Details of VAR-201803-2215

ID

VAR-201803-2215

CVE

CVE-2018-7523

TITLE

OMRON CX-Supervisor Multiple vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2018-001951

DESCRIPTION

In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a double free vulnerability. Provided by OMRON Corporation CX-Supervisor Contains the following multiple vulnerabilities: * * Stack-based buffer overflow (CWE-121) - CVE-2018-7513 ∙ Stack-based buffer overflow may occur due to processing of specially crafted project files. * * Uninitialized pointer access (CWE-824) - CVE-2018-7515 There is a possibility of accessing an uninitialized pointer due to the processing of a specially crafted packet. * * Write outside memory boundary (CWE-787) - CVE-2018-7517 ∙ There is a possibility of writing outside the memory boundary due to processing of a specially crafted project file. * * Heap-based buffer overflow (CWE-122) - CVE-2018-7519 ∙ A heap-based buffer overflow may occur due to processing of a specially crafted project file. * * Untrusted pointer reference (CWE-822) - CVE-2018-7525 There is a possibility of referring to untrusted pointers due to processing of specially crafted packets.A remote attacker could execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of SCS project files. When parsing a malformed scatter chart object, the process does not properly validate the existence of an object prior to performing operations on it. An attacker can leverage this vulnerability to execute code under the context of the current process. CX-Supervisor is a Miscellaneous Shareware software. CX-Supervisor is dedicated to the design and operation of PC visualization and machine control. Omron CX-Supervisor is prone to the following security vulnerabilities: 1. A stack-based buffer-overflow vulnerability 2. A heap-based buffer-overflow vulnerability 3. Omron CX-Supervisor Versions 3.30 and prior are vulnerable; other versions may also be affected. Omron CX-Supervisor is a visual machine controller produced by Omron Corporation of Japan

Trust: 3.33

sources: NVD: CVE-2018-7523 // JVNDB: JVNDB-2018-001951 // ZDI: ZDI-18-254 // CNVD: CNVD-2018-05319 // BID: 103394 // IVD: e2e6acee-39ab-11e9-a49b-000c29342cb1 // VULHUB: VHN-137555

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2e6acee-39ab-11e9-a49b-000c29342cb1 // CNVD: CNVD-2018-05319

AFFECTED PRODUCTS

vendor:	omron	model:	cx-supervisor	scope:	lte	version:	3.30	Trust: 1.0
vendor:	omron	model:	cx-supervisor	scope:	eq	version:	3.30	Trust: 0.9
vendor:	omron	model:	cx-supervisor	scope:	lte	version:	version 3.30	Trust: 0.8
vendor:	omron	model:	cx-supervisor	scope:	-	version:	-	Trust: 0.7
vendor:	omron	model:	cx-supervisor	scope:	lte	version:	<=3.30	Trust: 0.6
vendor:	omron	model:	cx-supervisor	scope:	ne	version:	3.4.1	Trust: 0.3
vendor:	cx supervisor	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2e6acee-39ab-11e9-a49b-000c29342cb1 // ZDI: ZDI-18-254 // CNVD: CNVD-2018-05319 // BID: 103394 // JVNDB: JVNDB-2018-001951 // CNNVD: CNNVD-201803-654 // NVD: CVE-2018-7523

CVSS

SEVERITY

CVSSV2

CVSSV3

JPCERT/CC:	JVNDB-2018-001951
value:	MEDIUM
Trust: 5.6
nvd@nist.gov:	CVE-2018-7523
value:	MEDIUM
Trust: 1.0
ZDI:	CVE-2018-7523
value:	MEDIUM
Trust: 0.7
CNVD:	CNVD-2018-05319
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201803-654
value:	MEDIUM
Trust: 0.6
IVD:	e2e6acee-39ab-11e9-a49b-000c29342cb1
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-137555
value:	MEDIUM
Trust: 0.1

JPCERT/CC:	JVNDB-2018-001951
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 5.6
nvd@nist.gov:	CVE-2018-7523
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
ZDI:	CVE-2018-7523
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
CNVD:	CNVD-2018-05319
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2e6acee-39ab-11e9-a49b-000c29342cb1
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-137555
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

JPCERT/CC:	JVNDB-2018-001951
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 5.6
nvd@nist.gov:	CVE-2018-7523
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	1.8
impactScore:	3.4
version:	3.0
Trust: 1.0

sources: IVD: e2e6acee-39ab-11e9-a49b-000c29342cb1 // ZDI: ZDI-18-254 // CNVD: CNVD-2018-05319 // VULHUB: VHN-137555 // JVNDB: JVNDB-2018-001951 // JVNDB: JVNDB-2018-001951 // JVNDB: JVNDB-2018-001951 // JVNDB: JVNDB-2018-001951 // JVNDB: JVNDB-2018-001951 // JVNDB: JVNDB-2018-001951 // JVNDB: JVNDB-2018-001951 // CNNVD: CNNVD-201803-654 // NVD: CVE-2018-7523

PROBLEMTYPE DATA

problemtype:	CWE-415	Trust: 1.9
problemtype:	CWE-121	Trust: 0.8
problemtype:	CWE-122	Trust: 0.8
problemtype:	CWE-416	Trust: 0.8
problemtype:	CWE-787	Trust: 0.8
problemtype:	CWE-824	Trust: 0.8
problemtype:	CWE-822	Trust: 0.8

sources: VULHUB: VHN-137555 // JVNDB: JVNDB-2018-001951 // NVD: CVE-2018-7523

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201803-654

TYPE

Resource management error

Trust: 0.8

sources: IVD: e2e6acee-39ab-11e9-a49b-000c29342cb1 // CNNVD: CNNVD-201803-654

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-001951

PATCH

title:	Release Notes For CX-Supervisor 3.4.1	url:	https://www.myomron.com/index.php?action=kb&article=1707	Trust: 0.8
title:	OMRON has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01	Trust: 0.7
title:	Omron CX-Supervisor has an unspecified vulnerability (CNVD-2018-05319) patch	url:	https://www.cnvd.org.cn/patchInfo/show/121541	Trust: 0.6
title:	Omron CX-Supervisor Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79273	Trust: 0.6

sources: ZDI: ZDI-18-254 // CNVD: CNVD-2018-05319 // JVNDB: JVNDB-2018-001951 // CNNVD: CNNVD-201803-654

EXTERNAL IDS

db:	NVD	id:	CVE-2018-7523	Trust: 4.3
db:	ICS CERT	id:	ICSA-18-072-01	Trust: 3.4
db:	BID	id:	103394	Trust: 2.0
db:	CNNVD	id:	CNNVD-201803-654	Trust: 0.9
db:	CNVD	id:	CNVD-2018-05319	Trust: 0.8
db:	JVN	id:	JVNVU95051832	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-001951	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-5303	Trust: 0.7
db:	ZDI	id:	ZDI-18-254	Trust: 0.7
db:	IVD	id:	E2E6ACEE-39AB-11E9-A49B-000C29342CB1	Trust: 0.2
db:	VULHUB	id:	VHN-137555	Trust: 0.1

sources: IVD: e2e6acee-39ab-11e9-a49b-000c29342cb1 // ZDI: ZDI-18-254 // CNVD: CNVD-2018-05319 // VULHUB: VHN-137555 // BID: 103394 // JVNDB: JVNDB-2018-001951 // CNNVD: CNNVD-201803-654 // NVD: CVE-2018-7523

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-072-01	Trust: 4.1
url:	http://www.securityfocus.com/bid/103394	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7517	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7519	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7521	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7523	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7525	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7513	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7515	Trust: 0.8
url:	https://ics-cert.us-cert.gov/recommended-practices	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu95051832/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7515	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7517	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7519	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7521	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7523	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7525	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7513	Trust: 0.8
url:	https://industrial.omron.eu/	Trust: 0.3

sources: ZDI: ZDI-18-254 // CNVD: CNVD-2018-05319 // VULHUB: VHN-137555 // BID: 103394 // JVNDB: JVNDB-2018-001951 // CNNVD: CNNVD-201803-654 // NVD: CVE-2018-7523

CREDITS

rgod

Trust: 0.7

sources: ZDI: ZDI-18-254

SOURCES

db:	IVD	id:	e2e6acee-39ab-11e9-a49b-000c29342cb1
db:	ZDI	id:	ZDI-18-254
db:	CNVD	id:	CNVD-2018-05319
db:	VULHUB	id:	VHN-137555
db:	BID	id:	103394
db:	JVNDB	id:	JVNDB-2018-001951
db:	CNNVD	id:	CNNVD-201803-654
db:	NVD	id:	CVE-2018-7523

LAST UPDATE DATE

2024-11-23T21:39:28.696000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-18-254	date:	2018-03-23T00:00:00
db:	CNVD	id:	CNVD-2018-05319	date:	2018-03-15T00:00:00
db:	VULHUB	id:	VHN-137555	date:	2019-10-09T00:00:00
db:	BID	id:	103394	date:	2018-03-13T00:00:00
db:	JVNDB	id:	JVNDB-2018-001951	date:	2018-08-22T00:00:00
db:	CNNVD	id:	CNNVD-201803-654	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-7523	date:	2024-11-21T04:12:17.610

SOURCES RELEASE DATE

db:	IVD	id:	e2e6acee-39ab-11e9-a49b-000c29342cb1	date:	2018-03-15T00:00:00
db:	ZDI	id:	ZDI-18-254	date:	2018-03-23T00:00:00
db:	CNVD	id:	CNVD-2018-05319	date:	2018-03-15T00:00:00
db:	VULHUB	id:	VHN-137555	date:	2018-03-21T00:00:00
db:	BID	id:	103394	date:	2018-03-13T00:00:00
db:	JVNDB	id:	JVNDB-2018-001951	date:	2018-03-16T00:00:00
db:	CNNVD	id:	CNNVD-201803-654	date:	2018-03-19T00:00:00
db:	NVD	id:	CVE-2018-7523	date:	2018-03-21T20:29:01.340