Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Schneider Electric ProClima < 6.2 Multiple Vulnerabilities

High

Synopsis

The remote host is running an outdated version of Schneider Electric's ProClima application.

Description

The version of Schneider Electric's ProClima application is prior to 6.2 and is affected by multiple vulnerabilities associated with ActiveX controls, any of which may allow a context-dependent attacker to potentially execute arbitrary code :

- A flaw exists in the bundled F1BookView ActiveX controls that is triggered when handling input to the 'SetTabedTextEx()' method. (OSVDB 130867) - An overflow condition exists in the bundled F1BookView ActiveX controls that is triggered when handling input to the 'SetValidationRule()' method. (OSVDB 131924) - An overflow condition exists in the bundled F1BookView ActiveX control that is triggered when handling input to the 'Attach()' method. (OSVDB 131925) - An overflow condition exists in the bundled F1BookView ActiveX control that is triggered when handling input to the 'ObjCreatePolygon()' method. (OSVDB 131926) - An overflow condition exists in the bundled F1BookView ActiveX control that is triggered when handling input to the 'DefinedNameLocal()' method. (OSVDB 131927) - An overflow condition exists in the bundled F1BookView ActiveX control that is triggered when handling input to the 'ODBCPrepareEx()' method. (OSVDB 131928) - An overflow condition exists in the bundled F1BookView ActiveX control that is triggered when handling input to the 'DefinedName()' method. (OSVDB 131933)

Solution

Upgrade to ProClima version 6.2 or later.