PatchSiren

PatchSiren cyber security CVE debrief

CVE-2015-4049 Unisys CVE debrief

CVE-2015-4049 describes a remotely reachable, authenticated issue in Unisys MCP-FIRMWARE 40.0 before 40.0IC4 Build 270 on Libra 43xx/63xx/83xx and FS600 class systems. Under the reported conditions, use of program operators during EPSILON (level 5) based codefiles at peak memory usage can trigger CPM stack corruption, resulting in data corruption or a system crash.

Vendor
Unisys
Product
CVE-2015-4049
CVSS
MEDIUM 6.8
CISA KEV
Not listed in stored evidence
Original CVE published
2017-02-03
Original CVE updated
2026-05-13
Advisory published
2017-02-03
Advisory updated
2026-05-13

Who should care

Organizations operating affected Unisys Libra 43xx, 63xx, 83xx, or FS600 class systems with MCP-FIRMWARE 40.0 should review exposure, especially teams responsible for firmware lifecycle, system operations, and access control for authenticated operators.

Technical summary

NVD lists the weakness as CWE-119 and provides CVSS v3.0 vector AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H, indicating a network-reachable issue that requires low privileges and higher attack complexity, with integrity and availability impact. The vendor-linked description states that remote authenticated users may be able to cause denial of service via CPM stack corruption when program operators are used during EPSILON (level 5) based codefiles at peak memory usage. The affected version range is MCP-FIRMWARE 40.0 before 40.0IC4 Build 270.

Defensive priority

Medium. The issue is authenticated and complex to trigger, but it can still lead to corruption or crash on affected systems. Prioritize remediation if these systems are internet-facing, support critical workloads, or are difficult to recover from without service impact.

Recommended defensive actions

  • Inventory Unisys Libra 43xx/63xx/83xx and FS600 class systems to determine whether MCP-FIRMWARE 40.0 is deployed.
  • Apply the vendor-fixed MCP-FIRMWARE release identified in the advisory: 40.0IC4 Build 270 or later, if available in your maintenance channel.
  • Restrict authenticated access to only necessary operator accounts and review privilege assignments for program-operator functionality.
  • Monitor affected systems for unexpected crashes, corruption symptoms, or abnormal behavior during peak memory usage conditions.
  • Validate backups, recovery procedures, and rollback options before maintenance on production systems.
  • Review the vendor advisory and NVD entry for any product-specific deployment guidance.

Evidence notes

Source corpus and official links support the affected products, version boundary, attack conditions, and impact. NVD metadata identifies the vulnerable CPE as Unisys MCP-FIRMWARE 40.0 and classifies the issue as CWE-119 with CVSS v3.0 AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H. The vendor advisory reference states the affected Unisys Libra and FS600 class systems and the 40.0 before 40.0IC4 Build 270 boundary, and describes CPM stack corruption leading to data corruption or system crash.

Official resources

CVE published by the source record on 2017-02-03T19:59:00.127Z and last modified on 2026-05-13T00:24:29.033Z. This debrief uses the CVE publication timestamp for timing context.