HTTP: Schneider Electric ProClima MDraw30.ocx Unsafe Activex
This signature detects attempts to use an unsafe ActiveX control in Schneider Electric ProClima. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-9188. NOTE: this may be clarified later based on details provided by researchers.
Affected Products
Schneider_electric proclima
Short Name
HTTP:STC:ACTIVEX:SCHNEDER-MDRAW
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Activex CVE-2014-8514 Electric MDraw30.ocx ProClima Schneider Unsafe
Release Date
11/17/2023
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
False Positive
Unknown
Vendors
Schneider_electric