CVE-2014-7894 - Vulnerability Details - OpenCVE

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSPOSPrinter.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, and Value Serial/USB Receipt printers, aka ZDI-CAN-2506.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hp	Hybrid Pos Printer With Micr Us Fk184aa Ole Point Of Sale Driver Pusb Thermal Receipt Printer F7m67aa Pusb Thermal Receipt Printer Fk224aa Serialusb Thermal Receipt Printer Bm476aa Value Serial\/usb Receipt Printer F7m66aa

Configuration 1 [-]

AND

cpe:2.3:a:hp:ole_point_of_sale_driver:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:hp:hybrid_pos_printer_with_micr_us_fk184aa:-:::::::*
	cpe:2.3:h:hp:pusb_thermal_receipt_printer_f7m67aa:-:::::::*
	cpe:2.3:h:hp:pusb_thermal_receipt_printer_fk224aa:-:::::::*
	cpe:2.3:h:hp:serialusb_thermal_receipt_printer_bm476aa:-:::::::*
	cpe:2.3:h:hp:value_serial\/usb_receipt_printer_f7m66aa:-:::::::*

No data.

References

Link	Providers
http://www.securitytracker.com/id/1031840
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185

History

No history.

MITRE

Status: PUBLISHED

Assigner: hp

Published: 2015-03-09T17:00:00

Updated: 2024-08-06T13:03:27.560Z

Reserved: 2014-10-06T00:00:00

Link: CVE-2014-7894

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2015-03-09T17:59:06.597

Modified: 2025-04-12T10:46:40.837

Link: CVE-2014-7894

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-03-04T00:00:00", "descriptions": [{"lang": "en", "value": "The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSPOSPrinter.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, and Value Serial/USB Receipt printers, aka ZDI-CAN-2506."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-03-10T13:57:00", "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "shortName": "hp"}, "references": [{"name": "SSRT101690", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185"}, {"name": "1031840", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1031840"}, {"name": "HPSBHF03279", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "hp-security-alert@hp.com", "ID": "CVE-2014-7894", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSPOSPrinter.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, and Value Serial/USB Receipt printers, aka ZDI-CAN-2506."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "SSRT101690", "refsource": "HP", "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185"}, {"name": "1031840", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1031840"}, {"name": "HPSBHF03279", "refsource": "HP", "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:03:27.560Z"}, "title": "CVE Program Container", "references": [{"name": "SSRT101690", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185"}, {"name": "1031840", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1031840"}, {"name": "HPSBHF03279", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185"}]}]}, "cveMetadata": {"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "assignerShortName": "hp", "cveId": "CVE-2014-7894", "datePublished": "2015-03-09T17:00:00", "dateReserved": "2014-10-06T00:00:00", "dateUpdated": "2024-08-06T13:03:27.560Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hp:ole_point_of_sale_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "F3BD6000-9ED7-4A61-A45D-030F2E428404", "versionEndIncluding": "1.13.001", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hp:hybrid_pos_printer_with_micr_us_fk184aa:-:*:*:*:*:*:*:*", "matchCriteriaId": "0F273671-0608-424F-8C12-C852C382F07A", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:pusb_thermal_receipt_printer_f7m67aa:-:*:*:*:*:*:*:*", "matchCriteriaId": "AEE0F849-97C5-4E55-9FB4-36E5C9240ED0", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:pusb_thermal_receipt_printer_fk224aa:-:*:*:*:*:*:*:*", "matchCriteriaId": "97307E86-5213-440C-8050-36854FC9024C", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:serialusb_thermal_receipt_printer_bm476aa:-:*:*:*:*:*:*:*", "matchCriteriaId": "8837FF71-C459-4A0B-B19C-7702407EEE43", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:value_serial\\/usb_receipt_printer_f7m66aa:-:*:*:*:*:*:*:*", "matchCriteriaId": "67D8B24C-6FC3-4443-AD5F-187E0A22FCCC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSPOSPrinter.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, and Value Serial/USB Receipt printers, aka ZDI-CAN-2506."}, {"lang": "es", "value": "Los controladores OLE Point of Sale (OPOS) anterior a 1.13.003 en los PCs de Windows HP Point of Sale permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores que involucran OPOSPOSPrinter.ocx para las impresoras PUSB Thermal Receipt, SerialUSB Thermal Receipt, Hybrid POS con MICR, Value PUSB Receipt, y Value Serial/USB Receipt, tambi\u00e9n conocido como ZDI-CAN-2506."}], "id": "CVE-2014-7894", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-03-09T17:59:06.597", "references": [{"source": "hp-security-alert@hp.com", "url": "http://www.securitytracker.com/id/1031840"}, {"source": "hp-security-alert@hp.com", "tags": ["Vendor Advisory"], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185"}, {"source": "hp-security-alert@hp.com", "tags": ["Vendor Advisory"], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1031840"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185"}], "sourceIdentifier": "hp-security-alert@hp.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}