Vulnerability Description
Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-9188. NOTE: this may be clarified later based on details provided by researchers.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider Electric | Proclima | <= 6.0.1 |
Related Weaknesses (CWE)
References
- http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01PatchVendor Advisory
- http://www.securityfocus.com/bid/71710
- https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01PatchThird Party AdvisoryUS Government Resource
- http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01PatchVendor Advisory
- http://www.securityfocus.com/bid/71710
- https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01PatchThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2014-8514?
CVE-2014-8514 is a vulnerability with a CVSS score of 7.5 (HIGH). Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability th...
How severe is CVE-2014-8514?
CVE-2014-8514 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-8514?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider Electric Proclima.