description Prod Num CVE Number, Impacted Driver Monitors HP Retail RP7 VFD Customer Display QZ701AA / AT CVE-2014-7889 OPOSLineDisplay.ocx HP Retail Integrated 2x20 Display G6U79AA / AT CVE-2014-7889 OPOSLineDisplay.ocx HP Retail Integrated 2x20 Complex G7G29AA / AT CVE-2014-7889 OPOSLineDisplay.ocx Printers HP PUSB Thermal Receipt Printer ALL FK224AA / AT CVE-2014-7895 OPOSCashDrawer.ocx CVE-2014-7894 OPOSPOSPrinter.ocx CVE-2014-7888 OPOSMICR.ocx CVE-2014-7893 OPOSCheckScanner.ocx HP SerialUSB Thermal Receipt Printer BM476AA / AT CVE-2014-7895 OPOSCashDrawer.ocx CVE-2014-7894 OPOSPOSPrinter.ocx CVE-2014-7888 OPOSMICR.ocx CVE-2014-7893 OPOSCheckScanner.ocx HP Hybrid POS Printer with MICR US FK184AA / AT CVE-2014-7895 OPOSCashDrawer.ocx CVE-2014-7894 OPOSPOSPrinter.ocx CVE-2014-7888 OPOSMICR.ocx CVE-2014-7893 OPOSCheckScanner.ocx HP Value PUSB Receipt Printer F7M67AA / AT CVE-2014-7895 OPOSCashDrawer.ocx CVE-2014-7894 OPOSPOSPrinter.ocx CVE-2014-7888 OPOSMICR.ocx CVE-2014-7893 OPOSCheckScanner.ocx HP Value Serial/USB Receipt Printer ALL F7M66AA / AT CVE-2014-7895 OPOSCashDrawer.ocx CVE-2014-7894 OPOSPOSPrinter.ocx CVE-2014-7888 OPOSMICR.ocx CVE-2014-7893 OPOSCheckScanner.ocx Cash Drawers HP USB Standard Duty Cash Drawer E8E45AA / AT CVE-2014-7895 OPOSCashDrawer.ocx MSR HP Mini MSR FK186AA / AT CVE-2014-7892 OPOSMSR.ocx HP Retail Integrated Dual-Head MSR QZ673AA / AT CVE-2014-7892 OPOSMSR.ocx HP Integrated Single Head MSR w/o SRED J1A33AA / AT CVE-2014-7892 OPOSMSR.ocx HP Integrated Single Head w/o MSR SRED J1A34AA / AT CVE-2014-7892 OPOSMSR.ocx HP RP7 Single Head MSR w/o SRED K1K15AA/AT CVE-2014-7892 OPOSMSR.ocx Keyboards HP POS Keyboard FK221AA / AT CVE-2014-7891 OPOSPOSKeyboard.ocx CVE-2014-7892 OPOSMSR.ocx CVE-2014-7890 OPOSToneIndicator.ocx HP POS Keyboard with MSR FK218AA / AT CVE-2014-7891 OPOSPOSKeyboard.ocx CVE-2014-7892 OPOSMSR.ocx CVE-2014-7890 OPOSToneIndicator.ocx Pole Displays POS Pole Display FK225AA / AT CVE-2014-7889 OPOSLineDisplay.ocx HP Graphical POS Pole Display QZ704AA / AT CVE-2014-7889 OPOSLineDisplay.ocx HP LCD Pole Display F7A93AA / AT CVE-2014-7889 OPOSLineDisplay.ocx Scanners HP Imaging Barcode Scanner BW868AA / AT CVE-2014-7897 OPOSScanner.ocx HP Linear Barcode Scanner QY405AA / AT CVE-2014-7897 OPOSScanner.ocx HP Presentation Barcode Scanner QY439AA / AT CVE-2014-7897 OPOSScanner.ocx HP Retail Integrated Barcode Scanner E1L07AA / AT CVE-2014-7897 OPOSScanner.ocx HP Wireless Barcode Scanner E6P34AA / AT CVE-2014-7897 OPOSScanner.ocx HP 2D Value Wireless Scanner K3L28AA CVE-2014-7897 OPOSScanner.ocx HISTORY Version:1 (rev.1) - 4 March 2015 Initial release Version:2 (rev.2) - 20 March 2015 Corrected and clarified download instructions Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iEYEARECAAYFAlUMUjIACgkQ4B86/C0qfVkuCwCcC+h95jOOyvg4mWsqhdPSXYbV 9wEAniU7Opjr4sXaxMR+P0nqd3A6n+Zu =CQuO -----END PGP SIGNATURE-----
VAR-201503-0320 CVE-2014-7888 HP Point of Sale PCs Running Windows With OPOS Drivers Arbitrary Code Execution Vulnerability CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSMICR.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, and Value Serial/USB Receipt printers, aka ZDI-CAN-2512. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the Open method in OPOSMICR.ocx. By supplying an overly long string to this method, an attacker can exploit this condition to achieve code execution under the context of the browser process. Attackers can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts may result in a denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04583185 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04583185 Version: 2 HPSBHF03279 rev.2 - HP Point of Sale PCs Running Windows with OPOS Drivers, Remote Execution of Code NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. These vulnerabilities could be remotely exploited resulting in execution of code. References: CVE-2014-7888 (ZDI-CAN-2512, SSRT101696) CVE-2014-7889 (ZDI-CAN-2511, SSRT101695) CVE-2014-7890 (ZDI-CAN-2510, SSRT101694) CVE-2014-7891 (ZDI-CAN-2509, SSRT101693) CVE-2014-7892 (ZDI-CAN-2508, SSRT101692) CVE-2014-7893 (ZDI-CAN-2507, SSRT101691) CVE-2014-7894 (ZDI-CAN-2506, SSRT101690) CVE-2014-7895 (ZDI-CAN-2505, SSRT101689) CVE-2014-7897 (SSRT101689) CVE-2014-7898 (SSRT101689) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The package contains update common control objects for all of the impacted products in the table below. Download the SP70564 from the Support and Drivers site for the impacted product. Go to http://www.hp.com : Chose Support then Download Drivers Enter in your POS system name, such as product name HP rp5800 Retail System then click on Go. Choose the Appropriate OS after selecting the link for the appropriate product. The latest drivers will be in the Software - POS section. Download the OPOS Common Control Objects v1.13.003 Softpaq. HP Product Description Prod Num CVE Number, Impacted Driver Monitors HP Retail RP7 VFD Customer Display QZ701AA / AT CVE-2014-7889 OPOSLineDisplay.ocx HP Retail Integrated 2x20 Display G6U79AA / AT CVE-2014-7889 OPOSLineDisplay.ocx HP Retail Integrated 2x20 Complex G7G29AA / AT CVE-2014-7889 OPOSLineDisplay.ocx Printers HP PUSB Thermal Receipt Printer ALL FK224AA / AT CVE-2014-7895 OPOSCashDrawer.ocx CVE-2014-7894 OPOSPOSPrinter.ocx CVE-2014-7888 OPOSMICR.ocx CVE-2014-7893 OPOSCheckScanner.ocx HP SerialUSB Thermal Receipt Printer BM476AA / AT CVE-2014-7895 OPOSCashDrawer.ocx CVE-2014-7894 OPOSPOSPrinter.ocx CVE-2014-7888 OPOSMICR.ocx CVE-2014-7893 OPOSCheckScanner.ocx HP Hybrid POS Printer with MICR US FK184AA / AT CVE-2014-7895 OPOSCashDrawer.ocx CVE-2014-7894 OPOSPOSPrinter.ocx CVE-2014-7888 OPOSMICR.ocx CVE-2014-7893 OPOSCheckScanner.ocx HP Value PUSB Receipt Printer F7M67AA / AT CVE-2014-7895 OPOSCashDrawer.ocx CVE-2014-7894 OPOSPOSPrinter.ocx CVE-2014-7888 OPOSMICR.ocx CVE-2014-7893 OPOSCheckScanner.ocx HP Value Serial/USB Receipt Printer ALL F7M66AA / AT CVE-2014-7895 OPOSCashDrawer.ocx CVE-2014-7894 OPOSPOSPrinter.ocx CVE-2014-7888 OPOSMICR.ocx CVE-2014-7893 OPOSCheckScanner.ocx Cash Drawers HP USB Standard Duty Cash Drawer E8E45AA / AT CVE-2014-7895 OPOSCashDrawer.ocx MSR HP Mini MSR FK186AA / AT CVE-2014-7892 OPOSMSR.ocx HP Retail Integrated Dual-Head MSR QZ673AA / AT CVE-2014-7892 OPOSMSR.ocx HP Integrated Single Head MSR w/o SRED J1A33AA / AT CVE-2014-7892 OPOSMSR.ocx HP Integrated Single Head w/o MSR SRED J1A34AA / AT CVE-2014-7892 OPOSMSR.ocx HP RP7 Single Head MSR w/o SRED K1K15AA/AT CVE-2014-7892 OPOSMSR.ocx Keyboards HP POS Keyboard FK221AA / AT CVE-2014-7891 OPOSPOSKeyboard.ocx CVE-2014-7892 OPOSMSR.ocx CVE-2014-7890 OPOSToneIndicator.ocx HP POS Keyboard with MSR FK218AA / AT CVE-2014-7891 OPOSPOSKeyboard.ocx CVE-2014-7892 OPOSMSR.ocx CVE-2014-7890 OPOSToneIndicator.ocx Pole Displays POS Pole Display FK225AA / AT CVE-2014-7889 OPOSLineDisplay.ocx HP Graphical POS Pole Display QZ704AA / AT CVE-2014-7889 OPOSLineDisplay.ocx HP LCD Pole Display F7A93AA / AT CVE-2014-7889 OPOSLineDisplay.ocx Scanners HP Imaging Barcode Scanner BW868AA / AT CVE-2014-7897 OPOSScanner.ocx HP Linear Barcode Scanner QY405AA / AT CVE-2014-7897 OPOSScanner.ocx HP Presentation Barcode Scanner QY439AA / AT CVE-2014-7897 OPOSScanner.ocx HP Retail Integrated Barcode Scanner E1L07AA / AT CVE-2014-7897 OPOSScanner.ocx HP Wireless Barcode Scanner E6P34AA / AT CVE-2014-7897 OPOSScanner.ocx HP 2D Value Wireless Scanner K3L28AA CVE-2014-7897 OPOSScanner.ocx HISTORY Version:1 (rev.1) - 4 March 2015 Initial release Version:2 (rev.2) - 20 March 2015 Corrected and clarified download instructions Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iEYEARECAAYFAlUMUjIACgkQ4B86/C0qfVkuCwCcC+h95jOOyvg4mWsqhdPSXYbV 9wEAniU7Opjr4sXaxMR+P0nqd3A6n+Zu =CQuO -----END PGP SIGNATURE-----
VAR-201503-0325 CVE-2014-7893 HP Point of Sale PCs Running Windows With OPOS Drivers Arbitrary Code Execution Vulnerability CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSCheckScanner.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, and Value Serial/USB Receipt printers, aka ZDI-CAN-2507. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the Open method in OPOSCheckScanner.ocx. By supplying an overly long string to this method, an attacker can exploit this condition to achieve code execution under the context of the browser process. Attackers can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts may result in a denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04583185 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04583185 Version: 2 HPSBHF03279 rev.2 - HP Point of Sale PCs Running Windows with OPOS Drivers, Remote Execution of Code NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. These vulnerabilities could be remotely exploited resulting in execution of code. References: CVE-2014-7888 (ZDI-CAN-2512, SSRT101696) CVE-2014-7889 (ZDI-CAN-2511, SSRT101695) CVE-2014-7890 (ZDI-CAN-2510, SSRT101694) CVE-2014-7891 (ZDI-CAN-2509, SSRT101693) CVE-2014-7892 (ZDI-CAN-2508, SSRT101692) CVE-2014-7893 (ZDI-CAN-2507, SSRT101691) CVE-2014-7894 (ZDI-CAN-2506, SSRT101690) CVE-2014-7895 (ZDI-CAN-2505, SSRT101689) CVE-2014-7897 (SSRT101689) CVE-2014-7898 (SSRT101689) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The package contains update common control objects for all of the impacted products in the table below. Download the SP70564 from the Support and Drivers site for the impacted product. Go to http://www.hp.com : Chose Support then Download Drivers Enter in your POS system name, such as product name HP rp5800 Retail System then click on Go. Choose the Appropriate OS after selecting the link for the appropriate product. The latest drivers will be in the Software - POS section. Download the OPOS Common Control Objects v1.13.003 Softpaq. HP Product Description Prod Num CVE Number, Impacted Driver Monitors HP Retail RP7 VFD Customer Display QZ701AA / AT CVE-2014-7889 OPOSLineDisplay.ocx HP Retail Integrated 2x20 Display G6U79AA / AT CVE-2014-7889 OPOSLineDisplay.ocx HP Retail Integrated 2x20 Complex G7G29AA / AT CVE-2014-7889 OPOSLineDisplay.ocx Printers HP PUSB Thermal Receipt Printer ALL FK224AA / AT CVE-2014-7895 OPOSCashDrawer.ocx CVE-2014-7894 OPOSPOSPrinter.ocx CVE-2014-7888 OPOSMICR.ocx CVE-2014-7893 OPOSCheckScanner.ocx HP SerialUSB Thermal Receipt Printer BM476AA / AT CVE-2014-7895 OPOSCashDrawer.ocx CVE-2014-7894 OPOSPOSPrinter.ocx CVE-2014-7888 OPOSMICR.ocx CVE-2014-7893 OPOSCheckScanner.ocx HP Hybrid POS Printer with MICR US FK184AA / AT CVE-2014-7895 OPOSCashDrawer.ocx CVE-2014-7894 OPOSPOSPrinter.ocx CVE-2014-7888 OPOSMICR.ocx CVE-2014-7893 OPOSCheckScanner.ocx HP Value PUSB Receipt Printer F7M67AA / AT CVE-2014-7895 OPOSCashDrawer.ocx CVE-2014-7894 OPOSPOSPrinter.ocx CVE-2014-7888 OPOSMICR.ocx CVE-2014-7893 OPOSCheckScanner.ocx HP Value Serial/USB Receipt Printer ALL F7M66AA / AT CVE-2014-7895 OPOSCashDrawer.ocx CVE-2014-7894 OPOSPOSPrinter.ocx CVE-2014-7888 OPOSMICR.ocx CVE-2014-7893 OPOSCheckScanner.ocx Cash Drawers HP USB Standard Duty Cash Drawer E8E45AA / AT CVE-2014-7895 OPOSCashDrawer.ocx MSR HP Mini MSR FK186AA / AT CVE-2014-7892 OPOSMSR.ocx HP Retail Integrated Dual-Head MSR QZ673AA / AT CVE-2014-7892 OPOSMSR.ocx HP Integrated Single Head MSR w/o SRED J1A33AA / AT CVE-2014-7892 OPOSMSR.ocx HP Integrated Single Head w/o MSR SRED J1A34AA / AT CVE-2014-7892 OPOSMSR.ocx HP RP7 Single Head MSR w/o SRED K1K15AA/AT CVE-2014-7892 OPOSMSR.ocx Keyboards HP POS Keyboard FK221AA / AT CVE-2014-7891 OPOSPOSKeyboard.ocx CVE-2014-7892 OPOSMSR.ocx CVE-2014-7890 OPOSToneIndicator.ocx HP POS Keyboard with MSR FK218AA / AT CVE-2014-7891 OPOSPOSKeyboard.ocx CVE-2014-7892 OPOSMSR.ocx CVE-2014-7890 OPOSToneIndicator.ocx Pole Displays POS Pole Display FK225AA / AT CVE-2014-7889 OPOSLineDisplay.ocx HP Graphical POS Pole Display QZ704AA / AT CVE-2014-7889 OPOSLineDisplay.ocx HP LCD Pole Display F7A93AA / AT CVE-2014-7889 OPOSLineDisplay.ocx Scanners HP Imaging Barcode Scanner BW868AA / AT CVE-2014-7897 OPOSScanner.ocx HP Linear Barcode Scanner QY405AA / AT CVE-2014-7897 OPOSScanner.ocx HP Presentation Barcode Scanner QY439AA / AT CVE-2014-7897 OPOSScanner.ocx HP Retail Integrated Barcode Scanner E1L07AA / AT CVE-2014-7897 OPOSScanner.ocx HP Wireless Barcode Scanner E6P34AA / AT CVE-2014-7897 OPOSScanner.ocx HP 2D Value Wireless Scanner K3L28AA CVE-2014-7897 OPOSScanner.ocx HISTORY Version:1 (rev.1) - 4 March 2015 Initial release Version:2 (rev.2) - 20 March 2015 Corrected and clarified download instructions Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iEYEARECAAYFAlUMUjIACgkQ4B86/C0qfVkuCwCcC+h95jOOyvg4mWsqhdPSXYbV 9wEAniU7Opjr4sXaxMR+P0nqd3A6n+Zu =CQuO -----END PGP SIGNATURE-----
VAR-201503-0329 CVE-2014-7897 HP Point of Sale PCs Running Windows With OPOS Drivers Arbitrary Code Execution Vulnerability CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSScanner.ocx for Imaging Barcode scanners, Linear Barcode scanners, Presentation Barcode scanners, Retail Integrated Barcode scanners, Wireless Barcode scanners, and 2D Value Wireless scanners. HP Point of Sale PCs running Windows with OPOS Drivers are prone to multiple arbitrary code-execution vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts may result in a denial-of-service condition. HP Point of Sale PCs running OPOS drivers prior to 1.13.003 are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04583185 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04583185 Version: 2 HPSBHF03279 rev.2 - HP Point of Sale PCs Running Windows with OPOS Drivers, Remote Execution of Code NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. These vulnerabilities could be remotely exploited resulting in execution of code. References: CVE-2014-7888 (ZDI-CAN-2512, SSRT101696) CVE-2014-7889 (ZDI-CAN-2511, SSRT101695) CVE-2014-7890 (ZDI-CAN-2510, SSRT101694) CVE-2014-7891 (ZDI-CAN-2509, SSRT101693) CVE-2014-7892 (ZDI-CAN-2508, SSRT101692) CVE-2014-7893 (ZDI-CAN-2507, SSRT101691) CVE-2014-7894 (ZDI-CAN-2506, SSRT101690) CVE-2014-7895 (ZDI-CAN-2505, SSRT101689) CVE-2014-7897 (SSRT101689) CVE-2014-7898 (SSRT101689) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The package contains update common control objects for all of the impacted products in the table below. Download the SP70564 from the Support and Drivers site for the impacted product. Go to http://www.hp.com : Chose Support then Download Drivers Enter in your POS system name, such as product name HP rp5800 Retail System then click on Go. Choose the Appropriate OS after selecting the link for the appropriate product. The latest drivers will be in the Software - POS section. Download the OPOS Common Control Objects v1.13.003 Softpaq. HP Product Description Prod Num CVE Number, Impacted Driver Monitors HP Retail RP7 VFD Customer Display QZ701AA / AT CVE-2014-7889 OPOSLineDisplay.ocx HP Retail Integrated 2x20 Display G6U79AA / AT CVE-2014-7889 OPOSLineDisplay.ocx HP Retail Integrated 2x20 Complex G7G29AA / AT CVE-2014-7889 OPOSLineDisplay.ocx Printers HP PUSB Thermal Receipt Printer ALL FK224AA / AT CVE-2014-7895 OPOSCashDrawer.ocx CVE-2014-7894 OPOSPOSPrinter.ocx CVE-2014-7888 OPOSMICR.ocx CVE-2014-7893 OPOSCheckScanner.ocx HP SerialUSB Thermal Receipt Printer BM476AA / AT CVE-2014-7895 OPOSCashDrawer.ocx CVE-2014-7894 OPOSPOSPrinter.ocx CVE-2014-7888 OPOSMICR.ocx CVE-2014-7893 OPOSCheckScanner.ocx HP Hybrid POS Printer with MICR US FK184AA / AT CVE-2014-7895 OPOSCashDrawer.ocx CVE-2014-7894 OPOSPOSPrinter.ocx CVE-2014-7888 OPOSMICR.ocx CVE-2014-7893 OPOSCheckScanner.ocx HP Value PUSB Receipt Printer F7M67AA / AT CVE-2014-7895 OPOSCashDrawer.ocx CVE-2014-7894 OPOSPOSPrinter.ocx CVE-2014-7888 OPOSMICR.ocx CVE-2014-7893 OPOSCheckScanner.ocx HP Value Serial/USB Receipt Printer ALL F7M66AA / AT CVE-2014-7895 OPOSCashDrawer.ocx CVE-2014-7894 OPOSPOSPrinter.ocx CVE-2014-7888 OPOSMICR.ocx CVE-2014-7893 OPOSCheckScanner.ocx Cash Drawers HP USB Standard Duty Cash Drawer E8E45AA / AT CVE-2014-7895 OPOSCashDrawer.ocx MSR HP Mini MSR FK186AA / AT CVE-2014-7892 OPOSMSR.ocx HP Retail Integrated Dual-Head MSR QZ673AA / AT CVE-2014-7892 OPOSMSR.ocx HP Integrated Single Head MSR w/o SRED J1A33AA / AT CVE-2014-7892 OPOSMSR.ocx HP Integrated Single Head w/o MSR SRED J1A34AA / AT CVE-2014-7892 OPOSMSR.ocx HP RP7 Single Head MSR w/o SRED K1K15AA/AT CVE-2014-7892 OPOSMSR.ocx Keyboards HP POS Keyboard FK221AA / AT CVE-2014-7891 OPOSPOSKeyboard.ocx CVE-2014-7892 OPOSMSR.ocx CVE-2014-7890 OPOSToneIndicator.ocx HP POS Keyboard with MSR FK218AA / AT CVE-2014-7891 OPOSPOSKeyboard.ocx CVE-2014-7892 OPOSMSR.ocx CVE-2014-7890 OPOSToneIndicator.ocx Pole Displays POS Pole Display FK225AA / AT CVE-2014-7889 OPOSLineDisplay.ocx HP Graphical POS Pole Display QZ704AA / AT CVE-2014-7889 OPOSLineDisplay.ocx HP LCD Pole Display F7A93AA / AT CVE-2014-7889 OPOSLineDisplay.ocx Scanners HP Imaging Barcode Scanner BW868AA / AT CVE-2014-7897 OPOSScanner.ocx HP Linear Barcode Scanner QY405AA / AT CVE-2014-7897 OPOSScanner.ocx HP Presentation Barcode Scanner QY439AA / AT CVE-2014-7897 OPOSScanner.ocx HP Retail Integrated Barcode Scanner E1L07AA / AT CVE-2014-7897 OPOSScanner.ocx HP Wireless Barcode Scanner E6P34AA / AT CVE-2014-7897 OPOSScanner.ocx HP 2D Value Wireless Scanner K3L28AA CVE-2014-7897 OPOSScanner.ocx HISTORY Version:1 (rev.1) - 4 March 2015 Initial release Version:2 (rev.2) - 20 March 2015 Corrected and clarified download instructions Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iEYEARECAAYFAlUMUjIACgkQ4B86/C0qfVkuCwCcC+h95jOOyvg4mWsqhdPSXYbV 9wEAniU7Opjr4sXaxMR+P0nqd3A6n+Zu =CQuO -----END PGP SIGNATURE-----
VAR-201503-0326 CVE-2014-7894 HP Point of Sale PCs Running Windows With OPOS Drivers Arbitrary Code Execution Vulnerability CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSPOSPrinter.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, and Value Serial/USB Receipt printers, aka ZDI-CAN-2506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the Open method in OPOSPOSPrinter.ocx. By supplying an overly long string to this method, an attacker can exploit this condition to achieve code execution under the context of the browser process. Attackers can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts may result in a denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04583185 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04583185 Version: 2 HPSBHF03279 rev.2 - HP Point of Sale PCs Running Windows with OPOS Drivers, Remote Execution of Code NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. These vulnerabilities could be remotely exploited resulting in execution of code. References: CVE-2014-7888 (ZDI-CAN-2512, SSRT101696) CVE-2014-7889 (ZDI-CAN-2511, SSRT101695) CVE-2014-7890 (ZDI-CAN-2510, SSRT101694) CVE-2014-7891 (ZDI-CAN-2509, SSRT101693) CVE-2014-7892 (ZDI-CAN-2508, SSRT101692) CVE-2014-7893 (ZDI-CAN-2507, SSRT101691) CVE-2014-7894 (ZDI-CAN-2506, SSRT101690) CVE-2014-7895 (ZDI-CAN-2505, SSRT101689) CVE-2014-7897 (SSRT101689) CVE-2014-7898 (SSRT101689) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The package contains update common control objects for all of the impacted products in the table below. Download the SP70564 from the Support and Drivers site for the impacted product. Go to http://www.hp.com : Chose Support then Download Drivers Enter in your POS system name, such as product name HP rp5800 Retail System then click on Go. Choose the Appropriate OS after selecting the link for the appropriate product. The latest drivers will be in the Software - POS section. Download the OPOS Common Control Objects v1.13.003 Softpaq. HP Product Description Prod Num CVE Number, Impacted Driver Monitors HP Retail RP7 VFD Customer Display QZ701AA / AT CVE-2014-7889 OPOSLineDisplay.ocx HP Retail Integrated 2x20 Display G6U79AA / AT CVE-2014-7889 OPOSLineDisplay.ocx HP Retail Integrated 2x20 Complex G7G29AA / AT CVE-2014-7889 OPOSLineDisplay.ocx Printers HP PUSB Thermal Receipt Printer ALL FK224AA / AT CVE-2014-7895 OPOSCashDrawer.ocx CVE-2014-7894 OPOSPOSPrinter.ocx CVE-2014-7888 OPOSMICR.ocx CVE-2014-7893 OPOSCheckScanner.ocx HP SerialUSB Thermal Receipt Printer BM476AA / AT CVE-2014-7895 OPOSCashDrawer.ocx CVE-2014-7894 OPOSPOSPrinter.ocx CVE-2014-7888 OPOSMICR.ocx CVE-2014-7893 OPOSCheckScanner.ocx HP Hybrid POS Printer with MICR US FK184AA / AT CVE-2014-7895 OPOSCashDrawer.ocx CVE-2014-7894 OPOSPOSPrinter.ocx CVE-2014-7888 OPOSMICR.ocx CVE-2014-7893 OPOSCheckScanner.ocx HP Value PUSB Receipt Printer F7M67AA / AT CVE-2014-7895 OPOSCashDrawer.ocx CVE-2014-7894 OPOSPOSPrinter.ocx CVE-2014-7888 OPOSMICR.ocx CVE-2014-7893 OPOSCheckScanner.ocx HP Value Serial/USB Receipt Printer ALL F7M66AA / AT CVE-2014-7895 OPOSCashDrawer.ocx CVE-2014-7894 OPOSPOSPrinter.ocx CVE-2014-7888 OPOSMICR.ocx CVE-2014-7893 OPOSCheckScanner.ocx Cash Drawers HP USB Standard Duty Cash Drawer E8E45AA / AT CVE-2014-7895 OPOSCashDrawer.ocx MSR HP Mini MSR FK186AA / AT CVE-2014-7892 OPOSMSR.ocx HP Retail Integrated Dual-Head MSR QZ673AA / AT CVE-2014-7892 OPOSMSR.ocx HP Integrated Single Head MSR w/o SRED J1A33AA / AT CVE-2014-7892 OPOSMSR.ocx HP Integrated Single Head w/o MSR SRED J1A34AA / AT CVE-2014-7892 OPOSMSR.ocx HP RP7 Single Head MSR w/o SRED K1K15AA/AT CVE-2014-7892 OPOSMSR.ocx Keyboards HP POS Keyboard FK221AA / AT CVE-2014-7891 OPOSPOSKeyboard.ocx CVE-2014-7892 OPOSMSR.ocx CVE-2014-7890 OPOSToneIndicator.ocx HP POS Keyboard with MSR FK218AA / AT CVE-2014-7891 OPOSPOSKeyboard.ocx CVE-2014-7892 OPOSMSR.ocx CVE-2014-7890 OPOSToneIndicator.ocx Pole Displays POS Pole Display FK225AA / AT CVE-2014-7889 OPOSLineDisplay.ocx HP Graphical POS Pole Display QZ704AA / AT CVE-2014-7889 OPOSLineDisplay.ocx HP LCD Pole Display F7A93AA / AT CVE-2014-7889 OPOSLineDisplay.ocx Scanners HP Imaging Barcode Scanner BW868AA / AT CVE-2014-7897 OPOSScanner.ocx HP Linear Barcode Scanner QY405AA / AT CVE-2014-7897 OPOSScanner.ocx HP Presentation Barcode Scanner QY439AA / AT CVE-2014-7897 OPOSScanner.ocx HP Retail Integrated Barcode Scanner E1L07AA / AT CVE-2014-7897 OPOSScanner.ocx HP Wireless Barcode Scanner E6P34AA / AT CVE-2014-7897 OPOSScanner.ocx HP 2D Value Wireless Scanner K3L28AA CVE-2014-7897 OPOSScanner.ocx HISTORY Version:1 (rev.1) - 4 March 2015 Initial release Version:2 (rev.2) - 20 March 2015 Corrected and clarified download instructions Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iEYEARECAAYFAlUMUjIACgkQ4B86/C0qfVkuCwCcC+h95jOOyvg4mWsqhdPSXYbV 9wEAniU7Opjr4sXaxMR+P0nqd3A6n+Zu =CQuO -----END PGP SIGNATURE-----
VAR-201503-0114 CVE-2015-0607 Cisco IOS of Authentication Proxy Vulnerabilities that bypass authentication in functions CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that triggers an invalid code, as demonstrated by a connection attempt with a blank password, aka Bug IDs CSCuo09400 and CSCun16016. Cisco IOS is an operating system developed by Cisco Systems for its network devices. A remote attacker could exploit the vulnerability to bypass authentication by sending a specially crafted connection request. This may lead to further attacks. This issue is tracked by Cisco Bug IDs CSCuo09400 and CSCun16016
VAR-201503-0367 CVE-2014-2130 Cisco Secure Access Control Server Vulnerable to application file and configuration file modification CVSS V2: 6.5
CVSS V3: -
Severity: MEDIUM
Cisco Secure Access Control Server (ACS) provides an unintentional administration web interface based on Apache Tomcat, which allows remote authenticated users to modify application files and configuration files, and consequently execute arbitrary code, by leveraging administrative privileges, aka Bug ID CSCuj83189. Cisco Secure Access Control Server is prone to a remote code-execution vulnerability. Remote attackers can exploit this issue to execute arbitrary code or cause the ACS web interface unreachable. This issue being tracked by Cisco Bug ID CSCuj83189
VAR-201503-0332 CVE-2014-9205 MICROSYS PROMOTIC Buffer Overflow Vulnerability CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data. Authentication is not required to exploit this vulnerability.The program blindly copies attacker-supplied data into a fixed-sized buffer without validating the length of this data resulting in a stack buffer overflow. The specific flaw exists within the PmBase64Decode function which ignores the passed-in length of the destination buffer. An attacker can exploit this condition to achieve code execution under the context of the process. MICROSYS PROMOTIC is a SCADA software. Failed exploit attempts will result in a denial-of-service condition
VAR-201503-0160 CVE-2015-0656 Cisco Network Analysis Module Login page cross-site scripting vulnerability CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
Cross-site scripting (XSS) vulnerability in the login page in Cisco Network Analysis Module (NAM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCum81269. Vendors have confirmed this vulnerability Bug ID CSCum81269 It is released as.By any third party Web Script or HTML May be inserted. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCum81269