HTTP: Unitronics VisiLogic OPLC Unsafe ActiveX Control
This signature detects attempts to use unsafe ActiveX controls in the Unitronics VisiLogic OPLC. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
Unitronics VisiLogic OPLC IDE before 9.8.02 does not properly restrict access to ActiveX controls, which allows remote attackers to have an unspecified impact via a crafted web site.
Affected Products
Unitronics visilogic_oplc_ide
References
CVE: CVE-2015-6478
URL: http://www.unitronics.com/docs/technical-library/click-to-open-_9-8-2.pdf
Short Name
HTTP:STC:ACTIVEX:UNITRONICS-RCE
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
ActiveX CVE-2015-6478 Control OPLC Unitronics Unsafe VisiLogic
Release Date
12/14/2015
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3337
False Positive
Unknown
Vendors
Unitronics
CVSS Score
6.8