VARIoT IoT vulnerabilities database
| VAR-201503-0091 | CVE-2015-1067 | SSL/TLS implementations accept export-grade RSA keys (FREAK attack) |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1637. This case "FREAK" Vulnerability related to the problem. This vulnerability CVE-2015-0204 and CVE-2015-1637 Is a different vulnerability.Skillfully crafted by a third party TLS Through traffic EXPORT_RSA A cipher suite downgrade attack may be performed on the cipher. SSL/TLS Some implementations of export grade without intentional setting (512 Below bit ) of RSA Something accepts the key. Man-in-the-middle attacks against such software (man-in-the-middle attack) Is performed, the key used for encryption is decrypted, SSL/TLS The traffic content may be decrypted. this is" FREAK It is also called “attack”. Algorithm downgrade (CWE-757) CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') https://cwe.mitre.org/data/definitions/757.html Incorrect cipher strength (CWE-326) CWE-326: Inadequate Encryption Strength https://cwe.mitre.org/data/definitions/326.html SSL/TLS Some implementations of export grade without intentional setting (512 Below bit ) of RSA Something accepts the key. If a man-in-the-middle attack is performed on such software, it is guided to use a weak key in the negotiation at the start of communication, and as a result, encrypted information may be decrypted. The discoverer has released detailed information about this matter. FREAK: Factoring RSA Export Keys https://www.smacktls.com/#freakMan-in-the-middle attacks (man-in-the-middle attack) By SSL/TLS The contents of the communication may be decrypted. Apple iOS, Mac Os X, and TV are prone to a security-bypass vulnerability.
Successfully exploiting these issues may allow attackers to perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. in the United States. A security vulnerability exists in the Secure Transport of several Apple products. The vulnerability is caused by the program not properly restricting the transition of TLS state. The following products and versions are affected: Apple iOS versions prior to 8.2, Apple OS X versions prior to 10.10.2, and Apple TV versions prior to 7.1. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2015-05-19-1 Watch OS 1.0.1
Watch OS 1.0.1 is now available and addresses the following:
Certificate Trust Policy
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at
https://support.apple.com/kb/204873
FontParser
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2015-1093 : Marc Schoenefeld
Foundation
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: An application using NSXMLParser may be misused to disclose
information
Description: An XML External Entity issue existed in NSXMLParser's
handling of XML. This issue was addressed by not loading external
entities across origins.
CVE-ID
CVE-2015-1092 : Ikuya Fukumoto
IOHIDFamily
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: A malicious application may be able to determine kernel
memory layout
Description: An issue existed in IOHIDFamily that led to the
disclosure of kernel memory content. This issue was addressed through
improved bounds checking.
CVE-ID
CVE-2015-1096 : Ilja van Sprundel of IOActive
IOAcceleratorFamily
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: A malicious application may be able to determine kernel
memory layout
Description: An issue existed in IOAcceleratorFamily that led to the
disclosure of kernel memory content. This issue was addressed by
removing unneeded code.
CVE-ID
CVE-2015-1094 : Cererdlong of Alibaba Mobile Security Team
Kernel
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: A malicious application may be able to cause a system denial
of service
Description: A race condition existed in the kernel's setreuid
system call. This issue was addressed through improved state
management.
CVE-ID
CVE-2015-1099 : Mark Mentovai of Google Inc.
Kernel
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: An attacker with a privileged network position may be able
to redirect user traffic to arbitrary hosts
Description: ICMP redirects were enabled by default. This issue was
addressed by disabling ICMP redirects.
CVE-ID
CVE-2015-1103 : Zimperium Mobile Security Labs
Kernel
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: A remote attacker may be able to cause a denial of service
Description: A state inconsistency issue existed in the handling of
TCP out of band data. This issue was addressed through improved state
management.
CVE-ID
CVE-2015-1105 : Kenton Varda of Sandstorm.io
Kernel
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: A malicious application may escalate privileges using a
compromised service intended to run with reduced privileges
Description: setreuid and setregid system calls failed to drop
privileges permanently. This issue was addressed by correctly
dropping privileges.
CVE-ID
CVE-2015-1117 : Mark Mentovai of Google Inc.
Kernel
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: A remote attacker may be able to bypass network filters
Description: The system would treat some IPv6 packets from remote
network interfaces as local packets. The issue was addressed by
rejecting these packets.
CVE-ID
CVE-2015-1104 : Stephen Roettger of the Google Security Team
Kernel
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: An attacker with a privileged network position may be able
to cause a denial of service
Description: A state inconsistency existed in the processing of TCP
headers. This issue was addressed through improved state handling.
CVE-ID
CVE-2015-1102 : Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab
Kernel
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: A malicious application may be able to cause unexpected
system termination or read kernel memory
Description: An out of bounds memory access issue existed in the
kernel. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-1100 : Maxime Villard of m00nbsd
Kernel
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A memory corruption issue existed in the kernel. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-1101 : lokihardt@ASRT working with HP's Zero Day Initiative
Secure Transport
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: An attacker with a privileged network position may intercept
SSL/TLS connections
Description: Secure Transport accepted short ephemeral RSA keys,
usually used only in export-strength RSA cipher suites, on
connections using full-strength RSA cipher suites. This issue, also
known as FREAK, only affected connections to servers which support
export-strength RSA cipher suites, and was addressed by removing
support for ephemeral RSA keys.
CVE-ID
CVE-2015-1067 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine
Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of
Prosecco at Inria Paris
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/en-us/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJVW38oAAoJEBcWfLTuOo7tXpIP/3v/tqCIVXg28xQpAK2vRVtw
S3clbM17RBsJ1b239DmGUdRNNCVimQCHk1dQ4M3szrXx73VjWroh1hSq2+hObL65
FGa4jYbns7OGbTr9YZW/fScJ9mnAuG1nDHcNLL8W2DyFuxNEJsCB668QPdTTMOoO
Xpx8jZUZyXIyX2V3Ch1qasXsSV0IwSA5GPg5IFFFuaNXGC62AXx49UmFTtjBCs4w
bvTRPKKBowuP80zmIaxlWpGXhTIe8TwjCDGSejk5kdddcqjXe1yzA1UPM+uBTHZK
7xOX55CctqT2LkO4ND6EWaaPUozDJtEoUf+pFjnJmZxNd6BHPx86KbkUw3lcBXso
xZplhgaFlaA4UTxMLFJONId0DYtyXH7CLOYW9BKjyzMMo0YZHdt/2CQ1HQKfzQ9m
bT+MT/wdFcgCjr90GLG9OFLCwf5h8bAHRtpvhWrV78ek6V92GuwjZUA8x18avNQO
1th8l49j+JN+OcVv0bvmxVSQpFurTfVRAxZ9lTq4VDdqZanwbvP6INOB8wxhKNbK
8phc4Amh8TwFf2esdmMWawWWAqxXL1+2D+MWxR+C8Hm4CWyxYvKhvHacM20IDTfF
6exVyn4D9FhnT16ggkF6qH9vOOrQk3msHmxdC3fdE4dRhR8W7xRbuNEMXn3CyP6f
ssKTqTcaARrUZzOjyx2Z
=HMct
-----END PGP SIGNATURE-----
.
CVE-ID
CVE-2015-1063 : Roman Digerberg, Sweden
iCloud Keychain
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may be able
to execute arbitrary code
Description: Multiple buffer overflows existed in the handling of
data during iCloud Keychain recovery.
CVE-ID
CVE-2015-1061 : Ian Beer of Google Project Zero
MobileStorageMounter
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to create folders in
trusted locations in the file system
Description: An issue existed in the developer disk mounting logic
which resulted in invalid disk image folders not being deleted.
CVE-ID
CVE-2015-1067 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine
Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of
Prosecco at Inria Paris
Springboard
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to the device may be able to
see the home screen of the device even if the device is not activated
Description: An unexpected application termination during activation
could have caused the device to show the home screen.
CVE-ID
CVE-2015-1064
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "8.2".
CVE-ID
CVE-2015-1061 : Ian Beer of Google Project Zero
Kernel
Available for: OS X Yosemite v10.10.2
Impact: Maliciously crafted or compromised applications may be able
to determine addresses in the kernel
Description: The mach_port_kobject kernel interface leaked kernel
addresses and heap permutation value, which may aid in bypassing
address space layout randomization protection
| VAR-201503-0017 | CVE-2015-1595 | SPCanywhere Information Disclosure Vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
The Siemens SPCanywhere application for Android and iOS does not use encryption during lookups of system ID to IP address mappings, which allows man-in-the-middle attackers to discover alarm IP addresses and spoof servers by intercepting the client-server data stream. SPCanywhere is a mobile app. The Siemens SPC intrusion alarm system can be accessed remotely via a mobile phone. SPCanywhere has an information disclosure vulnerability that allows an attacker to exploit a vulnerability to obtain sensitive information. SPCanywhere is prone to an information-disclosure vulnerability. A security vulnerability exists in the Siemens SPCanywhere application based on the Android and iOS platforms
| VAR-201503-0018 | CVE-2015-1596 | SPCanywhere SSL Certificate Verification Security Restriction Bypass Vulnerability |
CVSS V2: 5.8 CVSS V3: - Severity: MEDIUM |
The Siemens SPCanywhere application for Android and iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. SPCanywhere is a mobile app that provides remote access to the Siemens SPC intrusion alarm system via a mobile phone. SPCanywhere has an SSL certificate verification security limit bypass vulnerability that is caused by an application failing to properly validate an SSL certificate. Allows an attacker to conduct a man-in-the-middle attack, or pretend to be a trusted server, initiating further attack assistance. There is a security vulnerability in the Siemens SPCanywhere application based on Android and iOS platforms
| VAR-201503-0020 | CVE-2015-1598 | SPCanywhere Local Information Disclosure Vulnerability |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
The Siemens SPCanywhere application for Android does not properly store application passwords, which allows physically proximate attackers to obtain sensitive information by examining the device filesystem. SPCanywhere is a mobile app. The Siemens SPC intrusion alarm system can be accessed remotely via a mobile phone. SPCanywhere has a local information disclosure vulnerability that allows an attacker to exploit a vulnerability to obtain sensitive information. SPCanywhere is prone to local information-disclosure vulnerability. Information obtained may lead to further attacks. The vulnerability stems from the program not storing the application password correctly
| VAR-201503-0021 | CVE-2015-1599 | SPCanywhere Authentication Bypass Vulnerability |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
The Siemens SPCanywhere application for iOS allows physically proximate attackers to bypass intended access restrictions by leveraging a filesystem architectural error. SPCanywhere is a mobile app. The Siemens SPC intrusion alarm system can be accessed remotely via a mobile phone. SPCanywhere has an authentication bypass vulnerability that allows an attacker to bypass certain security restrictions and perform unauthorized operations. Siemens SPCanywhere is prone to an authentication-bypass vulnerability. A security vulnerability exists in the Siemens SPCanywhere application based on the iOS platform
| VAR-201503-0009 | CVE-2014-9369 | Multiple products Siemens SPC Service disruption in the controller (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Siemens SPC controllers SPC4000, SPC5000, and SPC6000 before 3.6.0 allow remote attackers to cause a denial of service (device restart) via crafted packets. The Siemens SPC controller is a controller device from Siemens
| VAR-201503-0239 | CVE-2015-2177 |
Siemens SIMATIC S7-300 CPU Service disruption on devices (DoS) Vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-201805-0048 |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Siemens SIMATIC S7-300 CPU devices allow remote attackers to cause a denial of service (defect-mode transition) via crafted packets on (1) TCP port 102 or (2) Profibus. Siemens SIMATIC is an automation software in a single engineering environment. The Siemens SIMATIC S7-300 fails to correctly handle the messages sent by the user via Proibus to Port 102/TCP (ISO-TSAP), allowing the attacker to exploit the vulnerability to crash the application. Siemens SIMATIC S7-300 is prone to a denial-of-service vulnerability.
Remote attackers may exploit this issue to cause denial-of-service conditions, denying service to legitimate users. Siemens SIMATIC S7-300 CPU is a modular general-purpose controller used in the manufacturing industry by Siemens of Germany. A security vulnerability exists in Siemens SIMATIC S7-300 CPU devices
| VAR-201503-0113 | CVE-2015-0598 | Cisco IOS and IOS XE of RADIUS Service disruption in implementations (DoS) Vulnerabilities |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
The RADIUS implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted IPv6 Attributes in Access-Accept packets, aka Bug IDs CSCur84322 and CSCur27693. Vendors have confirmed this vulnerability Bug ID CSCur84322 ,and CSCur27693 It is released as. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. http://cwe.mitre.org/data/definitions/19.htmlSkillfully crafted by a third party Access-Accept Packet IPv6 Service disruption through the attributes of ( Device reload ) There is a possibility of being put into a state. Both Cisco IOS and IOS-XE are operating systems developed by Cisco for its network devices.
Successful exploits may allow attackers to cause denial-of-service condition, denying service to legitimate users.
This issue is being tracked by Cisco Bug IDs CSCur84322 and CSCur27693
| VAR-201503-0161 | CVE-2015-0657 | Cisco IOS XR Service disruption in (DoS) Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCur69192. Cisco IOS XR is a fully modular, distributed network operating system from Cisco's IOS software family.
This issue is being tracked by Cisco Bug ID CSCur69192
| VAR-201503-0163 | CVE-2015-0659 | Cisco IOS of Autonomic Networking Infrastructure Vulnerabilities triggered by self-reference adjacency in implementations |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS allows remote attackers to trigger self-referential adjacencies via a crafted Autonomic Networking (AN) message, aka Bug ID CSCup62157. Cisco IOS is an operating system developed by Cisco Systems for its network devices.
An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions.
This issue is being tracked by Cisco Bug ID CSCup62157
| VAR-201503-0165 | CVE-2015-0661 | Cisco IOS XR of SNMPv2 Service disruption in implementations (DoS) Vulnerabilities |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
The SNMPv2 implementation in Cisco IOS XR allows remote authenticated users to cause a denial of service (snmpd daemon reload) via a malformed SNMP packet, aka Bug ID CSCur25858. Cisco IOS XR is a fully modular, distributed network operating system from Cisco's IOS software family. A security vulnerability exists in the Cisco Network IOS XR Simple Network Management Protocol version 2 (SNMPv2) process.
Attackers can exploit this issue to cause the snmpd process on the affected device to reload, denying service to legitimate users.
This issue is being tracked by Cisco Bug ID CSCur25858
| VAR-201503-0327 | CVE-2014-7895 | HP Point of Sale PCs Running Windows With OPOS Drivers Arbitrary Code Execution Vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSCashDrawer.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, Value Serial/USB Receipt printers, and USB Standard Duty cash drawers, aka ZDI-CAN-2505. Windows for HP Point of Sale Run on product OLE Point of Sale (OPOS) The driver contains a vulnerability that allows arbitrary code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the Open method in OPOSCashDrawer.ocx. By supplying an overly long string to this method, an attacker can exploit this condition to achieve code execution under the context of the browser process.
Attackers can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts may result in a denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04583185
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04583185
Version: 2
HPSBHF03279 rev.2 - HP Point of Sale PCs Running Windows with OPOS Drivers,
Remote Execution of Code
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible. These
vulnerabilities could be remotely exploited resulting in execution of code.
References:
CVE-2014-7888 (ZDI-CAN-2512, SSRT101696)
CVE-2014-7889 (ZDI-CAN-2511, SSRT101695)
CVE-2014-7890 (ZDI-CAN-2510, SSRT101694)
CVE-2014-7891 (ZDI-CAN-2509, SSRT101693)
CVE-2014-7892 (ZDI-CAN-2508, SSRT101692)
CVE-2014-7893 (ZDI-CAN-2507, SSRT101691)
CVE-2014-7894 (ZDI-CAN-2506, SSRT101690)
CVE-2014-7895 (ZDI-CAN-2505, SSRT101689)
CVE-2014-7897 (SSRT101689)
CVE-2014-7898 (SSRT101689)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
The package contains update common control objects for all of the impacted
products in the table below.
Download the SP70564 from the Support and Drivers site for the impacted
product.
Go to http://www.hp.com :
Chose Support then Download Drivers
Enter in your POS system name, such as product name HP rp5800 Retail System
then click on Go.
Choose the Appropriate OS after selecting the link for the appropriate
product.
The latest drivers will be in the Software - POS section.
Download the OPOS Common Control Objects v1.13.003 Softpaq.
HP Product Description
Prod Num
CVE Number, Impacted Driver
Monitors
HP Retail RP7 VFD Customer Display
QZ701AA / AT
CVE-2014-7889
OPOSLineDisplay.ocx
HP Retail Integrated 2x20 Display
G6U79AA / AT
CVE-2014-7889
OPOSLineDisplay.ocx
HP Retail Integrated 2x20 Complex
G7G29AA / AT
CVE-2014-7889
OPOSLineDisplay.ocx
Printers
HP PUSB Thermal Receipt Printer ALL
FK224AA / AT
CVE-2014-7895
OPOSCashDrawer.ocx
CVE-2014-7894
OPOSPOSPrinter.ocx
CVE-2014-7888
OPOSMICR.ocx
CVE-2014-7893
OPOSCheckScanner.ocx
HP SerialUSB Thermal Receipt Printer
BM476AA / AT
CVE-2014-7895
OPOSCashDrawer.ocx
CVE-2014-7894
OPOSPOSPrinter.ocx
CVE-2014-7888
OPOSMICR.ocx
CVE-2014-7893
OPOSCheckScanner.ocx
HP Hybrid POS Printer with MICR US
FK184AA / AT
CVE-2014-7895
OPOSCashDrawer.ocx
CVE-2014-7894
OPOSPOSPrinter.ocx
CVE-2014-7888
OPOSMICR.ocx
CVE-2014-7893
OPOSCheckScanner.ocx
HP Value PUSB Receipt Printer
F7M67AA / AT
CVE-2014-7895
OPOSCashDrawer.ocx
CVE-2014-7894
OPOSPOSPrinter.ocx
CVE-2014-7888
OPOSMICR.ocx
CVE-2014-7893
OPOSCheckScanner.ocx
HP Value Serial/USB Receipt Printer ALL
F7M66AA / AT
CVE-2014-7895
OPOSCashDrawer.ocx
CVE-2014-7894
OPOSPOSPrinter.ocx
CVE-2014-7888
OPOSMICR.ocx
CVE-2014-7893
OPOSCheckScanner.ocx
Cash Drawers
HP USB Standard Duty Cash Drawer
E8E45AA / AT
CVE-2014-7895
OPOSCashDrawer.ocx
MSR
HP Mini MSR
FK186AA / AT
CVE-2014-7892
OPOSMSR.ocx
HP Retail Integrated Dual-Head MSR
QZ673AA / AT
CVE-2014-7892
OPOSMSR.ocx
HP Integrated Single Head MSR w/o SRED
J1A33AA / AT
CVE-2014-7892
OPOSMSR.ocx
HP Integrated Single Head w/o MSR SRED
J1A34AA / AT
CVE-2014-7892
OPOSMSR.ocx
HP RP7 Single Head MSR w/o SRED
K1K15AA/AT
CVE-2014-7892
OPOSMSR.ocx
Keyboards
HP POS Keyboard
FK221AA / AT
CVE-2014-7891
OPOSPOSKeyboard.ocx
CVE-2014-7892
OPOSMSR.ocx
CVE-2014-7890
OPOSToneIndicator.ocx
HP POS Keyboard with MSR
FK218AA / AT
CVE-2014-7891
OPOSPOSKeyboard.ocx
CVE-2014-7892
OPOSMSR.ocx
CVE-2014-7890
OPOSToneIndicator.ocx
Pole Displays
POS Pole Display
FK225AA / AT
CVE-2014-7889
OPOSLineDisplay.ocx
HP Graphical POS Pole Display
QZ704AA / AT
CVE-2014-7889
OPOSLineDisplay.ocx
HP LCD Pole Display
F7A93AA / AT
CVE-2014-7889
OPOSLineDisplay.ocx
Scanners
HP Imaging Barcode Scanner
BW868AA / AT
CVE-2014-7897
OPOSScanner.ocx
HP Linear Barcode Scanner
QY405AA / AT
CVE-2014-7897
OPOSScanner.ocx
HP Presentation Barcode Scanner
QY439AA / AT
CVE-2014-7897
OPOSScanner.ocx
HP Retail Integrated Barcode Scanner
E1L07AA / AT
CVE-2014-7897
OPOSScanner.ocx
HP Wireless Barcode Scanner
E6P34AA / AT
CVE-2014-7897
OPOSScanner.ocx
HP 2D Value Wireless Scanner
K3L28AA
CVE-2014-7897
OPOSScanner.ocx
HISTORY
Version:1 (rev.1) - 4 March 2015 Initial release
Version:2 (rev.2) - 20 March 2015 Corrected and clarified download
instructions
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
iEYEARECAAYFAlUMUjIACgkQ4B86/C0qfVkuCwCcC+h95jOOyvg4mWsqhdPSXYbV
9wEAniU7Opjr4sXaxMR+P0nqd3A6n+Zu
=CQuO
-----END PGP SIGNATURE-----
| VAR-201503-0320 | CVE-2014-7888 | HP Point of Sale PCs Running Windows With OPOS Drivers Arbitrary Code Execution Vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSMICR.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, and Value Serial/USB Receipt printers, aka ZDI-CAN-2512. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the Open method in OPOSMICR.ocx. By supplying an overly long string to this method, an attacker can exploit this condition to achieve code execution under the context of the browser process.
Attackers can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts may result in a denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04583185
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04583185
Version: 2
HPSBHF03279 rev.2 - HP Point of Sale PCs Running Windows with OPOS Drivers,
Remote Execution of Code
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible. These
vulnerabilities could be remotely exploited resulting in execution of code.
References:
CVE-2014-7888 (ZDI-CAN-2512, SSRT101696)
CVE-2014-7889 (ZDI-CAN-2511, SSRT101695)
CVE-2014-7890 (ZDI-CAN-2510, SSRT101694)
CVE-2014-7891 (ZDI-CAN-2509, SSRT101693)
CVE-2014-7892 (ZDI-CAN-2508, SSRT101692)
CVE-2014-7893 (ZDI-CAN-2507, SSRT101691)
CVE-2014-7894 (ZDI-CAN-2506, SSRT101690)
CVE-2014-7895 (ZDI-CAN-2505, SSRT101689)
CVE-2014-7897 (SSRT101689)
CVE-2014-7898 (SSRT101689)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
The package contains update common control objects for all of the impacted
products in the table below.
Download the SP70564 from the Support and Drivers site for the impacted
product.
Go to http://www.hp.com :
Chose Support then Download Drivers
Enter in your POS system name, such as product name HP rp5800 Retail System
then click on Go.
Choose the Appropriate OS after selecting the link for the appropriate
product.
The latest drivers will be in the Software - POS section.
Download the OPOS Common Control Objects v1.13.003 Softpaq.
HP Product Description
Prod Num
CVE Number, Impacted Driver
Monitors
HP Retail RP7 VFD Customer Display
QZ701AA / AT
CVE-2014-7889
OPOSLineDisplay.ocx
HP Retail Integrated 2x20 Display
G6U79AA / AT
CVE-2014-7889
OPOSLineDisplay.ocx
HP Retail Integrated 2x20 Complex
G7G29AA / AT
CVE-2014-7889
OPOSLineDisplay.ocx
Printers
HP PUSB Thermal Receipt Printer ALL
FK224AA / AT
CVE-2014-7895
OPOSCashDrawer.ocx
CVE-2014-7894
OPOSPOSPrinter.ocx
CVE-2014-7888
OPOSMICR.ocx
CVE-2014-7893
OPOSCheckScanner.ocx
HP SerialUSB Thermal Receipt Printer
BM476AA / AT
CVE-2014-7895
OPOSCashDrawer.ocx
CVE-2014-7894
OPOSPOSPrinter.ocx
CVE-2014-7888
OPOSMICR.ocx
CVE-2014-7893
OPOSCheckScanner.ocx
HP Hybrid POS Printer with MICR US
FK184AA / AT
CVE-2014-7895
OPOSCashDrawer.ocx
CVE-2014-7894
OPOSPOSPrinter.ocx
CVE-2014-7888
OPOSMICR.ocx
CVE-2014-7893
OPOSCheckScanner.ocx
HP Value PUSB Receipt Printer
F7M67AA / AT
CVE-2014-7895
OPOSCashDrawer.ocx
CVE-2014-7894
OPOSPOSPrinter.ocx
CVE-2014-7888
OPOSMICR.ocx
CVE-2014-7893
OPOSCheckScanner.ocx
HP Value Serial/USB Receipt Printer ALL
F7M66AA / AT
CVE-2014-7895
OPOSCashDrawer.ocx
CVE-2014-7894
OPOSPOSPrinter.ocx
CVE-2014-7888
OPOSMICR.ocx
CVE-2014-7893
OPOSCheckScanner.ocx
Cash Drawers
HP USB Standard Duty Cash Drawer
E8E45AA / AT
CVE-2014-7895
OPOSCashDrawer.ocx
MSR
HP Mini MSR
FK186AA / AT
CVE-2014-7892
OPOSMSR.ocx
HP Retail Integrated Dual-Head MSR
QZ673AA / AT
CVE-2014-7892
OPOSMSR.ocx
HP Integrated Single Head MSR w/o SRED
J1A33AA / AT
CVE-2014-7892
OPOSMSR.ocx
HP Integrated Single Head w/o MSR SRED
J1A34AA / AT
CVE-2014-7892
OPOSMSR.ocx
HP RP7 Single Head MSR w/o SRED
K1K15AA/AT
CVE-2014-7892
OPOSMSR.ocx
Keyboards
HP POS Keyboard
FK221AA / AT
CVE-2014-7891
OPOSPOSKeyboard.ocx
CVE-2014-7892
OPOSMSR.ocx
CVE-2014-7890
OPOSToneIndicator.ocx
HP POS Keyboard with MSR
FK218AA / AT
CVE-2014-7891
OPOSPOSKeyboard.ocx
CVE-2014-7892
OPOSMSR.ocx
CVE-2014-7890
OPOSToneIndicator.ocx
Pole Displays
POS Pole Display
FK225AA / AT
CVE-2014-7889
OPOSLineDisplay.ocx
HP Graphical POS Pole Display
QZ704AA / AT
CVE-2014-7889
OPOSLineDisplay.ocx
HP LCD Pole Display
F7A93AA / AT
CVE-2014-7889
OPOSLineDisplay.ocx
Scanners
HP Imaging Barcode Scanner
BW868AA / AT
CVE-2014-7897
OPOSScanner.ocx
HP Linear Barcode Scanner
QY405AA / AT
CVE-2014-7897
OPOSScanner.ocx
HP Presentation Barcode Scanner
QY439AA / AT
CVE-2014-7897
OPOSScanner.ocx
HP Retail Integrated Barcode Scanner
E1L07AA / AT
CVE-2014-7897
OPOSScanner.ocx
HP Wireless Barcode Scanner
E6P34AA / AT
CVE-2014-7897
OPOSScanner.ocx
HP 2D Value Wireless Scanner
K3L28AA
CVE-2014-7897
OPOSScanner.ocx
HISTORY
Version:1 (rev.1) - 4 March 2015 Initial release
Version:2 (rev.2) - 20 March 2015 Corrected and clarified download
instructions
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
iEYEARECAAYFAlUMUjIACgkQ4B86/C0qfVkuCwCcC+h95jOOyvg4mWsqhdPSXYbV
9wEAniU7Opjr4sXaxMR+P0nqd3A6n+Zu
=CQuO
-----END PGP SIGNATURE-----
| VAR-201503-0325 | CVE-2014-7893 | HP Point of Sale PCs Running Windows With OPOS Drivers Arbitrary Code Execution Vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSCheckScanner.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, and Value Serial/USB Receipt printers, aka ZDI-CAN-2507. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the Open method in OPOSCheckScanner.ocx. By supplying an overly long string to this method, an attacker can exploit this condition to achieve code execution under the context of the browser process.
Attackers can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts may result in a denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04583185
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04583185
Version: 2
HPSBHF03279 rev.2 - HP Point of Sale PCs Running Windows with OPOS Drivers,
Remote Execution of Code
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible. These
vulnerabilities could be remotely exploited resulting in execution of code.
References:
CVE-2014-7888 (ZDI-CAN-2512, SSRT101696)
CVE-2014-7889 (ZDI-CAN-2511, SSRT101695)
CVE-2014-7890 (ZDI-CAN-2510, SSRT101694)
CVE-2014-7891 (ZDI-CAN-2509, SSRT101693)
CVE-2014-7892 (ZDI-CAN-2508, SSRT101692)
CVE-2014-7893 (ZDI-CAN-2507, SSRT101691)
CVE-2014-7894 (ZDI-CAN-2506, SSRT101690)
CVE-2014-7895 (ZDI-CAN-2505, SSRT101689)
CVE-2014-7897 (SSRT101689)
CVE-2014-7898 (SSRT101689)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
The package contains update common control objects for all of the impacted
products in the table below.
Download the SP70564 from the Support and Drivers site for the impacted
product.
Go to http://www.hp.com :
Chose Support then Download Drivers
Enter in your POS system name, such as product name HP rp5800 Retail System
then click on Go.
Choose the Appropriate OS after selecting the link for the appropriate
product.
The latest drivers will be in the Software - POS section.
Download the OPOS Common Control Objects v1.13.003 Softpaq.
HP Product Description
Prod Num
CVE Number, Impacted Driver
Monitors
HP Retail RP7 VFD Customer Display
QZ701AA / AT
CVE-2014-7889
OPOSLineDisplay.ocx
HP Retail Integrated 2x20 Display
G6U79AA / AT
CVE-2014-7889
OPOSLineDisplay.ocx
HP Retail Integrated 2x20 Complex
G7G29AA / AT
CVE-2014-7889
OPOSLineDisplay.ocx
Printers
HP PUSB Thermal Receipt Printer ALL
FK224AA / AT
CVE-2014-7895
OPOSCashDrawer.ocx
CVE-2014-7894
OPOSPOSPrinter.ocx
CVE-2014-7888
OPOSMICR.ocx
CVE-2014-7893
OPOSCheckScanner.ocx
HP SerialUSB Thermal Receipt Printer
BM476AA / AT
CVE-2014-7895
OPOSCashDrawer.ocx
CVE-2014-7894
OPOSPOSPrinter.ocx
CVE-2014-7888
OPOSMICR.ocx
CVE-2014-7893
OPOSCheckScanner.ocx
HP Hybrid POS Printer with MICR US
FK184AA / AT
CVE-2014-7895
OPOSCashDrawer.ocx
CVE-2014-7894
OPOSPOSPrinter.ocx
CVE-2014-7888
OPOSMICR.ocx
CVE-2014-7893
OPOSCheckScanner.ocx
HP Value PUSB Receipt Printer
F7M67AA / AT
CVE-2014-7895
OPOSCashDrawer.ocx
CVE-2014-7894
OPOSPOSPrinter.ocx
CVE-2014-7888
OPOSMICR.ocx
CVE-2014-7893
OPOSCheckScanner.ocx
HP Value Serial/USB Receipt Printer ALL
F7M66AA / AT
CVE-2014-7895
OPOSCashDrawer.ocx
CVE-2014-7894
OPOSPOSPrinter.ocx
CVE-2014-7888
OPOSMICR.ocx
CVE-2014-7893
OPOSCheckScanner.ocx
Cash Drawers
HP USB Standard Duty Cash Drawer
E8E45AA / AT
CVE-2014-7895
OPOSCashDrawer.ocx
MSR
HP Mini MSR
FK186AA / AT
CVE-2014-7892
OPOSMSR.ocx
HP Retail Integrated Dual-Head MSR
QZ673AA / AT
CVE-2014-7892
OPOSMSR.ocx
HP Integrated Single Head MSR w/o SRED
J1A33AA / AT
CVE-2014-7892
OPOSMSR.ocx
HP Integrated Single Head w/o MSR SRED
J1A34AA / AT
CVE-2014-7892
OPOSMSR.ocx
HP RP7 Single Head MSR w/o SRED
K1K15AA/AT
CVE-2014-7892
OPOSMSR.ocx
Keyboards
HP POS Keyboard
FK221AA / AT
CVE-2014-7891
OPOSPOSKeyboard.ocx
CVE-2014-7892
OPOSMSR.ocx
CVE-2014-7890
OPOSToneIndicator.ocx
HP POS Keyboard with MSR
FK218AA / AT
CVE-2014-7891
OPOSPOSKeyboard.ocx
CVE-2014-7892
OPOSMSR.ocx
CVE-2014-7890
OPOSToneIndicator.ocx
Pole Displays
POS Pole Display
FK225AA / AT
CVE-2014-7889
OPOSLineDisplay.ocx
HP Graphical POS Pole Display
QZ704AA / AT
CVE-2014-7889
OPOSLineDisplay.ocx
HP LCD Pole Display
F7A93AA / AT
CVE-2014-7889
OPOSLineDisplay.ocx
Scanners
HP Imaging Barcode Scanner
BW868AA / AT
CVE-2014-7897
OPOSScanner.ocx
HP Linear Barcode Scanner
QY405AA / AT
CVE-2014-7897
OPOSScanner.ocx
HP Presentation Barcode Scanner
QY439AA / AT
CVE-2014-7897
OPOSScanner.ocx
HP Retail Integrated Barcode Scanner
E1L07AA / AT
CVE-2014-7897
OPOSScanner.ocx
HP Wireless Barcode Scanner
E6P34AA / AT
CVE-2014-7897
OPOSScanner.ocx
HP 2D Value Wireless Scanner
K3L28AA
CVE-2014-7897
OPOSScanner.ocx
HISTORY
Version:1 (rev.1) - 4 March 2015 Initial release
Version:2 (rev.2) - 20 March 2015 Corrected and clarified download
instructions
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
iEYEARECAAYFAlUMUjIACgkQ4B86/C0qfVkuCwCcC+h95jOOyvg4mWsqhdPSXYbV
9wEAniU7Opjr4sXaxMR+P0nqd3A6n+Zu
=CQuO
-----END PGP SIGNATURE-----
| VAR-201503-0329 | CVE-2014-7897 | HP Point of Sale PCs Running Windows With OPOS Drivers Arbitrary Code Execution Vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSScanner.ocx for Imaging Barcode scanners, Linear Barcode scanners, Presentation Barcode scanners, Retail Integrated Barcode scanners, Wireless Barcode scanners, and 2D Value Wireless scanners. HP Point of Sale PCs running Windows with OPOS Drivers are prone to multiple arbitrary code-execution vulnerabilities.
Attackers can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts may result in a denial-of-service condition.
HP Point of Sale PCs running OPOS drivers prior to 1.13.003 are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04583185
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04583185
Version: 2
HPSBHF03279 rev.2 - HP Point of Sale PCs Running Windows with OPOS Drivers,
Remote Execution of Code
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible. These
vulnerabilities could be remotely exploited resulting in execution of code.
References:
CVE-2014-7888 (ZDI-CAN-2512, SSRT101696)
CVE-2014-7889 (ZDI-CAN-2511, SSRT101695)
CVE-2014-7890 (ZDI-CAN-2510, SSRT101694)
CVE-2014-7891 (ZDI-CAN-2509, SSRT101693)
CVE-2014-7892 (ZDI-CAN-2508, SSRT101692)
CVE-2014-7893 (ZDI-CAN-2507, SSRT101691)
CVE-2014-7894 (ZDI-CAN-2506, SSRT101690)
CVE-2014-7895 (ZDI-CAN-2505, SSRT101689)
CVE-2014-7897 (SSRT101689)
CVE-2014-7898 (SSRT101689)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
The package contains update common control objects for all of the impacted
products in the table below.
Download the SP70564 from the Support and Drivers site for the impacted
product.
Go to http://www.hp.com :
Chose Support then Download Drivers
Enter in your POS system name, such as product name HP rp5800 Retail System
then click on Go.
Choose the Appropriate OS after selecting the link for the appropriate
product.
The latest drivers will be in the Software - POS section.
Download the OPOS Common Control Objects v1.13.003 Softpaq.
HP Product Description
Prod Num
CVE Number, Impacted Driver
Monitors
HP Retail RP7 VFD Customer Display
QZ701AA / AT
CVE-2014-7889
OPOSLineDisplay.ocx
HP Retail Integrated 2x20 Display
G6U79AA / AT
CVE-2014-7889
OPOSLineDisplay.ocx
HP Retail Integrated 2x20 Complex
G7G29AA / AT
CVE-2014-7889
OPOSLineDisplay.ocx
Printers
HP PUSB Thermal Receipt Printer ALL
FK224AA / AT
CVE-2014-7895
OPOSCashDrawer.ocx
CVE-2014-7894
OPOSPOSPrinter.ocx
CVE-2014-7888
OPOSMICR.ocx
CVE-2014-7893
OPOSCheckScanner.ocx
HP SerialUSB Thermal Receipt Printer
BM476AA / AT
CVE-2014-7895
OPOSCashDrawer.ocx
CVE-2014-7894
OPOSPOSPrinter.ocx
CVE-2014-7888
OPOSMICR.ocx
CVE-2014-7893
OPOSCheckScanner.ocx
HP Hybrid POS Printer with MICR US
FK184AA / AT
CVE-2014-7895
OPOSCashDrawer.ocx
CVE-2014-7894
OPOSPOSPrinter.ocx
CVE-2014-7888
OPOSMICR.ocx
CVE-2014-7893
OPOSCheckScanner.ocx
HP Value PUSB Receipt Printer
F7M67AA / AT
CVE-2014-7895
OPOSCashDrawer.ocx
CVE-2014-7894
OPOSPOSPrinter.ocx
CVE-2014-7888
OPOSMICR.ocx
CVE-2014-7893
OPOSCheckScanner.ocx
HP Value Serial/USB Receipt Printer ALL
F7M66AA / AT
CVE-2014-7895
OPOSCashDrawer.ocx
CVE-2014-7894
OPOSPOSPrinter.ocx
CVE-2014-7888
OPOSMICR.ocx
CVE-2014-7893
OPOSCheckScanner.ocx
Cash Drawers
HP USB Standard Duty Cash Drawer
E8E45AA / AT
CVE-2014-7895
OPOSCashDrawer.ocx
MSR
HP Mini MSR
FK186AA / AT
CVE-2014-7892
OPOSMSR.ocx
HP Retail Integrated Dual-Head MSR
QZ673AA / AT
CVE-2014-7892
OPOSMSR.ocx
HP Integrated Single Head MSR w/o SRED
J1A33AA / AT
CVE-2014-7892
OPOSMSR.ocx
HP Integrated Single Head w/o MSR SRED
J1A34AA / AT
CVE-2014-7892
OPOSMSR.ocx
HP RP7 Single Head MSR w/o SRED
K1K15AA/AT
CVE-2014-7892
OPOSMSR.ocx
Keyboards
HP POS Keyboard
FK221AA / AT
CVE-2014-7891
OPOSPOSKeyboard.ocx
CVE-2014-7892
OPOSMSR.ocx
CVE-2014-7890
OPOSToneIndicator.ocx
HP POS Keyboard with MSR
FK218AA / AT
CVE-2014-7891
OPOSPOSKeyboard.ocx
CVE-2014-7892
OPOSMSR.ocx
CVE-2014-7890
OPOSToneIndicator.ocx
Pole Displays
POS Pole Display
FK225AA / AT
CVE-2014-7889
OPOSLineDisplay.ocx
HP Graphical POS Pole Display
QZ704AA / AT
CVE-2014-7889
OPOSLineDisplay.ocx
HP LCD Pole Display
F7A93AA / AT
CVE-2014-7889
OPOSLineDisplay.ocx
Scanners
HP Imaging Barcode Scanner
BW868AA / AT
CVE-2014-7897
OPOSScanner.ocx
HP Linear Barcode Scanner
QY405AA / AT
CVE-2014-7897
OPOSScanner.ocx
HP Presentation Barcode Scanner
QY439AA / AT
CVE-2014-7897
OPOSScanner.ocx
HP Retail Integrated Barcode Scanner
E1L07AA / AT
CVE-2014-7897
OPOSScanner.ocx
HP Wireless Barcode Scanner
E6P34AA / AT
CVE-2014-7897
OPOSScanner.ocx
HP 2D Value Wireless Scanner
K3L28AA
CVE-2014-7897
OPOSScanner.ocx
HISTORY
Version:1 (rev.1) - 4 March 2015 Initial release
Version:2 (rev.2) - 20 March 2015 Corrected and clarified download
instructions
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
iEYEARECAAYFAlUMUjIACgkQ4B86/C0qfVkuCwCcC+h95jOOyvg4mWsqhdPSXYbV
9wEAniU7Opjr4sXaxMR+P0nqd3A6n+Zu
=CQuO
-----END PGP SIGNATURE-----
| VAR-201503-0326 | CVE-2014-7894 | HP Point of Sale PCs Running Windows With OPOS Drivers Arbitrary Code Execution Vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSPOSPrinter.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, and Value Serial/USB Receipt printers, aka ZDI-CAN-2506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the Open method in OPOSPOSPrinter.ocx. By supplying an overly long string to this method, an attacker can exploit this condition to achieve code execution under the context of the browser process.
Attackers can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts may result in a denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04583185
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04583185
Version: 2
HPSBHF03279 rev.2 - HP Point of Sale PCs Running Windows with OPOS Drivers,
Remote Execution of Code
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible. These
vulnerabilities could be remotely exploited resulting in execution of code.
References:
CVE-2014-7888 (ZDI-CAN-2512, SSRT101696)
CVE-2014-7889 (ZDI-CAN-2511, SSRT101695)
CVE-2014-7890 (ZDI-CAN-2510, SSRT101694)
CVE-2014-7891 (ZDI-CAN-2509, SSRT101693)
CVE-2014-7892 (ZDI-CAN-2508, SSRT101692)
CVE-2014-7893 (ZDI-CAN-2507, SSRT101691)
CVE-2014-7894 (ZDI-CAN-2506, SSRT101690)
CVE-2014-7895 (ZDI-CAN-2505, SSRT101689)
CVE-2014-7897 (SSRT101689)
CVE-2014-7898 (SSRT101689)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
The package contains update common control objects for all of the impacted
products in the table below.
Download the SP70564 from the Support and Drivers site for the impacted
product.
Go to http://www.hp.com :
Chose Support then Download Drivers
Enter in your POS system name, such as product name HP rp5800 Retail System
then click on Go.
Choose the Appropriate OS after selecting the link for the appropriate
product.
The latest drivers will be in the Software - POS section.
Download the OPOS Common Control Objects v1.13.003 Softpaq.
HP Product Description
Prod Num
CVE Number, Impacted Driver
Monitors
HP Retail RP7 VFD Customer Display
QZ701AA / AT
CVE-2014-7889
OPOSLineDisplay.ocx
HP Retail Integrated 2x20 Display
G6U79AA / AT
CVE-2014-7889
OPOSLineDisplay.ocx
HP Retail Integrated 2x20 Complex
G7G29AA / AT
CVE-2014-7889
OPOSLineDisplay.ocx
Printers
HP PUSB Thermal Receipt Printer ALL
FK224AA / AT
CVE-2014-7895
OPOSCashDrawer.ocx
CVE-2014-7894
OPOSPOSPrinter.ocx
CVE-2014-7888
OPOSMICR.ocx
CVE-2014-7893
OPOSCheckScanner.ocx
HP SerialUSB Thermal Receipt Printer
BM476AA / AT
CVE-2014-7895
OPOSCashDrawer.ocx
CVE-2014-7894
OPOSPOSPrinter.ocx
CVE-2014-7888
OPOSMICR.ocx
CVE-2014-7893
OPOSCheckScanner.ocx
HP Hybrid POS Printer with MICR US
FK184AA / AT
CVE-2014-7895
OPOSCashDrawer.ocx
CVE-2014-7894
OPOSPOSPrinter.ocx
CVE-2014-7888
OPOSMICR.ocx
CVE-2014-7893
OPOSCheckScanner.ocx
HP Value PUSB Receipt Printer
F7M67AA / AT
CVE-2014-7895
OPOSCashDrawer.ocx
CVE-2014-7894
OPOSPOSPrinter.ocx
CVE-2014-7888
OPOSMICR.ocx
CVE-2014-7893
OPOSCheckScanner.ocx
HP Value Serial/USB Receipt Printer ALL
F7M66AA / AT
CVE-2014-7895
OPOSCashDrawer.ocx
CVE-2014-7894
OPOSPOSPrinter.ocx
CVE-2014-7888
OPOSMICR.ocx
CVE-2014-7893
OPOSCheckScanner.ocx
Cash Drawers
HP USB Standard Duty Cash Drawer
E8E45AA / AT
CVE-2014-7895
OPOSCashDrawer.ocx
MSR
HP Mini MSR
FK186AA / AT
CVE-2014-7892
OPOSMSR.ocx
HP Retail Integrated Dual-Head MSR
QZ673AA / AT
CVE-2014-7892
OPOSMSR.ocx
HP Integrated Single Head MSR w/o SRED
J1A33AA / AT
CVE-2014-7892
OPOSMSR.ocx
HP Integrated Single Head w/o MSR SRED
J1A34AA / AT
CVE-2014-7892
OPOSMSR.ocx
HP RP7 Single Head MSR w/o SRED
K1K15AA/AT
CVE-2014-7892
OPOSMSR.ocx
Keyboards
HP POS Keyboard
FK221AA / AT
CVE-2014-7891
OPOSPOSKeyboard.ocx
CVE-2014-7892
OPOSMSR.ocx
CVE-2014-7890
OPOSToneIndicator.ocx
HP POS Keyboard with MSR
FK218AA / AT
CVE-2014-7891
OPOSPOSKeyboard.ocx
CVE-2014-7892
OPOSMSR.ocx
CVE-2014-7890
OPOSToneIndicator.ocx
Pole Displays
POS Pole Display
FK225AA / AT
CVE-2014-7889
OPOSLineDisplay.ocx
HP Graphical POS Pole Display
QZ704AA / AT
CVE-2014-7889
OPOSLineDisplay.ocx
HP LCD Pole Display
F7A93AA / AT
CVE-2014-7889
OPOSLineDisplay.ocx
Scanners
HP Imaging Barcode Scanner
BW868AA / AT
CVE-2014-7897
OPOSScanner.ocx
HP Linear Barcode Scanner
QY405AA / AT
CVE-2014-7897
OPOSScanner.ocx
HP Presentation Barcode Scanner
QY439AA / AT
CVE-2014-7897
OPOSScanner.ocx
HP Retail Integrated Barcode Scanner
E1L07AA / AT
CVE-2014-7897
OPOSScanner.ocx
HP Wireless Barcode Scanner
E6P34AA / AT
CVE-2014-7897
OPOSScanner.ocx
HP 2D Value Wireless Scanner
K3L28AA
CVE-2014-7897
OPOSScanner.ocx
HISTORY
Version:1 (rev.1) - 4 March 2015 Initial release
Version:2 (rev.2) - 20 March 2015 Corrected and clarified download
instructions
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
iEYEARECAAYFAlUMUjIACgkQ4B86/C0qfVkuCwCcC+h95jOOyvg4mWsqhdPSXYbV
9wEAniU7Opjr4sXaxMR+P0nqd3A6n+Zu
=CQuO
-----END PGP SIGNATURE-----
| VAR-201503-0114 | CVE-2015-0607 | Cisco IOS of Authentication Proxy Vulnerabilities that bypass authentication in functions |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that triggers an invalid code, as demonstrated by a connection attempt with a blank password, aka Bug IDs CSCuo09400 and CSCun16016. Cisco IOS is an operating system developed by Cisco Systems for its network devices. A remote attacker could exploit the vulnerability to bypass authentication by sending a specially crafted connection request. This may lead to further attacks.
This issue is tracked by Cisco Bug IDs CSCuo09400 and CSCun16016
| VAR-201503-0367 | CVE-2014-2130 | Cisco Secure Access Control Server Vulnerable to application file and configuration file modification |
CVSS V2: 6.5 CVSS V3: - Severity: MEDIUM |
Cisco Secure Access Control Server (ACS) provides an unintentional administration web interface based on Apache Tomcat, which allows remote authenticated users to modify application files and configuration files, and consequently execute arbitrary code, by leveraging administrative privileges, aka Bug ID CSCuj83189. Cisco Secure Access Control Server is prone to a remote code-execution vulnerability.
Remote attackers can exploit this issue to execute arbitrary code or cause the ACS web interface unreachable.
This issue being tracked by Cisco Bug ID CSCuj83189
| VAR-201503-0332 | CVE-2014-9205 | MICROSYS PROMOTIC Buffer Overflow Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data. Authentication is not required to exploit this vulnerability.The program blindly copies attacker-supplied data into a fixed-sized buffer without validating the length of this data resulting in a stack buffer overflow. The specific flaw exists within the PmBase64Decode function which ignores the passed-in length of the destination buffer. An attacker can exploit this condition to achieve code execution under the context of the process. MICROSYS PROMOTIC is a SCADA software. Failed exploit attempts will result in a denial-of-service condition
| VAR-201503-0160 | CVE-2015-0656 | Cisco Network Analysis Module Login page cross-site scripting vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in the login page in Cisco Network Analysis Module (NAM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCum81269. Vendors have confirmed this vulnerability Bug ID CSCum81269 It is released as.By any third party Web Script or HTML May be inserted.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
This issue is being tracked by Cisco Bug ID CSCum81269