CVE-2014-7897

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSScanner.ocx for Imaging Barcode scanners, Linear Barcode scanners, Presentation Barcode scanners, Retail Integrated Barcode scanners, Wireless Barcode scanners, and 2D Value Wireless scanners.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185	Vendor Advisory
http://www.securitytracker.com/id/1031840

Advertisement

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:hp:ole_point_of_sale_driver:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:hp:imaging_barcode_scanner_bw868aa::::::::
	cpe:2.3:h:hp:linear_barcode_scanner_qy405aa::::::::
	cpe:2.3:h:hp:presentation_barcode_scanner_qy439aa::::::::
	cpe:2.3:h:hp:wireless_barcode_scanner_e6p34aa::::::::
	cpe:2.3:h:hp:retail_integrated_barcode_scanner_e1l07aa::::::::
	cpe:2.3:h:hp:2d_value_wireless_scanner_k3l28aa::::::::

Information

Published : 2015-03-09 10:59

Updated : 2019-10-09 16:12

NVD link : CVE-2014-7897

Mitre link : CVE-2014-7897

JSON object : View

CWE

NVD-CWE-noinfo

Advertisement

Products Affected

hp

presentation_barcode_scanner_qy439aa
retail_integrated_barcode_scanner_e1l07aa
2d_value_wireless_scanner_k3l28aa
linear_barcode_scanner_qy405aa
ole_point_of_sale_driver
wireless_barcode_scanner_e6p34aa
imaging_barcode_scanner_bw868aa

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185", "name": "SSRT101689", "tags": ["Vendor Advisory"], "refsource": "HP"}, {"url": "http://www.securitytracker.com/id/1031840", "name": "1031840", "tags": [], "refsource": "SECTRACK"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSScanner.ocx for Imaging Barcode scanners, Linear Barcode scanners, Presentation Barcode scanners, Retail Integrated Barcode scanners, Wireless Barcode scanners, and 2D Value Wireless scanners."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-7897", "ASSIGNER": "hp-security-alert@hp.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "acInsufInfo": true, "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2015-03-09T17:59Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:hp:ole_point_of_sale_driver:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.13.001"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:hp:imaging_barcode_scanner_bw868aa:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:hp:linear_barcode_scanner_qy405aa:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:hp:presentation_barcode_scanner_qy439aa:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:hp:wireless_barcode_scanner_e6p34aa:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:hp:retail_integrated_barcode_scanner_e1l07aa:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:hp:2d_value_wireless_scanner_k3l28aa:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2019-10-09T23:12Z"}