Details of VAR-201803-2212

ID

VAR-201803-2212

CVE

CVE-2018-7519

TITLE

Omron CX-Supervisor Heap Buffer Overflow Vulnerability

Trust: 0.8

sources: IVD: e2e637c0-39ab-11e9-a2ae-000c29342cb1 // CNVD: CNVD-2018-05314

DESCRIPTION

In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a heap-based buffer overflow. * * Uninitialized pointer access (CWE-824) - CVE-2018-7515 There is a possibility of accessing an uninitialized pointer due to the processing of a specially crafted packet. * * Write outside memory boundary (CWE-787) - CVE-2018-7517 ∙ There is a possibility of writing outside the memory boundary due to processing of a specially crafted project file. * * Freed memory used (CWE-416) - CVE-2018-7521 This is a vulnerability in the use of released memory due to processing of specially crafted project files. * * Memory double release (CWE-415) - CVE-2018-7523 This is a memory double release vulnerability caused by processing of specially crafted project files. * * Untrusted pointer reference (CWE-822) - CVE-2018-7525 There is a possibility of referring to untrusted pointers due to processing of specially crafted packets.A remote attacker could execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of SCS project files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. CX-Supervisor is a Miscellaneous Shareware software. CX-Supervisor is dedicated to the design and operation of PC visualization and machine control. Omron CX-Supervisor is prone to the following security vulnerabilities: 1. A stack-based buffer-overflow vulnerability 2. A heap-based buffer-overflow vulnerability 3. Omron CX-Supervisor Versions 3.30 and prior are vulnerable; other versions may also be affected. Omron CX-Supervisor is a visual machine controller produced by Omron Corporation of Japan

Trust: 3.33

sources: NVD: CVE-2018-7519 // JVNDB: JVNDB-2018-001951 // ZDI: ZDI-18-261 // CNVD: CNVD-2018-05314 // BID: 103394 // IVD: e2e637c0-39ab-11e9-a2ae-000c29342cb1 // VULHUB: VHN-137551

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2e637c0-39ab-11e9-a2ae-000c29342cb1 // CNVD: CNVD-2018-05314

AFFECTED PRODUCTS

vendor:	omron	model:	cx-supervisor	scope:	lte	version:	3.30	Trust: 1.0
vendor:	omron	model:	cx-supervisor	scope:	eq	version:	3.30	Trust: 0.9
vendor:	omron	model:	cx-supervisor	scope:	lte	version:	version 3.30	Trust: 0.8
vendor:	omron	model:	cx-supervisor	scope:	-	version:	-	Trust: 0.7
vendor:	omron	model:	cx-supervisor	scope:	lte	version:	<=3.30	Trust: 0.6
vendor:	omron	model:	cx-supervisor	scope:	ne	version:	3.4.1	Trust: 0.3
vendor:	cx supervisor	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2e637c0-39ab-11e9-a2ae-000c29342cb1 // ZDI: ZDI-18-261 // CNVD: CNVD-2018-05314 // BID: 103394 // JVNDB: JVNDB-2018-001951 // CNNVD: CNNVD-201803-657 // NVD: CVE-2018-7519

CVSS

SEVERITY

CVSSV2

CVSSV3

JPCERT/CC:	JVNDB-2018-001951
value:	MEDIUM
Trust: 5.6
nvd@nist.gov:	CVE-2018-7519
value:	MEDIUM
Trust: 1.0
ZDI:	CVE-2018-7519
value:	MEDIUM
Trust: 0.7
CNVD:	CNVD-2018-05314
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201803-657
value:	MEDIUM
Trust: 0.6
IVD:	e2e637c0-39ab-11e9-a2ae-000c29342cb1
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-137551
value:	MEDIUM
Trust: 0.1

JPCERT/CC:	JVNDB-2018-001951
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 5.6
nvd@nist.gov:	CVE-2018-7519
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
ZDI:	CVE-2018-7519
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
CNVD:	CNVD-2018-05314
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2e637c0-39ab-11e9-a2ae-000c29342cb1
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-137551
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

JPCERT/CC:	JVNDB-2018-001951
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 5.6
nvd@nist.gov:	CVE-2018-7519
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	1.8
impactScore:	3.4
version:	3.1
Trust: 1.0

sources: IVD: e2e637c0-39ab-11e9-a2ae-000c29342cb1 // ZDI: ZDI-18-261 // CNVD: CNVD-2018-05314 // VULHUB: VHN-137551 // JVNDB: JVNDB-2018-001951 // JVNDB: JVNDB-2018-001951 // JVNDB: JVNDB-2018-001951 // JVNDB: JVNDB-2018-001951 // JVNDB: JVNDB-2018-001951 // JVNDB: JVNDB-2018-001951 // JVNDB: JVNDB-2018-001951 // CNNVD: CNNVD-201803-657 // NVD: CVE-2018-7519

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.9
problemtype:	CWE-122	Trust: 1.8
problemtype:	CWE-121	Trust: 0.8
problemtype:	CWE-416	Trust: 0.8
problemtype:	CWE-824	Trust: 0.8
problemtype:	CWE-822	Trust: 0.8
problemtype:	CWE-415	Trust: 0.8
problemtype:	CWE-119	Trust: 0.1

sources: VULHUB: VHN-137551 // JVNDB: JVNDB-2018-001951 // NVD: CVE-2018-7519

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201803-657

TYPE

Buffer error

Trust: 0.8

sources: IVD: e2e637c0-39ab-11e9-a2ae-000c29342cb1 // CNNVD: CNNVD-201803-657

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-001951

PATCH

title:	Release Notes For CX-Supervisor 3.4.1	url:	https://www.myomron.com/index.php?action=kb&article=1707	Trust: 0.8
title:	OMRON has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01	Trust: 0.7
title:	Omron CX-Supervisor Patch Buffer Overflow Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/121529	Trust: 0.6
title:	Omron CX-Supervisor Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79276	Trust: 0.6

sources: ZDI: ZDI-18-261 // CNVD: CNVD-2018-05314 // JVNDB: JVNDB-2018-001951 // CNNVD: CNNVD-201803-657

EXTERNAL IDS

db:	NVD	id:	CVE-2018-7519	Trust: 4.3
db:	ICS CERT	id:	ICSA-18-072-01	Trust: 3.4
db:	BID	id:	103394	Trust: 2.0
db:	CNVD	id:	CNVD-2018-05314	Trust: 0.8
db:	CNNVD	id:	CNNVD-201803-657	Trust: 0.8
db:	JVN	id:	JVNVU95051832	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-001951	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-5384	Trust: 0.7
db:	ZDI	id:	ZDI-18-261	Trust: 0.7
db:	IVD	id:	E2E637C0-39AB-11E9-A2AE-000C29342CB1	Trust: 0.2
db:	VULHUB	id:	VHN-137551	Trust: 0.1

sources: IVD: e2e637c0-39ab-11e9-a2ae-000c29342cb1 // ZDI: ZDI-18-261 // CNVD: CNVD-2018-05314 // VULHUB: VHN-137551 // BID: 103394 // JVNDB: JVNDB-2018-001951 // CNNVD: CNNVD-201803-657 // NVD: CVE-2018-7519

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-072-01	Trust: 4.1
url:	http://www.securityfocus.com/bid/103394	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7517	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7519	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7521	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7523	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7525	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7513	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7515	Trust: 0.8
url:	https://ics-cert.us-cert.gov/recommended-practices	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu95051832/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7515	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7517	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7519	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7521	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7523	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7525	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7513	Trust: 0.8
url:	https://industrial.omron.eu/	Trust: 0.3

sources: ZDI: ZDI-18-261 // CNVD: CNVD-2018-05314 // VULHUB: VHN-137551 // BID: 103394 // JVNDB: JVNDB-2018-001951 // CNNVD: CNNVD-201803-657 // NVD: CVE-2018-7519

CREDITS

rgod

Trust: 0.7

sources: ZDI: ZDI-18-261

SOURCES

db:	IVD	id:	e2e637c0-39ab-11e9-a2ae-000c29342cb1
db:	ZDI	id:	ZDI-18-261
db:	CNVD	id:	CNVD-2018-05314
db:	VULHUB	id:	VHN-137551
db:	BID	id:	103394
db:	JVNDB	id:	JVNDB-2018-001951
db:	CNNVD	id:	CNNVD-201803-657
db:	NVD	id:	CVE-2018-7519

LAST UPDATE DATE

2024-11-23T21:39:28.648000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-18-261	date:	2018-03-23T00:00:00
db:	CNVD	id:	CNVD-2018-05314	date:	2018-03-15T00:00:00
db:	VULHUB	id:	VHN-137551	date:	2020-10-02T00:00:00
db:	BID	id:	103394	date:	2018-03-13T00:00:00
db:	JVNDB	id:	JVNDB-2018-001951	date:	2018-08-22T00:00:00
db:	CNNVD	id:	CNNVD-201803-657	date:	2020-10-09T00:00:00
db:	NVD	id:	CVE-2018-7519	date:	2024-11-21T04:12:17.167

SOURCES RELEASE DATE

db:	IVD	id:	e2e637c0-39ab-11e9-a2ae-000c29342cb1	date:	2018-03-15T00:00:00
db:	ZDI	id:	ZDI-18-261	date:	2018-03-23T00:00:00
db:	CNVD	id:	CNVD-2018-05314	date:	2018-03-15T00:00:00
db:	VULHUB	id:	VHN-137551	date:	2018-03-21T00:00:00
db:	BID	id:	103394	date:	2018-03-13T00:00:00
db:	JVNDB	id:	JVNDB-2018-001951	date:	2018-03-16T00:00:00
db:	CNNVD	id:	CNNVD-201803-657	date:	2018-03-19T00:00:00
db:	NVD	id:	CVE-2018-7519	date:	2018-03-21T20:29:01.247