CVE-2014-7894

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSPOSPrinter.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, and Value Serial/USB Receipt printers, aka ZDI-CAN-2506.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185	Vendor Advisory
http://www.securitytracker.com/id/1031840

Advertisement

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:hp:ole_point_of_sale_driver:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:hp:serialusb_thermal_receipt_printer_bm476aa:-:::::::*
	cpe:2.3:h:hp:hybrid_pos_printer_with_micr_us_fk184aa:-:::::::*
	cpe:2.3:h:hp:pusb_thermal_receipt_printer_f7m67aa:-:::::::*
	cpe:2.3:h:hp:value_serial\/usb_receipt_printer_f7m66aa:-:::::::*
	cpe:2.3:h:hp:pusb_thermal_receipt_printer_fk224aa:-:::::::*

Information

Published : 2015-03-09 10:59

Updated : 2019-10-09 16:12

NVD link : CVE-2014-7894

Mitre link : CVE-2014-7894

JSON object : View

CWE

NVD-CWE-noinfo

Advertisement

Products Affected

hp

value_serial\/usb_receipt_printer_f7m66aa
pusb_thermal_receipt_printer_fk224aa
serialusb_thermal_receipt_printer_bm476aa
hybrid_pos_printer_with_micr_us_fk184aa
pusb_thermal_receipt_printer_f7m67aa
ole_point_of_sale_driver

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185", "name": "SSRT101690", "tags": ["Vendor Advisory"], "refsource": "HP"}, {"url": "http://www.securitytracker.com/id/1031840", "name": "1031840", "tags": [], "refsource": "SECTRACK"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSPOSPrinter.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, and Value Serial/USB Receipt printers, aka ZDI-CAN-2506."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-7894", "ASSIGNER": "hp-security-alert@hp.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "acInsufInfo": true, "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2015-03-09T17:59Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:hp:ole_point_of_sale_driver:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.13.001"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:hp:serialusb_thermal_receipt_printer_bm476aa:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:hp:hybrid_pos_printer_with_micr_us_fk184aa:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:hp:pusb_thermal_receipt_printer_f7m67aa:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:hp:value_serial\\/usb_receipt_printer_f7m66aa:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:hp:pusb_thermal_receipt_printer_fk224aa:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2019-10-09T23:12Z"}