Buffer Overflow Vulnerabilities in Schneider Electric ProClima ActiveX Control
CVE-2015-7918

Currently unrated

Key Information:

Vendor: Schneider Electric
Status: Proclima
Vendor: CVE Published:; 15 December 2015

🔔 Create Schneider Electric Vulnerability Alert

What is CVE-2015-7918?

Multiple buffer overflow vulnerabilities exist in the F1BookView ActiveX control within Schneider Electric's ProClima before version 6.2. These vulnerabilities can be exploited by remote attackers using various methods such as Attach, DefinedName, and SetValidationRule, allowing them to execute arbitrary code on the affected systems.

References

http://www.zerodayinitiative.com/advisories/ZDI-15-631

x_refsource_MISC

http://www.zerodayinitiative.com/advisories/ZDI-15-625

x_refsource_MISC

https://ics-cert.us-cert.gov/advisories/ICSA-15-335-02

x_refsource_MISC

EPSS Score

12% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 15, 2015
Vulnerability Reserved
Oct 22, 2015