ActiveX Control Flaw in Schneider Electric ProClima
CVE-2015-8561

Currently unrated

Key Information:

Vendor: Schneider Electric
Status: Proclima
Vendor: CVE Published:; 15 December 2015

🔔 Create Schneider Electric Vulnerability Alert

What is CVE-2015-8561?

The F1BookView ActiveX control in Schneider Electric's ProClima, prior to version 6.2, presents a significant security vulnerability that enables remote attackers to execute arbitrary code or induce a denial of service through crafted integer inputs. These inputs can manipulate methods such as AttachToSS, CopyAll, CopyRange, CopyRangeEx, or SwapTable, potentially leading to serious exploitation. This vulnerability underscores the importance of securing ActiveX controls and ensuring application updates.

References

http://www.zerodayinitiative.com/advisories/ZDI-15-628

x_refsource_MISC

http://www.zerodayinitiative.com/advisories/ZDI-15-626

x_refsource_MISC

https://ics-cert.us-cert.gov/advisories/ICSA-15-335-02

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 15, 2015