Vulnerability Description
Multiple stack-based buffer overflows in Moxa VPort ActiveX SDK Plus before 2.8 allow remote attackers to insert assembly-code lines via vectors involving a regkey (1) set or (2) get command.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moxa | Vport Activex Sdk Plus | <= 2.7 |
Related Weaknesses (CWE)
References
- http://www.moxa.com/support/download.aspx?d_id=2114Patch
- http://www.securityfocus.com/bid/73960
- http://www.zerodayinitiative.com/advisories/ZDI-15-392
- https://ics-cert.us-cert.gov/advisories/ICSA-15-097-01Third Party AdvisoryUS Government Resource
- http://www.moxa.com/support/download.aspx?d_id=2114Patch
- http://www.securityfocus.com/bid/73960
- http://www.zerodayinitiative.com/advisories/ZDI-15-392
- https://ics-cert.us-cert.gov/advisories/ICSA-15-097-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2015-0986?
CVE-2015-0986 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple stack-based buffer overflows in Moxa VPort ActiveX SDK Plus before 2.8 allow remote attackers to insert assembly-code lines via vectors involving a regkey (1) set or (2) get command.
How severe is CVE-2015-0986?
CVE-2015-0986 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-0986?
Check the references section above for vendor advisories and patch information. Affected products include: Moxa Vport Activex Sdk Plus.