CVE-2019-6825
https://notcve.org/view.php?id=CVE-2019-6825
A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow a malicious DLL file, with the same name of any resident DLLs inside the software installation, to execute arbitrary code in all versions of ProClima prior to version 8.0.0. Una CWE-427: Existe una vulnerabilidad de Elemento de Ruta (Path) de Búsqueda No Controlada en ProClima (todas las versiones anteriores a la versión 8.0.0), que podría permitir un archivo DLL malicioso, con el mismo nombre de cualquier DLL residente dentro de la instalación del software, para ejecutar código arbitrario en todas las versiones de ProClima anteriores a la versión 8.0.0. • https://www.schneider-electric.com/en/download/document/SEVD-2019-162-01 • CWE-427: Uncontrolled Search Path Element •
CVE-2019-6824
https://notcve.org/view.php?id=CVE-2019-6824
A CWE-119: Buffer Errors vulnerability exists in ProClima (all versions prior to version 8.0.0) which allows an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0. Una CWE-119: Se presenta una vulnerabilidad de Errores de búfer en ProClima (todas las versiones anteriores a la versión 8.0.0), que permite a un atacante remoto no autenticado ejecutar código arbitrario en el sistema de destino en todas las versiones de ProClima anteriores a la versión 8.0.0. • https://www.schneider-electric.com/en/download/document/SEVD-2019-162-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2019-6823
https://notcve.org/view.php?id=CVE-2019-6823
A CWE-94: Code Injection vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0. Una CWE-94: existe una vulnerabilidad de inyección de código en ProClima (todas las versiones anteriores a la versión 8.0.0) que podría permitir que un atacante remoto no autenticado ejecute código arbitrario en el sistema objetivo en todas las versiones de ProClima anteriores a la versión 8.0.0. • https://www.schneider-electric.com/en/download/document/SEVD-2019-162-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2015-8561 – Schneider Electric ProClima F1BookView ActiveX Control CopyRangeEx Method Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-8561
The F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted integer value to the (1) AttachToSS, (2) CopyAll, (3) CopyRange, (4) CopyRangeEx, or (5) SwapTable method, a different vulnerability than CVE-2015-7918. El control F1BookView ActiveX en F1 Bookview in Schneider Electric ProClima en versiones anteriores a 6.2 permite atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un valor entero manipulado con el método (1) AttachToSS, (2) CopyAll, (3) CopyRange, (4) CopyRangeEx o (5) SwapTable, una vulnerabilidad diferente a CVE-2015-7918. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric ProClima. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the CopyRangeEx method of the F1BookView ActiveX control. The method accepts an integer value and interprets it as the address of a structure in memory. • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-329-01 http://www.zerodayinitiative.com/advisories/ZDI-15-626 http://www.zerodayinitiative.com/advisories/ZDI-15-627 http://www.zerodayinitiative.com/advisories/ZDI-15-628 http://www.zerodayinitiative.com/advisories/ZDI-15-629 https://ics-cert.us-cert.gov/advisories/ICSA-15-335-02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-7918 – Schneider Electric ProClima F1BookView ActiveX Control SetTabbedTextEx Method Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-7918
Multiple buffer overflows in the F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allow remote attackers to execute arbitrary code via the (1) Attach, (2) DefinedName, (3) DefinedNameLocal, (4) ODBCPrepareEx, (5) ObjCreatePolygon, (6) SetTabbedTextEx, or (7) SetValidationRule method, a different vulnerability than CVE-2015-8561. Múltiples desbordamientos de buffer en el control F1BookView ActiveX en F1 Bookview en Schneider Electric ProClima en versiones anteriores a 6.2 permite atacantes remotos ejecutar código arbitrario a través del método (1) Attach, (2) DefinedName, (3) DefinedNameLocal, (4) ODBCPrepareEx, (5) ObjCreatePolygon, (6) SetTabbedTextEx o (7) SetValidationRule, una vulnerabilidad diferente a CVE-2015-8561. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric ProClima. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the SetTabbedTextEx method of the F1BookView control. Memory corruption occurs when a long string is passed by the user to the method. • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-329-01 http://www.zerodayinitiative.com/advisories/ZDI-15-625 http://www.zerodayinitiative.com/advisories/ZDI-15-630 http://www.zerodayinitiative.com/advisories/ZDI-15-631 http://www.zerodayinitiative.com/advisories/ZDI-15-632 http://www.zerodayinitiative.com/advisories/ZDI-15-633 http://www.zerodayinitiative.com/advisories/ZDI-15-634 http://www.zerodayinitiative.com/advisories/ZDI-15-635 https://ics-cert.us-cert.gov/advisori • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •