Sign-up

ID

VAR-201005-0439


TITLE

Several EUR Form/EUR Products Arbitrary Code Execution Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2010-001395

DESCRIPTION

An arbitrary code execution vulnerability exists in several EUR Form and EUR products.A remote attacker could execute arbitrary code through the affected web pages. There are currently no detailed vulnerability details available, and the vulnerability can execute arbitrary code in the security context of an application (such as Internet Explorer). Failed exploit attempts will result in a denial-of-service condition. ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. Internet Explorer. Please see the vendor's advisory for a patch matrix. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Hitachi: http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-003/index.html OTHER REFERENCES: JVN: http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-001395.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.62

sources: JVNDB: JVNDB-2010-001395 // CNVD: CNVD-2010-0897 // BID: 40216 // PACKETSTORM: 89615

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2010-0897

AFFECTED PRODUCTS

vendor:hitachimodel:electronic form workflowscope:eqversion:developer client set

Trust: 0.8

vendor:hitachimodel:electronic form workflowscope:eqversion:developer set

Trust: 0.8

vendor:hitachimodel:electronic form workflowscope:eqversion:professional library set

Trust: 0.8

vendor:hitachimodel:electronic form workflowscope:eqversion:professional set

Trust: 0.8

vendor:hitachimodel:electronic form workflowscope:eqversion:set

Trust: 0.8

vendor:hitachimodel:electronic form workflowscope:eqversion:standard set

Trust: 0.8

vendor:hitachimodel:eur form clientscope: - version: -

Trust: 0.8

vendor:hitachimodel:eur form servicescope: - version: -

Trust: 0.8

vendor:hitachimodel:eur professional editionscope: - version: -

Trust: 0.8

vendor:hitachimodel:eur professional editionscope:eqversion:- form option

Trust: 0.8

vendor:hitachimodel:ucosminexus eur developerscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus eur form controlscope:eqversion:- developer's kit

Trust: 0.8

vendor:hitachimodel:ucosminexus eur form controlscope:eqversion:- runtime

Trust: 0.8

vendor:hitachimodel:ucosminexus eur form servicescope: - version: -

Trust: 0.8

vendor:hitachimodel:eur professional edition versionscope:eqversion:7.x

Trust: 0.6

vendor:hitachimodel:eur form clientscope:eqversion:5.x

Trust: 0.6

vendor:hitachimodel:eur form servicescope:eqversion:5.x

Trust: 0.6

vendor:hitachimodel:eur professional edition form optionscope:eqversion:-5.x

Trust: 0.6

vendor:hitachimodel:ucosminexus eur developerscope:eqversion:8.x

Trust: 0.6

vendor:hitachimodel:ucosminexus eur form control developer's kitscope:eqversion:-5.x

Trust: 0.6

vendor:hitachimodel:ucosminexus eur form control runtimescope:eqversion:-5.x

Trust: 0.6

vendor:hitachimodel:ucosminexus eur form servicescope:eqversion:7.x

Trust: 0.6

vendor:hitachimodel:ucosminexus eur form servicescope:eqversion:0

Trust: 0.3

vendor:hitachimodel:ucosminexus eur form control runtimescope:eqversion:-0

Trust: 0.3

vendor:hitachimodel:ucosminexus eur form control developer's kitscope:eqversion:-0

Trust: 0.3

vendor:hitachimodel:ucosminexus eur developerscope:eqversion:0

Trust: 0.3

vendor:hitachimodel:eur professional edition form optionscope:eqversion:-0

Trust: 0.3

vendor:hitachimodel:eur professional editionscope:eqversion:0

Trust: 0.3

vendor:hitachimodel:eur form servicescope:eqversion:0

Trust: 0.3

vendor:hitachimodel:eur form clientscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2010-0897 // BID: 40216 // JVNDB: JVNDB-2010-001395

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA: JVNDB-2010-001395
value: HIGH

Trust: 0.8

IPA: JVNDB-2010-001395
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

sources: JVNDB: JVNDB-2010-001395

THREAT TYPE

network

Trust: 0.3

sources: BID: 40216

TYPE

Unknown

Trust: 0.3

sources: BID: 40216

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-001395

PATCH
title:HS10-003url:http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs10-003/index.html
Trust: 0.8
title:Hitachi EUR product code execution patchurl:https://www.cnvd.org.cn/patchinfo/show/408
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2010-0897 // 
            
            
            
            JVNDB: JVNDB-2010-001395

EXTERNAL IDS
db:HITACHIid:HS10-003
Trust: 1.0
db:JVNDBid:JVNDB-2010-001395
Trust: 0.9
db:CNVDid:CNVD-2010-0897
Trust: 0.6
db:BIDid:40216
Trust: 0.3
db:SECUNIAid:39855
Trust: 0.3
db:PACKETSTORMid:89615
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2010-0897 // 
            
            
            
            BID: 40216 // 
            
            
            
            JVNDB: JVNDB-2010-001395 // 
            
            
            
            PACKETSTORM: 89615

REFERENCES
url:http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs10-003/index.htmlhttp
Trust: 0.6
url:http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs10-003/index.html
Trust: 0.4
url:http://www.hitachi.com/index.html
Trust: 0.3
url:http://secunia.com/company/jobs/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://jvndb.jvn.jp/en/contents/2010/jvndb-2010-001395.html
Trust: 0.1
url:http://secunia.com/advisories/39855/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2010-0897 // 
            
            
            
            BID: 40216 // 
            
            
            
            PACKETSTORM: 89615

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 40216

SOURCES
db:CNVDid:CNVD-2010-0897
db:BIDid:40216
db:JVNDBid:JVNDB-2010-001395
db:PACKETSTORMid:89615

LAST UPDATE DATE
2022-05-17T01:45:44.666000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2010-0897date:2010-05-19T00:00:00
db:BIDid:40216date:2010-04-28T00:00:00
db:JVNDBid:JVNDB-2010-001395date:2010-05-18T00:00:00

SOURCES RELEASE DATE
db:CNVDid:CNVD-2010-0897date:2010-05-19T00:00:00
db:BIDid:40216date:2010-04-28T00:00:00
db:JVNDBid:JVNDB-2010-001395date:2010-05-18T00:00:00
db:PACKETSTORMid:89615date:2010-05-18T15:00:28