HP OPOS CCO Drivers RCE Vulnerabilities

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by remote code execution vulnerabilities.

Description :

The HP OLE Point of Sale (OPOS) Common Control Objects (CCO) drivers
installed on the remote host are prior to version 1.13.003. They are,
therefore, potentially affected by unspecified vulnerabilities in the
following ActiveX controls :

- OPOSCashDrawer.ocx
- OPOSCheckScanner.ocx
- OPOSLineDisplay.ocx
- OPOSMICR.ocx
- OPOSMSR.ocx
- OPOSPOSKeyboard.ocx
- OPOSPOSPrinter.ocx
- OPOSScanner.ocx
- OPOSToneIndicator.ocx

A remote attacker could exploit these vulnerabilities to execute
arbitrary code.

Note that, according to the advisory, only HP Point of Sale PCs are
affected by these vulnerabilities.

See also :

http://www.nessus.org/u?31d7796a
http://www.zerodayinitiative.com/advisories/ZDI-15-094/
http://www.zerodayinitiative.com/advisories/ZDI-15-095/
http://www.zerodayinitiative.com/advisories/ZDI-15-096/
http://www.zerodayinitiative.com/advisories/ZDI-15-097/
http://www.zerodayinitiative.com/advisories/ZDI-15-098/
http://www.zerodayinitiative.com/advisories/ZDI-15-099/
http://www.zerodayinitiative.com/advisories/ZDI-15-100/
http://www.zerodayinitiative.com/advisories/ZDI-15-101/
http://monroecs.com/oposccos_history.htm

Solution :

Upgrade to OPOS CCO version 1.13.003 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now