CVE-2015-6478
medium
CVSS v3
—
CVSS v2
6.8
VIR risk
6.8
Description
Unitronics VisiLogic OPLC IDE before 9.8.02 does not properly restrict access to ActiveX controls, which allows remote attackers to have an unspecified impact via a crafted web site.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: ics-cert@hq.dhs.gov — https://ics-cert.us-cert.gov/advisories/ICSA-15-274-02
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| unitronics | visilogic_oplc_ide | {"endIncluding":"9.8.0.0"} | |
References
- http://www.securityfocus.com/bid/77571
- http://www.zerodayinitiative.com/advisories/ZDI-15-573
- http://www.zerodayinitiative.com/advisories/ZDI-15-577
- http://www.zerodayinitiative.com/advisories/ZDI-15-578
- http://www.zerodayinitiative.com/advisories/ZDI-15-579
- http://www.zerodayinitiative.com/advisories/ZDI-15-580
- https://ics-cert.us-cert.gov/advisories/ICSA-15-274-02
- http://www.securityfocus.com/bid/77571
- http://www.zerodayinitiative.com/advisories/ZDI-15-573
- http://www.zerodayinitiative.com/advisories/ZDI-15-577
- http://www.zerodayinitiative.com/advisories/ZDI-15-578
- http://www.zerodayinitiative.com/advisories/ZDI-15-579
- http://www.zerodayinitiative.com/advisories/ZDI-15-580
- https://ics-cert.us-cert.gov/advisories/ICSA-15-274-02
CWEs
CWE-284
Verify integrity in audit chain (admin only). AS-IS.