CVE-2014-7892

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSMSR.ocx for Mini MSR magnetic stripe readers, Retail Integrated Dual-Head MSR magnetic stripe readers, Integrated Single Head MSR w/o SRED magnetic stripe readers, Integrated Single Head w/o MSR SRED magnetic stripe readers, RP7 Single Head MSR w/o SRED magnetic stripe readers, POS keyboards, and POS keyboards with MSR, aka ZDI-CAN-2508.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securitytracker.com/id/1031840
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185	Vendor Advisory
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185	Vendor Advisory
http://www.securitytracker.com/id/1031840
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185	Vendor Advisory
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:hp:ole_point_of_sale_driver:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:hp:integrated_single_head_msr_w\/o_sred_j1a33aa::::::::
	cpe:2.3:h:hp:integrated_single_head_w\/o_msr_sred_j1a34aa::::::::
	cpe:2.3:h:hp:mini_msr_fk186aa::::::::
	cpe:2.3:h:hp:pos_keyboard_fk221aa:-:::::::*
	cpe:2.3:h:hp:pos_keyboard_with_msr_fk218aa:-:::::::*
	cpe:2.3:h:hp:retail_integrated_dual-head_msr_qz673aa::::::::
	cpe:2.3:h:hp:rp7_single_head_msr_w\/o_sred_k1k15aa::::::::

History

21 Nov 2024, 02:18

Type	Values Removed	Values Added
References	~~() http://www.securitytracker.com/id/1031840 -~~	() http://www.securitytracker.com/id/1031840 -
References	~~() https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185 - Vendor Advisory~~	() https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185 - Vendor Advisory

Information

Published : 2015-03-09 17:59

Updated : 2025-04-12 10:46

NVD link : CVE-2014-7892

Mitre link : CVE-2014-7892

CVE.ORG link : CVE-2014-7892

JSON object : View

Products Affected

ole_point_of_sale_driver
rp7_single_head_msr_w\/o_sred_k1k15aa
integrated_single_head_w\/o_msr_sred_j1a34aa
pos_keyboard_fk221aa
pos_keyboard_with_msr_fk218aa
integrated_single_head_msr_w\/o_sred_j1a33aa
mini_msr_fk186aa
retail_integrated_dual-head_msr_qz673aa

CWE

NVD-CWE-noinfo

{"id": "CVE-2014-7892", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": true, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-03-09T17:59:04.907", "references": [{"url": "http://www.securitytracker.com/id/1031840", "source": "hp-security-alert@hp.com"}, {"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185", "tags": ["Vendor Advisory"], "source": "hp-security-alert@hp.com"}, {"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185", "tags": ["Vendor Advisory"], "source": "hp-security-alert@hp.com"}, {"url": "http://www.securitytracker.com/id/1031840", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSMSR.ocx for Mini MSR magnetic stripe readers, Retail Integrated Dual-Head MSR magnetic stripe readers, Integrated Single Head MSR w/o SRED magnetic stripe readers, Integrated Single Head w/o MSR SRED magnetic stripe readers, RP7 Single Head MSR w/o SRED magnetic stripe readers, POS keyboards, and POS keyboards with MSR, aka ZDI-CAN-2508."}, {"lang": "es", "value": "Los controladores OLE Point of Sale (OPOS) anterior a 1.13.003 en los PCs de Windows HP Point of Sale permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores que involucran OPOSMSR.ocx para los lectores de cinta magn\u00e9tica Mini MSR, los lectores de cinta magn\u00e9tica Retail Integrated Dual-Head MSR, los lectores de cinta magn\u00e9tica Integrated Single Head MSR w/o SRED, los lectores de cinta magn\u00e9tica Integrated Single Head w/o MSR SRED, los lectores de cinta magn\u00e9tica RP7 Single Head MSR w/o SRED, los teclados POS y los teclados POS con MSR, tambi\u00e9n conocido como ZDI-CAN-2508."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hp:ole_point_of_sale_driver:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3BD6000-9ED7-4A61-A45D-030F2E428404", "versionEndIncluding": "1.13.001"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:integrated_single_head_msr_w\\/o_sred_j1a33aa:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "811539DB-4442-4DD8-8B65-BF7B718D5F13"}, {"criteria": "cpe:2.3:h:hp:integrated_single_head_w\\/o_msr_sred_j1a34aa:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C8B17BBE-8BBA-4378-BFB2-9CB4BDE02323"}, {"criteria": "cpe:2.3:h:hp:mini_msr_fk186aa:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "094495A8-FF88-4C2F-AA9E-02B75BCDEF43"}, {"criteria": "cpe:2.3:h:hp:pos_keyboard_fk221aa:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8F041AAB-88F2-45D0-AA16-F64FCD479CBA"}, {"criteria": "cpe:2.3:h:hp:pos_keyboard_with_msr_fk218aa:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "61E1D590-2206-4C2C-BE1B-9C851F67FBA3"}, {"criteria": "cpe:2.3:h:hp:retail_integrated_dual-head_msr_qz673aa:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2D1F07F3-C901-426A-99EB-30743C584E3D"}, {"criteria": "cpe:2.3:h:hp:rp7_single_head_msr_w\\/o_sred_k1k15aa:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FC216EEA-5770-4B98-92D4-5D7F869BB9DA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "hp-security-alert@hp.com"}

10.0 /10