var-201511-0016
Vulnerability from variot
Unitronics VisiLogic OPLC IDE before 9.8.02 allows remote attackers to execute unspecified code via unknown vectors. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within implementation of the WinSockPath property of the HTTPS ActiveX control. The control passes this property as the URL for a DLL to the LoadLibraryA API, which will automatically execute DllMain in the DLL. This can be leveraged by an attacker for remote code execution in the context of the process. A crafted value can cause system software to treat arbitrary memory as a certificate structure which is then modified. Unitronics VisiLogic OPLC IDE is Unitronics' suite of human machine interface (HMI) and PLC application programming environments for SAMBA series controllers. A security vulnerability exists in Unitronics VisiLogic OPLC IDE 9.8.0.0 and earlier. Unitronics VisiLogic is prone to multiple remote code-execution vulnerabilities. Failed exploit attempts will likely result in denial-of-service conditions. The affected ActiveX control is identified by CLSID: 3D6F2DBA-F4E5-40A6-8725-E99BC96CC23A. Note: This issue was previously titled 'Unitronics VisiLogic ActiveX Control Security Bypass and Arbitrary Code Injection Vulnerabilities'. The title and technical details have been changed to better reflect the underlying component affected. Unitronics VisiLogic 9.8.0.00 and prior versions are vulnerable
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "unidownloader visilogic oplc ide",
"scope": null,
"trust": 1.4,
"vendor": "unitronicsunitronics",
"version": null
},
{
"_id": null,
"model": "visilogic oplc ide",
"scope": "lte",
"trust": 1.0,
"vendor": "unitronics",
"version": "9.8.0.00"
},
{
"_id": null,
"model": "visilogic oplc ide",
"scope": "lt",
"trust": 0.8,
"vendor": "unitronics",
"version": "9.8.02"
},
{
"_id": null,
"model": "unidownloader",
"scope": null,
"trust": 0.7,
"vendor": "unitronics",
"version": null
},
{
"_id": null,
"model": "visilogic oplc ide",
"scope": "lte",
"trust": 0.6,
"vendor": "unitronics",
"version": "\u003c=9.8.0.00"
},
{
"_id": null,
"model": "visilogic oplc ide",
"scope": "eq",
"trust": 0.6,
"vendor": "unitronics",
"version": "9.8.0.00"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "visilogic oplc ide",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "6d539d54-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-576"
},
{
"db": "ZDI",
"id": "ZDI-15-574"
},
{
"db": "ZDI",
"id": "ZDI-15-575"
},
{
"db": "CNVD",
"id": "CNVD-2015-07636"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005913"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-245"
},
{
"db": "NVD",
"id": "CVE-2015-7905"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:unitronics:visilogic_oplc_ide",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005913"
}
]
},
"credits": {
"_id": null,
"data": "Andrea Micalizzi (rgod)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-576"
},
{
"db": "ZDI",
"id": "ZDI-15-574"
},
{
"db": "ZDI",
"id": "ZDI-15-575"
}
],
"trust": 2.1
},
"cve": "CVE-2015-7905",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2015-7905",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 2.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-7905",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-07636",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "6d539d54-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "ZDI",
"id": "CVE-2015-7905",
"trust": 2.1,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2015-7905",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-7905",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-07636",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201511-245",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "6d539d54-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "6d539d54-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-576"
},
{
"db": "ZDI",
"id": "ZDI-15-574"
},
{
"db": "ZDI",
"id": "ZDI-15-575"
},
{
"db": "CNVD",
"id": "CNVD-2015-07636"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005913"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-245"
},
{
"db": "NVD",
"id": "CVE-2015-7905"
}
]
},
"description": {
"_id": null,
"data": "Unitronics VisiLogic OPLC IDE before 9.8.02 allows remote attackers to execute unspecified code via unknown vectors. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within implementation of the WinSockPath property of the HTTPS ActiveX control. The control passes this property as the URL for a DLL to the LoadLibraryA API, which will automatically execute DllMain in the DLL. This can be leveraged by an attacker for remote code execution in the context of the process. A crafted value can cause system software to treat arbitrary memory as a certificate structure which is then modified. Unitronics VisiLogic OPLC IDE is Unitronics\u0027 suite of human machine interface (HMI) and PLC application programming environments for SAMBA series controllers. A security vulnerability exists in Unitronics VisiLogic OPLC IDE 9.8.0.0 and earlier. Unitronics VisiLogic is prone to multiple remote code-execution vulnerabilities. Failed exploit attempts will likely result in denial-of-service conditions. \nThe affected ActiveX control is identified by CLSID: 3D6F2DBA-F4E5-40A6-8725-E99BC96CC23A. \nNote: This issue was previously titled \u0027Unitronics VisiLogic ActiveX Control Security Bypass and Arbitrary Code Injection Vulnerabilities\u0027. The title and technical details have been changed to better reflect the underlying component affected. \nUnitronics VisiLogic 9.8.0.00 and prior versions are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7905"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005913"
},
{
"db": "ZDI",
"id": "ZDI-15-576"
},
{
"db": "ZDI",
"id": "ZDI-15-574"
},
{
"db": "ZDI",
"id": "ZDI-15-575"
},
{
"db": "CNVD",
"id": "CNVD-2015-07636"
},
{
"db": "BID",
"id": "77571"
},
{
"db": "IVD",
"id": "6d539d54-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 4.5
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2015-7905",
"trust": 5.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-274-02",
"trust": 3.0
},
{
"db": "BID",
"id": "77571",
"trust": 1.9
},
{
"db": "ZDI",
"id": "ZDI-15-576",
"trust": 1.7
},
{
"db": "ZDI",
"id": "ZDI-15-574",
"trust": 1.7
},
{
"db": "ZDI",
"id": "ZDI-15-575",
"trust": 1.7
},
{
"db": "CNVD",
"id": "CNVD-2015-07636",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201511-245",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005913",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2965",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2964",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2930",
"trust": 0.7
},
{
"db": "IVD",
"id": "6D539D54-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "6d539d54-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-576"
},
{
"db": "ZDI",
"id": "ZDI-15-574"
},
{
"db": "ZDI",
"id": "ZDI-15-575"
},
{
"db": "CNVD",
"id": "CNVD-2015-07636"
},
{
"db": "BID",
"id": "77571"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005913"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-245"
},
{
"db": "NVD",
"id": "CVE-2015-7905"
}
]
},
"id": "VAR-201511-0016",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "6d539d54-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07636"
}
],
"trust": 1.3869565000000001
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "6d539d54-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07636"
}
]
},
"last_update_date": "2024-11-23T23:02:39.365000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Unitronics has issued an update to correct this vulnerability. Unitronics has issued an update to correct this vulnerability.",
"trust": 2.1,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-274-02"
},
{
"title": "Download -VisiLogic (Vision Series)",
"trust": 0.8,
"url": "http://www.unitronics.com/support/downloads"
},
{
"title": "Patch for Unitronics VisiLogic OPLC IDE Code Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/66867"
},
{
"title": "Unitronics VisiLogic OPLC IDE Fixes for code injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58734"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-576"
},
{
"db": "ZDI",
"id": "ZDI-15-574"
},
{
"db": "ZDI",
"id": "ZDI-15-575"
},
{
"db": "CNVD",
"id": "CNVD-2015-07636"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005913"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-245"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-94",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005913"
},
{
"db": "NVD",
"id": "CVE-2015-7905"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 6.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-274-02"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/77571"
},
{
"trust": 1.0,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-576"
},
{
"trust": 1.0,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-574"
},
{
"trust": 1.0,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-575"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7905"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7905"
},
{
"trust": 0.3,
"url": "http://support.microsoft.com/kb/240797"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-576"
},
{
"db": "ZDI",
"id": "ZDI-15-574"
},
{
"db": "ZDI",
"id": "ZDI-15-575"
},
{
"db": "CNVD",
"id": "CNVD-2015-07636"
},
{
"db": "BID",
"id": "77571"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005913"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-245"
},
{
"db": "NVD",
"id": "CVE-2015-7905"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "6d539d54-2351-11e6-abef-000c29c66e3d",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-15-576",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-15-574",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-15-575",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2015-07636",
"ident": null
},
{
"db": "BID",
"id": "77571",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005913",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201511-245",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2015-7905",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2015-11-18T00:00:00",
"db": "IVD",
"id": "6d539d54-2351-11e6-abef-000c29c66e3d",
"ident": null
},
{
"date": "2015-12-02T00:00:00",
"db": "ZDI",
"id": "ZDI-15-576",
"ident": null
},
{
"date": "2015-12-02T00:00:00",
"db": "ZDI",
"id": "ZDI-15-574",
"ident": null
},
{
"date": "2015-12-02T00:00:00",
"db": "ZDI",
"id": "ZDI-15-575",
"ident": null
},
{
"date": "2015-11-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07636",
"ident": null
},
{
"date": "2015-11-12T00:00:00",
"db": "BID",
"id": "77571",
"ident": null
},
{
"date": "2015-11-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005913",
"ident": null
},
{
"date": "2015-11-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-245",
"ident": null
},
{
"date": "2015-11-13T03:59:04.977000",
"db": "NVD",
"id": "CVE-2015-7905",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2015-12-02T00:00:00",
"db": "ZDI",
"id": "ZDI-15-576",
"ident": null
},
{
"date": "2015-12-02T00:00:00",
"db": "ZDI",
"id": "ZDI-15-574",
"ident": null
},
{
"date": "2015-12-02T00:00:00",
"db": "ZDI",
"id": "ZDI-15-575",
"ident": null
},
{
"date": "2015-11-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07636",
"ident": null
},
{
"date": "2015-12-08T22:23:00",
"db": "BID",
"id": "77571",
"ident": null
},
{
"date": "2015-11-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005913",
"ident": null
},
{
"date": "2015-11-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-245",
"ident": null
},
{
"date": "2024-11-21T02:37:38.700000",
"db": "NVD",
"id": "CVE-2015-7905",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-245"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Unitronics VisiLogic OPLC IDE Code injection vulnerability",
"sources": [
{
"db": "IVD",
"id": "6d539d54-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07636"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-245"
}
],
"trust": 1.4
},
"type": {
"_id": null,
"data": "Code injection",
"sources": [
{
"db": "IVD",
"id": "6d539d54-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-245"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…