Remote Code Execution Vulnerability in OPOS Drivers for HP Point of Sale Systems
CVE-2014-7895

Currently unrated

Key Information:

Vendor: HP
Status: Ole Point Of Sale Driver
Vendor: CVE Published:; 9 March 2015

Summary

The OPOS drivers, prior to version 1.13.003, on HP Point of Sale Windows PCs, expose a significant risk by allowing remote attackers to execute arbitrary code. This vulnerability arises from specific interactions with components such as OPOSCashDrawer.ocx, especially when dealing with various thermal receipt printers and cash drawers. Attackers can exploit this weakness through crafted requests, potentially gaining unauthorized access and control over affected systems. It's critical for users to update their OPOS drivers to mitigate these risks and enhance their security posture.

References

http://www.securitytracker.com/id/1031840

vdb-entryx_refsource_SECTRACK

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/doc...

vendor-advisoryx_refsource_HP

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/doc...

vendor-advisoryx_refsource_HP

EPSS Score

46% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 9, 2015
Vulnerability Reserved
Oct 6, 2014