CVE-2014-7895 - Vulnerability Details - OpenCVE

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSCashDrawer.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, Value Serial/USB Receipt printers, and USB Standard Duty cash drawers, aka ZDI-CAN-2505.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hp	Hybrid Pos Printer With Micr Us Fk184aa Ole Point Of Sale Driver Pusb Thermal Receipt Printer F7m67aa Pusb Thermal Receipt Printer Fk224aa Serialusb Thermal Receipt Printer Bm476aa Usb Standard Duty Cash Drawer E8e45aa Value Serial\/usb Receipt Printer F7m66aa

Configuration 1 [-]

AND

cpe:2.3:a:hp:ole_point_of_sale_driver:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:hp:hybrid_pos_printer_with_micr_us_fk184aa:-:::::::*
	cpe:2.3:h:hp:pusb_thermal_receipt_printer_f7m67aa:-:::::::*
	cpe:2.3:h:hp:pusb_thermal_receipt_printer_fk224aa:-:::::::*
	cpe:2.3:h:hp:serialusb_thermal_receipt_printer_bm476aa:-:::::::*
	cpe:2.3:h:hp:usb_standard_duty_cash_drawer_e8e45aa:-:::::::*
	cpe:2.3:h:hp:value_serial\/usb_receipt_printer_f7m66aa:-:::::::*

No data.

References

Link	Providers
http://www.securitytracker.com/id/1031840
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185

History

No history.

MITRE

Status: PUBLISHED

Assigner: hp

Published: 2015-03-09T17:00:00

Updated: 2024-08-06T13:03:27.577Z

Reserved: 2014-10-06T00:00:00

Link: CVE-2014-7895

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2015-03-09T17:59:07.453

Modified: 2025-04-12T10:46:40.837

Link: CVE-2014-7895

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-03-04T00:00:00", "descriptions": [{"lang": "en", "value": "The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSCashDrawer.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, Value Serial/USB Receipt printers, and USB Standard Duty cash drawers, aka ZDI-CAN-2505."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-03-10T13:57:00", "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "shortName": "hp"}, "references": [{"name": "1031840", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1031840"}, {"name": "SSRT101689", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185"}, {"name": "HPSBHF03279", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "hp-security-alert@hp.com", "ID": "CVE-2014-7895", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSCashDrawer.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, Value Serial/USB Receipt printers, and USB Standard Duty cash drawers, aka ZDI-CAN-2505."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1031840", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1031840"}, {"name": "SSRT101689", "refsource": "HP", "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185"}, {"name": "HPSBHF03279", "refsource": "HP", "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:03:27.577Z"}, "title": "CVE Program Container", "references": [{"name": "1031840", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1031840"}, {"name": "SSRT101689", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185"}, {"name": "HPSBHF03279", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185"}]}]}, "cveMetadata": {"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "assignerShortName": "hp", "cveId": "CVE-2014-7895", "datePublished": "2015-03-09T17:00:00", "dateReserved": "2014-10-06T00:00:00", "dateUpdated": "2024-08-06T13:03:27.577Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hp:ole_point_of_sale_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "F3BD6000-9ED7-4A61-A45D-030F2E428404", "versionEndIncluding": "1.13.001", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hp:hybrid_pos_printer_with_micr_us_fk184aa:-:*:*:*:*:*:*:*", "matchCriteriaId": "0F273671-0608-424F-8C12-C852C382F07A", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:pusb_thermal_receipt_printer_f7m67aa:-:*:*:*:*:*:*:*", "matchCriteriaId": "AEE0F849-97C5-4E55-9FB4-36E5C9240ED0", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:pusb_thermal_receipt_printer_fk224aa:-:*:*:*:*:*:*:*", "matchCriteriaId": "97307E86-5213-440C-8050-36854FC9024C", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:serialusb_thermal_receipt_printer_bm476aa:-:*:*:*:*:*:*:*", "matchCriteriaId": "8837FF71-C459-4A0B-B19C-7702407EEE43", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:usb_standard_duty_cash_drawer_e8e45aa:-:*:*:*:*:*:*:*", "matchCriteriaId": "322D3D82-C273-4A21-AA21-459D8A07CE8B", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:value_serial\\/usb_receipt_printer_f7m66aa:-:*:*:*:*:*:*:*", "matchCriteriaId": "67D8B24C-6FC3-4443-AD5F-187E0A22FCCC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSCashDrawer.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, Value Serial/USB Receipt printers, and USB Standard Duty cash drawers, aka ZDI-CAN-2505."}, {"lang": "es", "value": "Los controladores OLE Point of Sale (OPOS) anterior a 1.13.003 en los PCs de Windows HP Point of Sale permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores que involucran OPOSCashDrawer.ocx para las impresoras PUSB Thermal Receipt, las impresoras SerialUSB Thermal Receipt, las impresoras Hybrid POS con MICR, las impresoras Value PUSB Receipt, las impresoras Value Serial/USB Receipt, y las cajas de efectivo USB Standard Duty, tambi\u00e9n conocido como ZDI-CAN-2505."}], "id": "CVE-2014-7895", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-03-09T17:59:07.453", "references": [{"source": "hp-security-alert@hp.com", "url": "http://www.securitytracker.com/id/1031840"}, {"source": "hp-security-alert@hp.com", "tags": ["Vendor Advisory"], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185"}, {"source": "hp-security-alert@hp.com", "tags": ["Vendor Advisory"], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1031840"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185"}], "sourceIdentifier": "hp-security-alert@hp.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}