Schneider-Electric Proclima vulnerabilities

6 known vulnerabilities affecting schneider-electric/proclima.

Total CVEs

6

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

CRITICAL3HIGH1MEDIUM2

Vulnerabilities

Page 1 of 1

CVE-2019-6823CRITICALCVSS 9.8fixed in 8.0.02019-07-15

CVE-2019-6823 [CRITICAL] CWE-94 CVE-2019-6823: A CWE-94: Code Injection vulnerability exists in ProClima (all versions prior to version 8.0.0) whic A CWE-94: Code Injection vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0.

CVE-2019-6824CRITICALCVSS 9.8fixed in 8.0.02019-07-15

CVE-2019-6824 [CRITICAL] CWE-119 CVE-2019-6824: A CWE-119: Buffer Errors vulnerability exists in ProClima (all versions prior to version 8.0.0) whic A CWE-119: Buffer Errors vulnerability exists in ProClima (all versions prior to version 8.0.0) which allows an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0.

CVE-2019-6825HIGHCVSS 7.8fixed in 8.0.02019-07-15

CVE-2019-6825 [HIGH] CWE-427 CVE-2019-6825: A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProClima (all versions prior to A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow a malicious DLL file, with the same name of any resident DLLs inside the software installation, to execute arbitrary code in all versions of ProClima prior to version 8.0.0.

CVE-2015-7918MEDIUMCVSS 6.8≤ 6.12015-12-15

CVE-2015-7918 [MEDIUM] CWE-119 CVE-2015-7918: Multiple buffer overflows in the F1BookView ActiveX control in F1 Bookview in Schneider Electric Pro Multiple buffer overflows in the F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allow remote attackers to execute arbitrary code via the (1) Attach, (2) DefinedName, (3) DefinedNameLocal, (4) ODBCPrepareEx, (5) ObjCreatePolygon, (6) SetTabbedTextEx, or (7) SetValidationRule method, a different vulnerability than CV

CVE-2015-8561MEDIUMCVSS 6.8≤ 6.12015-12-15

CVE-2015-8561 [MEDIUM] CVE-2015-8561: The F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allows remot The F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted integer value to the (1) AttachToSS, (2) CopyAll, (3) CopyRange, (4) CopyRangeEx, or (5) SwapTable method, a different vulnerability than CVE-2015-7918.

CVE-2014-8511CRITICALCVSS 10.0≤ 6.0.12014-12-27

CVE-2014-8511 [CRITICAL] CWE-119 CVE-2014-8511: Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allow Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8512. NOTE: this may be clarified later based on details provided by researchers.