Details of VAR-201811-0103

ID

VAR-201811-0103

CVE

CVE-2018-17913

TITLE

OMRON CX-Supervisor Multiple vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2018-008493

DESCRIPTION

A type confusion vulnerability exists when processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, which may allow an attacker to execute code in the context of the application. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of SCS files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. Omron CX-Supervisor is prone to the following security vulnerabilities: 1. Multiple remote code-execution vulnerabilities 2. A memory-corruption vulnerability 3. Omron CX-Supervisor is a visual machine controller produced by Omron Corporation of Japan

Trust: 3.24

sources: NVD: CVE-2018-17913 // JVNDB: JVNDB-2018-008493 // ZDI: ZDI-18-1286 // ZDI: ZDI-18-1289 // BID: 105691 // VULHUB: VHN-128420

AFFECTED PRODUCTS

vendor:	omron	model:	cx-supervisor	scope:	-	version:	-	Trust: 1.4
vendor:	omron	model:	cx-supervisor	scope:	lte	version:	3.4.1.0	Trust: 1.0
vendor:	omron	model:	cx-supervisor	scope:	lte	version:	version 3.4.1	Trust: 0.8
vendor:	omron	model:	cx-supervisor	scope:	eq	version:	3.4.1.0	Trust: 0.6
vendor:	omron	model:	cx-supervisor	scope:	eq	version:	3.4.1	Trust: 0.3
vendor:	omron	model:	cx-supervisor	scope:	ne	version:	3.4.2	Trust: 0.3

sources: ZDI: ZDI-18-1286 // ZDI: ZDI-18-1289 // BID: 105691 // JVNDB: JVNDB-2018-008493 // CNNVD: CNNVD-201810-1026 // NVD: CVE-2018-17913

CVSS

SEVERITY

CVSSV2

CVSSV3

JPCERT/CC:	JVNDB-2018-008493
value:	MEDIUM
Trust: 1.6
nvd@nist.gov:	CVE-2018-17913
value:	HIGH
Trust: 1.0
JPCERT/CC:	JVNDB-2018-008493
value:	HIGH
Trust: 0.8
JPCERT/CC:	JVNDB-2018-008493
value:	LOW
Trust: 0.8
ZDI:	CVE-2018-17913
value:	MEDIUM
Trust: 0.7
ZDI:	CVE-2018-17913
value:	HIGH
Trust: 0.7
CNNVD:	CNNVD-201810-1026
value:	HIGH
Trust: 0.6
VULHUB:	VHN-128420
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-17913
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.7
JPCERT/CC:	JVNDB-2018-008493
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.6
JPCERT/CC:	JVNDB-2018-008493
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
JPCERT/CC:	JVNDB-2018-008493
severity:	LOW
baseScore:	1.9
vectorString:	AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-128420
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

JPCERT/CC:	JVNDB-2018-008493
baseSeverity:	MEDIUM
baseScore:	4.5
vectorString:	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 1.6
nvd@nist.gov:	CVE-2018-17913
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.0
JPCERT/CC:	JVNDB-2018-008493
baseSeverity:	HIGH
baseScore:	7.0
vectorString:	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
JPCERT/CC:	JVNDB-2018-008493
baseSeverity:	LOW
baseScore:	2.5
vectorString:	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2018-17913
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-18-1286 // ZDI: ZDI-18-1289 // VULHUB: VHN-128420 // JVNDB: JVNDB-2018-008493 // JVNDB: JVNDB-2018-008493 // JVNDB: JVNDB-2018-008493 // JVNDB: JVNDB-2018-008493 // CNNVD: CNNVD-201810-1026 // NVD: CVE-2018-17913

PROBLEMTYPE DATA

problemtype:

CWE-704

Trust: 1.1

sources: VULHUB: VHN-128420 // NVD: CVE-2018-17913

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201810-1026

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201810-1026

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-008493

PATCH

title:	OMRON has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-18-290-01	Trust: 1.4
title:	Release Notes For CX-Supervisor 3.4.2	url:	https://www.myomron.com/index.php?article=1709&action=kb	Trust: 0.8
title:	Omron CX-Supervisor Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86090	Trust: 0.6

sources: ZDI: ZDI-18-1286 // ZDI: ZDI-18-1289 // JVNDB: JVNDB-2018-008493 // CNNVD: CNNVD-201810-1026

EXTERNAL IDS

db:	NVD	id:	CVE-2018-17913	Trust: 4.2
db:	ICS CERT	id:	ICSA-18-290-01	Trust: 2.8
db:	BID	id:	105691	Trust: 2.0
db:	JVN	id:	JVNVU99213938	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-008493	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-6418	Trust: 0.7
db:	ZDI	id:	ZDI-18-1286	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6612	Trust: 0.7
db:	ZDI	id:	ZDI-18-1289	Trust: 0.7
db:	CNNVD	id:	CNNVD-201810-1026	Trust: 0.7
db:	VULHUB	id:	VHN-128420	Trust: 0.1

sources: ZDI: ZDI-18-1286 // ZDI: ZDI-18-1289 // VULHUB: VHN-128420 // BID: 105691 // JVNDB: JVNDB-2018-008493 // CNNVD: CNNVD-201810-1026 // NVD: CVE-2018-17913

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-290-01	Trust: 3.4
url:	http://www.securityfocus.com/bid/105691	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17909	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17913	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17905	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17907	Trust: 0.8
url:	http://www.us-cert.gov/control_systems/pdf/icsa-18-290-01.pdf	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu99213938/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-17905	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-17907	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-17909	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-17913	Trust: 0.8
url:	https://industrial.omron.eu/	Trust: 0.3

sources: ZDI: ZDI-18-1286 // ZDI: ZDI-18-1289 // VULHUB: VHN-128420 // BID: 105691 // JVNDB: JVNDB-2018-008493 // CNNVD: CNNVD-201810-1026 // NVD: CVE-2018-17913

CREDITS

Mat Powell of Trend Micro Zero Day Initiative

Trust: 0.7

sources: ZDI: ZDI-18-1286

SOURCES

db:	ZDI	id:	ZDI-18-1286
db:	ZDI	id:	ZDI-18-1289
db:	VULHUB	id:	VHN-128420
db:	BID	id:	105691
db:	JVNDB	id:	JVNDB-2018-008493
db:	CNNVD	id:	CNNVD-201810-1026
db:	NVD	id:	CVE-2018-17913

LAST UPDATE DATE

2024-11-23T21:38:03.156000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-18-1286	date:	2018-10-17T00:00:00
db:	ZDI	id:	ZDI-18-1289	date:	2018-10-17T00:00:00
db:	VULHUB	id:	VHN-128420	date:	2019-10-09T00:00:00
db:	BID	id:	105691	date:	2018-10-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-008493	date:	2019-07-26T00:00:00
db:	CNNVD	id:	CNNVD-201810-1026	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-17913	date:	2024-11-21T03:55:11.767

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-18-1286	date:	2018-10-17T00:00:00
db:	ZDI	id:	ZDI-18-1289	date:	2018-10-17T00:00:00
db:	VULHUB	id:	VHN-128420	date:	2018-11-05T00:00:00
db:	BID	id:	105691	date:	2018-10-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-008493	date:	2018-10-19T00:00:00
db:	CNNVD	id:	CNNVD-201810-1026	date:	2018-10-18T00:00:00
db:	NVD	id:	CVE-2018-17913	date:	2018-11-05T23:29:00.347