CVE-2014-7895
Summary
| CVE | CVE-2014-7895 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-03-09 17:59:00 UTC |
| Updated | 2019-10-09 23:12:00 UTC |
| Description | The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSCashDrawer.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, Value Serial/USB Receipt printers, and USB Standard Duty cash drawers, aka ZDI-CAN-2505. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Hp | Hybrid Pos Printer With Micr Us Fk184aa | - | All | All | All |
| Hardware | Hp | Hybrid Pos Printer With Micr Us Fk184aa | - | All | All | All |
| Application | Hp | Ole Point Of Sale Driver | All | All | All | All |
| Hardware | Hp | Pusb Thermal Receipt Printer F7m67aa | - | All | All | All |
| Hardware | Hp | Pusb Thermal Receipt Printer F7m67aa | - | All | All | All |
| Hardware | Hp | Pusb Thermal Receipt Printer Fk224aa | - | All | All | All |
| Hardware | Hp | Pusb Thermal Receipt Printer Fk224aa | - | All | All | All |
| Hardware | Hp | Serialusb Thermal Receipt Printer Bm476aa | - | All | All | All |
| Hardware | Hp | Serialusb Thermal Receipt Printer Bm476aa | - | All | All | All |
| Hardware | Hp | Usb Standard Duty Cash Drawer E8e45aa | - | All | All | All |
| Hardware | Hp | Usb Standard Duty Cash Drawer E8e45aa | - | All | All | All |
| Hardware | Hp | Value Serial/usb Receipt Printer F7m66aa | - | All | All | All |
| Hardware | Hp | Value Serial/usb Receipt Printer F7m66aa | - | All | All | All |
| Hardware | Hp | Value Serial/usb Receipt Printer F7m66aa | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| HP Point of Sale PCs Have Unspecified Bugs That Let Remote Users Execute Arbitrary Code - SecurityTracker | SECTRACK | www.securitytracker.com | |
| SSRT101689 | HP | h20564.www2.hp.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.