ID

VAR-201005-0439


TITLE

Several EUR Form/EUR Products Arbitrary Code Execution Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2010-001395

DESCRIPTION

An arbitrary code execution vulnerability exists in several EUR Form and EUR products.A remote attacker could execute arbitrary code through the affected web pages. There are currently no detailed vulnerability details available, and the vulnerability can execute arbitrary code in the security context of an application (such as Internet Explorer). Failed exploit attempts will result in a denial-of-service condition. ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. Internet Explorer. Please see the vendor's advisory for a patch matrix. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Hitachi: http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-003/index.html OTHER REFERENCES: JVN: http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-001395.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.62

sources: JVNDB: JVNDB-2010-001395 // CNVD: CNVD-2010-0897 // BID: 40216 // PACKETSTORM: 89615

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2010-0897

AFFECTED PRODUCTS

vendor:hitachimodel:electronic form workflowscope:eqversion:developer client set

Trust: 0.8

vendor:hitachimodel:electronic form workflowscope:eqversion:developer set

Trust: 0.8

vendor:hitachimodel:electronic form workflowscope:eqversion:professional library set

Trust: 0.8

vendor:hitachimodel:electronic form workflowscope:eqversion:professional set

Trust: 0.8

vendor:hitachimodel:electronic form workflowscope:eqversion:set

Trust: 0.8

vendor:hitachimodel:electronic form workflowscope:eqversion:standard set

Trust: 0.8

vendor:hitachimodel:eur form clientscope: - version: -

Trust: 0.8

vendor:hitachimodel:eur form servicescope: - version: -

Trust: 0.8

vendor:hitachimodel:eur professional editionscope: - version: -

Trust: 0.8

vendor:hitachimodel:eur professional editionscope:eqversion:- form option

Trust: 0.8

vendor:hitachimodel:ucosminexus eur developerscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus eur form controlscope:eqversion:- developer's kit

Trust: 0.8

vendor:hitachimodel:ucosminexus eur form controlscope:eqversion:- runtime

Trust: 0.8

vendor:hitachimodel:ucosminexus eur form servicescope: - version: -

Trust: 0.8

vendor:hitachimodel:eur professional edition versionscope:eqversion:7.x

Trust: 0.6

vendor:hitachimodel:eur form clientscope:eqversion:5.x

Trust: 0.6

vendor:hitachimodel:eur form servicescope:eqversion:5.x

Trust: 0.6

vendor:hitachimodel:eur professional edition form optionscope:eqversion:-5.x

Trust: 0.6

vendor:hitachimodel:ucosminexus eur developerscope:eqversion:8.x

Trust: 0.6

vendor:hitachimodel:ucosminexus eur form control developer's kitscope:eqversion:-5.x

Trust: 0.6

vendor:hitachimodel:ucosminexus eur form control runtimescope:eqversion:-5.x

Trust: 0.6

vendor:hitachimodel:ucosminexus eur form servicescope:eqversion:7.x

Trust: 0.6

vendor:hitachimodel:ucosminexus eur form servicescope:eqversion:0

Trust: 0.3

vendor:hitachimodel:ucosminexus eur form control runtimescope:eqversion:-0

Trust: 0.3

vendor:hitachimodel:ucosminexus eur form control developer's kitscope:eqversion:-0

Trust: 0.3

vendor:hitachimodel:ucosminexus eur developerscope:eqversion:0

Trust: 0.3

vendor:hitachimodel:eur professional edition form optionscope:eqversion:-0

Trust: 0.3

vendor:hitachimodel:eur professional editionscope:eqversion:0

Trust: 0.3

vendor:hitachimodel:eur form servicescope:eqversion:0

Trust: 0.3

vendor:hitachimodel:eur form clientscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2010-0897 // BID: 40216 // JVNDB: JVNDB-2010-001395

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA: JVNDB-2010-001395
value: HIGH

Trust: 0.8

IPA: JVNDB-2010-001395
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

sources: JVNDB: JVNDB-2010-001395

THREAT TYPE

network

Trust: 0.3

sources: BID: 40216

TYPE

Unknown

Trust: 0.3

sources: BID: 40216

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-001395

PATCH

title:HS10-003url:http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs10-003/index.html

Trust: 0.8

title:Hitachi EUR product code execution patchurl:https://www.cnvd.org.cn/patchinfo/show/408

Trust: 0.6

sources: CNVD: CNVD-2010-0897 // JVNDB: JVNDB-2010-001395

EXTERNAL IDS

db:HITACHIid:HS10-003

Trust: 1.0

db:JVNDBid:JVNDB-2010-001395

Trust: 0.9

db:CNVDid:CNVD-2010-0897

Trust: 0.6

db:BIDid:40216

Trust: 0.3

db:SECUNIAid:39855

Trust: 0.3

db:PACKETSTORMid:89615

Trust: 0.1

sources: CNVD: CNVD-2010-0897 // BID: 40216 // JVNDB: JVNDB-2010-001395 // PACKETSTORM: 89615

REFERENCES

url:http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs10-003/index.htmlhttp

Trust: 0.6

url:http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs10-003/index.html

Trust: 0.4

url:http://www.hitachi.com/index.html

Trust: 0.3

url:http://secunia.com/company/jobs/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://jvndb.jvn.jp/en/contents/2010/jvndb-2010-001395.html

Trust: 0.1

url:http://secunia.com/advisories/39855/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

sources: CNVD: CNVD-2010-0897 // BID: 40216 // PACKETSTORM: 89615

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 40216

SOURCES

db:CNVDid:CNVD-2010-0897
db:BIDid:40216
db:JVNDBid:JVNDB-2010-001395
db:PACKETSTORMid:89615

LAST UPDATE DATE

2022-05-17T01:45:44.666000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2010-0897date:2010-05-19T00:00:00
db:BIDid:40216date:2010-04-28T00:00:00
db:JVNDBid:JVNDB-2010-001395date:2010-05-18T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2010-0897date:2010-05-19T00:00:00
db:BIDid:40216date:2010-04-28T00:00:00
db:JVNDBid:JVNDB-2010-001395date:2010-05-18T00:00:00
db:PACKETSTORMid:89615date:2010-05-18T15:00:28