Details of VAR-201803-2208

ID

VAR-201803-2208

CVE

CVE-2018-7513

TITLE

Omron CX-Supervisor Buffer Overflow Vulnerability

Trust: 0.8

sources: IVD: e2e610b1-39ab-11e9-a998-000c29342cb1 // CNVD: CNVD-2018-05313

DESCRIPTION

In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a stack-based buffer overflow. * * Uninitialized pointer access (CWE-824) - CVE-2018-7515 There is a possibility of accessing an uninitialized pointer due to the processing of a specially crafted packet. * * Write outside memory boundary (CWE-787) - CVE-2018-7517 ∙ There is a possibility of writing outside the memory boundary due to processing of a specially crafted project file. * * Freed memory used (CWE-416) - CVE-2018-7521 This is a vulnerability in the use of released memory due to processing of specially crafted project files. * * Memory double release (CWE-415) - CVE-2018-7523 This is a memory double release vulnerability caused by processing of specially crafted project files. * * Untrusted pointer reference (CWE-822) - CVE-2018-7525 There is a possibility of referring to untrusted pointers due to processing of specially crafted packets.A remote attacker could execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of SCS project files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. CX-Supervisor is a Miscellaneous Shareware software. CX-Supervisor is dedicated to the design and operation of PC visualization and machine control. A buffer overflow vulnerability exists in Omron CX-Supervisor 3.30 and earlier. Omron CX-Supervisor is prone to the following security vulnerabilities: 1. A stack-based buffer-overflow vulnerability 2. A heap-based buffer-overflow vulnerability 3. Omron CX-Supervisor Versions 3.30 and prior are vulnerable; other versions may also be affected. Omron CX-Supervisor is a visual machine controller produced by Omron Corporation of Japan

Trust: 3.33

sources: NVD: CVE-2018-7513 // JVNDB: JVNDB-2018-001951 // ZDI: ZDI-18-250 // CNVD: CNVD-2018-05313 // BID: 103394 // IVD: e2e610b1-39ab-11e9-a998-000c29342cb1 // VULHUB: VHN-137545

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2e610b1-39ab-11e9-a998-000c29342cb1 // CNVD: CNVD-2018-05313

AFFECTED PRODUCTS

vendor:	omron	model:	cx-supervisor	scope:	lte	version:	3.30	Trust: 1.0
vendor:	omron	model:	cx-supervisor	scope:	eq	version:	3.30	Trust: 0.9
vendor:	omron	model:	cx-supervisor	scope:	lte	version:	version 3.30	Trust: 0.8
vendor:	omron	model:	cx-supervisor	scope:	-	version:	-	Trust: 0.7
vendor:	omron	model:	cx-supervisor	scope:	lte	version:	<=3.30	Trust: 0.6
vendor:	omron	model:	cx-supervisor	scope:	ne	version:	3.4.1	Trust: 0.3
vendor:	cx supervisor	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2e610b1-39ab-11e9-a998-000c29342cb1 // ZDI: ZDI-18-250 // CNVD: CNVD-2018-05313 // BID: 103394 // JVNDB: JVNDB-2018-001951 // CNNVD: CNNVD-201803-651 // NVD: CVE-2018-7513

CVSS

SEVERITY

CVSSV2

CVSSV3

JPCERT/CC:	JVNDB-2018-001951
value:	MEDIUM
Trust: 5.6
nvd@nist.gov:	CVE-2018-7513
value:	MEDIUM
Trust: 1.0
ZDI:	CVE-2018-7513
value:	MEDIUM
Trust: 0.7
CNVD:	CNVD-2018-05313
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201803-651
value:	MEDIUM
Trust: 0.6
IVD:	e2e610b1-39ab-11e9-a998-000c29342cb1
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-137545
value:	MEDIUM
Trust: 0.1

JPCERT/CC:	JVNDB-2018-001951
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 5.6
nvd@nist.gov:	CVE-2018-7513
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
ZDI:	CVE-2018-7513
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
CNVD:	CNVD-2018-05313
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2e610b1-39ab-11e9-a998-000c29342cb1
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-137545
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

JPCERT/CC:	JVNDB-2018-001951
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 5.6
nvd@nist.gov:	CVE-2018-7513
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	1.8
impactScore:	3.4
version:	3.1
Trust: 1.0

sources: IVD: e2e610b1-39ab-11e9-a998-000c29342cb1 // ZDI: ZDI-18-250 // CNVD: CNVD-2018-05313 // VULHUB: VHN-137545 // JVNDB: JVNDB-2018-001951 // JVNDB: JVNDB-2018-001951 // JVNDB: JVNDB-2018-001951 // JVNDB: JVNDB-2018-001951 // JVNDB: JVNDB-2018-001951 // JVNDB: JVNDB-2018-001951 // JVNDB: JVNDB-2018-001951 // CNNVD: CNNVD-201803-651 // NVD: CVE-2018-7513

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.9
problemtype:	CWE-121	Trust: 1.8
problemtype:	CWE-122	Trust: 0.8
problemtype:	CWE-416	Trust: 0.8
problemtype:	CWE-824	Trust: 0.8
problemtype:	CWE-822	Trust: 0.8
problemtype:	CWE-415	Trust: 0.8
problemtype:	CWE-119	Trust: 0.1

sources: VULHUB: VHN-137545 // JVNDB: JVNDB-2018-001951 // NVD: CVE-2018-7513

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201803-651

TYPE

Buffer error

Trust: 0.8

sources: IVD: e2e610b1-39ab-11e9-a998-000c29342cb1 // CNNVD: CNNVD-201803-651

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-001951

PATCH

title:	Release Notes For CX-Supervisor 3.4.1	url:	https://www.myomron.com/index.php?action=kb&article=1707	Trust: 0.8
title:	OMRON has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01	Trust: 0.7
title:	Patch for Omron CX-Supervisor Buffer Overflow Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/121525	Trust: 0.6
title:	Omron CX-Supervisor Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79270	Trust: 0.6

sources: ZDI: ZDI-18-250 // CNVD: CNVD-2018-05313 // JVNDB: JVNDB-2018-001951 // CNNVD: CNNVD-201803-651

EXTERNAL IDS

db:	NVD	id:	CVE-2018-7513	Trust: 4.3
db:	ICS CERT	id:	ICSA-18-072-01	Trust: 3.4
db:	BID	id:	103394	Trust: 2.0
db:	CNNVD	id:	CNNVD-201803-651	Trust: 0.9
db:	CNVD	id:	CNVD-2018-05313	Trust: 0.8
db:	JVN	id:	JVNVU95051832	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-001951	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-5299	Trust: 0.7
db:	ZDI	id:	ZDI-18-250	Trust: 0.7
db:	IVD	id:	E2E610B1-39AB-11E9-A998-000C29342CB1	Trust: 0.2
db:	VULHUB	id:	VHN-137545	Trust: 0.1

sources: IVD: e2e610b1-39ab-11e9-a998-000c29342cb1 // ZDI: ZDI-18-250 // CNVD: CNVD-2018-05313 // VULHUB: VHN-137545 // BID: 103394 // JVNDB: JVNDB-2018-001951 // CNNVD: CNNVD-201803-651 // NVD: CVE-2018-7513

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-072-01	Trust: 4.1
url:	http://www.securityfocus.com/bid/103394	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7517	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7519	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7521	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7523	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7525	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7513	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7515	Trust: 0.8
url:	https://ics-cert.us-cert.gov/recommended-practices	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu95051832/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7515	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7517	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7519	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7521	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7523	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7525	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7513	Trust: 0.8
url:	https://industrial.omron.eu/	Trust: 0.3

sources: ZDI: ZDI-18-250 // CNVD: CNVD-2018-05313 // VULHUB: VHN-137545 // BID: 103394 // JVNDB: JVNDB-2018-001951 // CNNVD: CNNVD-201803-651 // NVD: CVE-2018-7513

CREDITS

rgod

Trust: 0.7

sources: ZDI: ZDI-18-250

SOURCES

db:	IVD	id:	e2e610b1-39ab-11e9-a998-000c29342cb1
db:	ZDI	id:	ZDI-18-250
db:	CNVD	id:	CNVD-2018-05313
db:	VULHUB	id:	VHN-137545
db:	BID	id:	103394
db:	JVNDB	id:	JVNDB-2018-001951
db:	CNNVD	id:	CNNVD-201803-651
db:	NVD	id:	CVE-2018-7513

LAST UPDATE DATE

2024-11-23T21:39:28.517000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-18-250	date:	2018-03-23T00:00:00
db:	CNVD	id:	CNVD-2018-05313	date:	2018-03-15T00:00:00
db:	VULHUB	id:	VHN-137545	date:	2020-10-02T00:00:00
db:	BID	id:	103394	date:	2018-03-13T00:00:00
db:	JVNDB	id:	JVNDB-2018-001951	date:	2018-08-22T00:00:00
db:	CNNVD	id:	CNNVD-201803-651	date:	2020-10-09T00:00:00
db:	NVD	id:	CVE-2018-7513	date:	2024-11-21T04:12:16.530

SOURCES RELEASE DATE

db:	IVD	id:	e2e610b1-39ab-11e9-a998-000c29342cb1	date:	2018-03-15T00:00:00
db:	ZDI	id:	ZDI-18-250	date:	2018-03-23T00:00:00
db:	CNVD	id:	CNVD-2018-05313	date:	2018-03-15T00:00:00
db:	VULHUB	id:	VHN-137545	date:	2018-03-21T00:00:00
db:	BID	id:	103394	date:	2018-03-13T00:00:00
db:	JVNDB	id:	JVNDB-2018-001951	date:	2018-03-16T00:00:00
db:	CNNVD	id:	CNNVD-201803-651	date:	2018-03-19T00:00:00
db:	NVD	id:	CVE-2018-7513	date:	2018-03-21T20:29:01.090