CVE-2014-7894

{"id": "CVE-2014-7894", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": true, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-03-09T17:59:06.597", "references": [{"url": "http://www.securitytracker.com/id/1031840", "source": "hp-security-alert@hp.com"}, {"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185", "tags": ["Vendor Advisory"], "source": "hp-security-alert@hp.com"}, {"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185", "tags": ["Vendor Advisory"], "source": "hp-security-alert@hp.com"}, {"url": "http://www.securitytracker.com/id/1031840", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSPOSPrinter.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, and Value Serial/USB Receipt printers, aka ZDI-CAN-2506."}, {"lang": "es", "value": "Los controladores OLE Point of Sale (OPOS) anterior a 1.13.003 en los PCs de Windows HP Point of Sale permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores que involucran OPOSPOSPrinter.ocx para las impresoras PUSB Thermal Receipt, SerialUSB Thermal Receipt, Hybrid POS con MICR, Value PUSB Receipt, y Value Serial/USB Receipt, tambi\u00e9n conocido como ZDI-CAN-2506."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hp:ole_point_of_sale_driver:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3BD6000-9ED7-4A61-A45D-030F2E428404", "versionEndIncluding": "1.13.001"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:hybrid_pos_printer_with_micr_us_fk184aa:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0F273671-0608-424F-8C12-C852C382F07A"}, {"criteria": "cpe:2.3:h:hp:pusb_thermal_receipt_printer_f7m67aa:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AEE0F849-97C5-4E55-9FB4-36E5C9240ED0"}, {"criteria": "cpe:2.3:h:hp:pusb_thermal_receipt_printer_fk224aa:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "97307E86-5213-440C-8050-36854FC9024C"}, {"criteria": "cpe:2.3:h:hp:serialusb_thermal_receipt_printer_bm476aa:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8837FF71-C459-4A0B-B19C-7702407EEE43"}, {"criteria": "cpe:2.3:h:hp:value_serial\\/usb_receipt_printer_f7m66aa:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "67D8B24C-6FC3-4443-AD5F-187E0A22FCCC"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "hp-security-alert@hp.com"}