Details of VAR-201811-0098

ID

VAR-201811-0098

CVE

CVE-2018-17905

TITLE

OMRON CX-Supervisor Multiple vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2018-008493

DESCRIPTION

When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior and tampering with a specific byte, memory corruption may occur within a specific object. Provided by OMRON Corporation CX-Supervisor Contains the following multiple vulnerabilities: * * Buffer overflow (CWE-119) - CVE-2018-17905 Processing a specially crafted project file causes memory corruption * * Read out of bounds (CWE-125) - CVE-2018-17907  Reading out-of-array values by processing a specially crafted project file * * Use of freed memory (Use-after-free) (CWE-416) - CVE-2018-17909 Processing arbitrary crafted project files results in arbitrary code execution * * Bad type conversion or cast (Incorrect Type Conversion or Cast) (CWE-704) - CVE-2018-17913 Processing arbitrary crafted project files results in arbitrary code executionA remote attacker could execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Omron CX-Supervisor is prone to the following security vulnerabilities: 1. Multiple remote code-execution vulnerabilities 2. A memory-corruption vulnerability 3. Omron CX-Supervisor is a visual machine controller produced by Omron Corporation of Japan. A buffer error vulnerability exists in Omron CX-Supervisor 3.4.1.0 and earlier

Trust: 2.61

sources: NVD: CVE-2018-17905 // JVNDB: JVNDB-2018-008493 // ZDI: ZDI-18-1287 // BID: 105691 // VULHUB: VHN-128411

AFFECTED PRODUCTS

vendor:	omron	model:	cx-supervisor	scope:	lte	version:	3.4.1.0	Trust: 1.0
vendor:	omron	model:	cx-supervisor	scope:	lte	version:	version 3.4.1	Trust: 0.8
vendor:	omron	model:	cx-supervisor	scope:	-	version:	-	Trust: 0.7
vendor:	omron	model:	cx-supervisor	scope:	eq	version:	3.4.1.0	Trust: 0.6
vendor:	omron	model:	cx-supervisor	scope:	eq	version:	3.4.1	Trust: 0.3
vendor:	omron	model:	cx-supervisor	scope:	ne	version:	3.4.2	Trust: 0.3

sources: ZDI: ZDI-18-1287 // BID: 105691 // JVNDB: JVNDB-2018-008493 // CNNVD: CNNVD-201810-1023 // NVD: CVE-2018-17905

CVSS

SEVERITY

CVSSV2

CVSSV3

JPCERT/CC:	JVNDB-2018-008493
value:	MEDIUM
Trust: 1.6
nvd@nist.gov:	CVE-2018-17905
value:	HIGH
Trust: 1.0
JPCERT/CC:	JVNDB-2018-008493
value:	HIGH
Trust: 0.8
JPCERT/CC:	JVNDB-2018-008493
value:	LOW
Trust: 0.8
ZDI:	CVE-2018-17905
value:	MEDIUM
Trust: 0.7
CNNVD:	CNNVD-201810-1023
value:	HIGH
Trust: 0.6
VULHUB:	VHN-128411
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-17905
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.7
JPCERT/CC:	JVNDB-2018-008493
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.6
JPCERT/CC:	JVNDB-2018-008493
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
JPCERT/CC:	JVNDB-2018-008493
severity:	LOW
baseScore:	1.9
vectorString:	AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-128411
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

JPCERT/CC:	JVNDB-2018-008493
baseSeverity:	MEDIUM
baseScore:	4.5
vectorString:	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 1.6
nvd@nist.gov:	CVE-2018-17905
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.0
JPCERT/CC:	JVNDB-2018-008493
baseSeverity:	HIGH
baseScore:	7.0
vectorString:	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
JPCERT/CC:	JVNDB-2018-008493
baseSeverity:	LOW
baseScore:	2.5
vectorString:	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: ZDI: ZDI-18-1287 // VULHUB: VHN-128411 // JVNDB: JVNDB-2018-008493 // JVNDB: JVNDB-2018-008493 // JVNDB: JVNDB-2018-008493 // JVNDB: JVNDB-2018-008493 // CNNVD: CNNVD-201810-1023 // NVD: CVE-2018-17905

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.1

sources: VULHUB: VHN-128411 // NVD: CVE-2018-17905

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201810-1023

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201810-1023

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-008493

PATCH

title:	Release Notes For CX-Supervisor 3.4.2	url:	https://www.myomron.com/index.php?article=1709&action=kb	Trust: 0.8
title:	OMRON has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-18-290-01	Trust: 0.7
title:	Omron CX-Supervisor Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86087	Trust: 0.6

sources: ZDI: ZDI-18-1287 // JVNDB: JVNDB-2018-008493 // CNNVD: CNNVD-201810-1023

EXTERNAL IDS

db:	NVD	id:	CVE-2018-17905	Trust: 3.5
db:	ICS CERT	id:	ICSA-18-290-01	Trust: 2.8
db:	BID	id:	105691	Trust: 2.0
db:	JVN	id:	JVNVU99213938	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-008493	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-6401	Trust: 0.7
db:	ZDI	id:	ZDI-18-1287	Trust: 0.7
db:	CNNVD	id:	CNNVD-201810-1023	Trust: 0.7
db:	VULHUB	id:	VHN-128411	Trust: 0.1

sources: ZDI: ZDI-18-1287 // VULHUB: VHN-128411 // BID: 105691 // JVNDB: JVNDB-2018-008493 // CNNVD: CNNVD-201810-1023 // NVD: CVE-2018-17905

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-290-01	Trust: 2.7
url:	http://www.securityfocus.com/bid/105691	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17909	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17913	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17905	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17907	Trust: 0.8
url:	http://www.us-cert.gov/control_systems/pdf/icsa-18-290-01.pdf	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu99213938/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-17905	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-17907	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-17909	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-17913	Trust: 0.8
url:	https://industrial.omron.eu/	Trust: 0.3

sources: ZDI: ZDI-18-1287 // VULHUB: VHN-128411 // BID: 105691 // JVNDB: JVNDB-2018-008493 // CNNVD: CNNVD-201810-1023 // NVD: CVE-2018-17905

CREDITS

b0nd @garage4hackers

Trust: 0.7

sources: ZDI: ZDI-18-1287

SOURCES

db:	ZDI	id:	ZDI-18-1287
db:	VULHUB	id:	VHN-128411
db:	BID	id:	105691
db:	JVNDB	id:	JVNDB-2018-008493
db:	CNNVD	id:	CNNVD-201810-1023
db:	NVD	id:	CVE-2018-17905

LAST UPDATE DATE

2024-11-23T21:38:03.120000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-18-1287	date:	2018-10-17T00:00:00
db:	VULHUB	id:	VHN-128411	date:	2019-10-09T00:00:00
db:	BID	id:	105691	date:	2018-10-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-008493	date:	2019-07-26T00:00:00
db:	CNNVD	id:	CNNVD-201810-1023	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-17905	date:	2024-11-21T03:55:10.790

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-18-1287	date:	2018-10-17T00:00:00
db:	VULHUB	id:	VHN-128411	date:	2018-11-05T00:00:00
db:	BID	id:	105691	date:	2018-10-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-008493	date:	2018-10-19T00:00:00
db:	CNNVD	id:	CNNVD-201810-1023	date:	2018-10-18T00:00:00
db:	NVD	id:	CVE-2018-17905	date:	2018-11-05T23:29:00.223