Details of VAR-201812-0469

ID

VAR-201812-0469

CVE

CVE-2018-19005

TITLE

Horner Automation Cscape CSP File Parsing Memory Corruption Remote Code Execution Vulnerability

Trust: 1.4

sources: ZDI: ZDI-18-1436 // ZDI: ZDI-18-1443

DESCRIPTION

Cscape, Version 9.80.75.3 SP3 and prior. An improper input validation vulnerability has been identified that may be exploited by processing specially crafted POC files lacking user input validation. This may allow an attacker to read confidential information and remotely execute arbitrary code. Cscape Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of CSP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. Failed exploit attempts will result in a denial-of-service condition

Trust: 8.82

sources: NVD: CVE-2018-19005 // JVNDB: JVNDB-2018-013199 // ZDI: ZDI-18-1436 // ZDI: ZDI-18-1443 // ZDI: ZDI-18-1442 // ZDI: ZDI-18-1437 // ZDI: ZDI-18-1441 // ZDI: ZDI-18-1434 // ZDI: ZDI-18-1444 // ZDI: ZDI-18-1440 // ZDI: ZDI-18-1439 // ZDI: ZDI-18-1438 // ZDI: ZDI-18-1435 // BID: 106275

AFFECTED PRODUCTS

vendor:	horner automation	model:	cscape	scope:	-	version:	-	Trust: 7.7
vendor:	hornerautomation	model:	cscape	scope:	eq	version:	9.80.75.3	Trust: 1.6
vendor:	hornerautomation	model:	cscape	scope:	lt	version:	9.80.75.3	Trust: 1.0
vendor:	horner automation	model:	cscape	scope:	lte	version:	9.80.75.3 sp3	Trust: 0.8
vendor:	horner	model:	automation cscape sp3	scope:	eq	version:	9.80.75.3	Trust: 0.3
vendor:	horner	model:	automation cscape	scope:	eq	version:	9.80.75.3	Trust: 0.3
vendor:	horner	model:	automation cscape	scope:	eq	version:	9.3	Trust: 0.3
vendor:	horner	model:	automation cscape	scope:	eq	version:	9.0	Trust: 0.3
vendor:	horner	model:	automation cscape	scope:	eq	version:	8.0	Trust: 0.3
vendor:	horner	model:	automation cscape	scope:	eq	version:	4	Trust: 0.3
vendor:	horner	model:	automation cscape sp4	scope:	ne	version:	9.80	Trust: 0.3

sources: ZDI: ZDI-18-1436 // ZDI: ZDI-18-1443 // ZDI: ZDI-18-1442 // ZDI: ZDI-18-1437 // ZDI: ZDI-18-1441 // ZDI: ZDI-18-1434 // ZDI: ZDI-18-1444 // ZDI: ZDI-18-1440 // ZDI: ZDI-18-1439 // ZDI: ZDI-18-1438 // ZDI: ZDI-18-1435 // BID: 106275 // JVNDB: JVNDB-2018-013199 // CNNVD: CNNVD-201812-961 // NVD: CVE-2018-19005

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2018-19005
value:	MEDIUM
Trust: 6.3
ZDI:	CVE-2018-19005
value:	HIGH
Trust: 1.4
nvd@nist.gov:	CVE-2018-19005
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-19005
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201812-961
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2018-19005
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 7.4
ZDI:	CVE-2018-19005
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.4
ZDI:	CVE-2018-19005
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7

nvd@nist.gov:	CVE-2018-19005
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: ZDI: ZDI-18-1436 // ZDI: ZDI-18-1443 // ZDI: ZDI-18-1442 // ZDI: ZDI-18-1437 // ZDI: ZDI-18-1441 // ZDI: ZDI-18-1434 // ZDI: ZDI-18-1444 // ZDI: ZDI-18-1440 // ZDI: ZDI-18-1439 // ZDI: ZDI-18-1438 // ZDI: ZDI-18-1435 // JVNDB: JVNDB-2018-013199 // CNNVD: CNNVD-201812-961 // NVD: CVE-2018-19005

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2018-013199 // NVD: CVE-2018-19005

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201812-961

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 106275 // CNNVD: CNNVD-201812-961

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013199

PATCH

title:	Horner Automation has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-18-354-01	Trust: 7.7
title:	Cscape	url:	http://www.horner-apg.com/en/products/software/cscape.aspx	Trust: 0.8
title:	Horner Automation Cscape Enter the fix for the verification vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88118	Trust: 0.6

sources: ZDI: ZDI-18-1436 // ZDI: ZDI-18-1443 // ZDI: ZDI-18-1442 // ZDI: ZDI-18-1437 // ZDI: ZDI-18-1441 // ZDI: ZDI-18-1434 // ZDI: ZDI-18-1444 // ZDI: ZDI-18-1440 // ZDI: ZDI-18-1439 // ZDI: ZDI-18-1438 // ZDI: ZDI-18-1435 // JVNDB: JVNDB-2018-013199 // CNNVD: CNNVD-201812-961

EXTERNAL IDS

db:	NVD	id:	CVE-2018-19005	Trust: 10.4
db:	ICS CERT	id:	ICSA-18-354-01	Trust: 2.7
db:	BID	id:	106275	Trust: 1.9
db:	JVNDB	id:	JVNDB-2018-013199	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-6409	Trust: 0.7
db:	ZDI	id:	ZDI-18-1436	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6432	Trust: 0.7
db:	ZDI	id:	ZDI-18-1443	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6431	Trust: 0.7
db:	ZDI	id:	ZDI-18-1442	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6410	Trust: 0.7
db:	ZDI	id:	ZDI-18-1437	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6430	Trust: 0.7
db:	ZDI	id:	ZDI-18-1441	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6407	Trust: 0.7
db:	ZDI	id:	ZDI-18-1434	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6433	Trust: 0.7
db:	ZDI	id:	ZDI-18-1444	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6413	Trust: 0.7
db:	ZDI	id:	ZDI-18-1440	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6412	Trust: 0.7
db:	ZDI	id:	ZDI-18-1439	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6411	Trust: 0.7
db:	ZDI	id:	ZDI-18-1438	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6408	Trust: 0.7
db:	ZDI	id:	ZDI-18-1435	Trust: 0.7
db:	CNNVD	id:	CNNVD-201812-961	Trust: 0.6

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-354-01	Trust: 10.4
url:	http://www.securityfocus.com/bid/106275	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19005	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-19005	Trust: 0.8
url:	https://hornerautomation.com/cscape-software/	Trust: 0.3
url:	https://hornerautomation.com/	Trust: 0.3

CREDITS

rgod and mdm of 9SG Security Team

Trust: 4.9

sources: ZDI: ZDI-18-1436 // ZDI: ZDI-18-1437 // ZDI: ZDI-18-1434 // ZDI: ZDI-18-1440 // ZDI: ZDI-18-1439 // ZDI: ZDI-18-1438 // ZDI: ZDI-18-1435

SOURCES

db:	ZDI	id:	ZDI-18-1436
db:	ZDI	id:	ZDI-18-1443
db:	ZDI	id:	ZDI-18-1442
db:	ZDI	id:	ZDI-18-1437
db:	ZDI	id:	ZDI-18-1441
db:	ZDI	id:	ZDI-18-1434
db:	ZDI	id:	ZDI-18-1444
db:	ZDI	id:	ZDI-18-1440
db:	ZDI	id:	ZDI-18-1439
db:	ZDI	id:	ZDI-18-1438
db:	ZDI	id:	ZDI-18-1435
db:	BID	id:	106275
db:	JVNDB	id:	JVNDB-2018-013199
db:	CNNVD	id:	CNNVD-201812-961
db:	NVD	id:	CVE-2018-19005

LAST UPDATE DATE

2024-08-14T15:12:58.463000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-18-1436	date:	2019-01-02T00:00:00
db:	ZDI	id:	ZDI-18-1443	date:	2019-01-02T00:00:00
db:	ZDI	id:	ZDI-18-1442	date:	2019-01-02T00:00:00
db:	ZDI	id:	ZDI-18-1437	date:	2019-01-02T00:00:00
db:	ZDI	id:	ZDI-18-1441	date:	2019-01-02T00:00:00
db:	ZDI	id:	ZDI-18-1434	date:	2019-01-02T00:00:00
db:	ZDI	id:	ZDI-18-1444	date:	2019-01-02T00:00:00
db:	ZDI	id:	ZDI-18-1440	date:	2019-01-02T00:00:00
db:	ZDI	id:	ZDI-18-1439	date:	2019-01-02T00:00:00
db:	ZDI	id:	ZDI-18-1438	date:	2019-01-02T00:00:00
db:	ZDI	id:	ZDI-18-1435	date:	2019-01-02T00:00:00
db:	BID	id:	106275	date:	2018-12-20T00:00:00
db:	JVNDB	id:	JVNDB-2018-013199	date:	2019-02-18T00:00:00
db:	CNNVD	id:	CNNVD-201812-961	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-19005	date:	2019-10-09T23:37:35.287

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-18-1436	date:	2019-01-02T00:00:00
db:	ZDI	id:	ZDI-18-1443	date:	2019-01-02T00:00:00
db:	ZDI	id:	ZDI-18-1442	date:	2019-01-02T00:00:00
db:	ZDI	id:	ZDI-18-1437	date:	2019-01-02T00:00:00
db:	ZDI	id:	ZDI-18-1441	date:	2019-01-02T00:00:00
db:	ZDI	id:	ZDI-18-1434	date:	2019-01-02T00:00:00
db:	ZDI	id:	ZDI-18-1444	date:	2019-01-02T00:00:00
db:	ZDI	id:	ZDI-18-1440	date:	2019-01-02T00:00:00
db:	ZDI	id:	ZDI-18-1439	date:	2019-01-02T00:00:00
db:	ZDI	id:	ZDI-18-1438	date:	2019-01-02T00:00:00
db:	ZDI	id:	ZDI-18-1435	date:	2019-01-02T00:00:00
db:	BID	id:	106275	date:	2018-12-20T00:00:00
db:	JVNDB	id:	JVNDB-2018-013199	date:	2019-02-18T00:00:00
db:	CNNVD	id:	CNNVD-201812-961	date:	2018-12-21T00:00:00
db:	NVD	id:	CVE-2018-19005	date:	2018-12-20T21:29:00.883