Sign-up

ID

VAR-201812-0479


CVE

CVE-2018-18993


TITLE

Omron CX-One Buffer Overflow Vulnerability

Trust: 0.8

sources: IVD: 7d808751-463f-11e9-abf0-000c29342cb1 // CNVD: CNVD-2018-25281

DESCRIPTION

Two stack-based buffer overflow vulnerabilities have been discovered in CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior). When processing project files, the application allows input data to exceed the buffer. An attacker could use a specially crafted project file to overflow the buffer and execute code under the privileges of the application. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One CX-Position. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of project files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. The Omron CX-One is an integrated toolkit from Omron, Japan (Omron) that includes networking, PT, frequency converters, temperature controllers, and PLC programming software. CX-Programmer is one of the PLC programming software. CX-Server is one of the driver management tools. Area. Omron CX-One is prone to the following security vulnerabilities: 1. Multiple stack-based buffer-overflow vulnerabilities 2

Trust: 4.05

sources: NVD: CVE-2018-18993 // JVNDB: JVNDB-2018-010184 // ZDI: ZDI-18-1368 // ZDI: ZDI-18-1366 // CNVD: CNVD-2018-25281 // BID: 106106 // IVD: 7d808751-463f-11e9-abf0-000c29342cb1 // VULHUB: VHN-129608 // VULMON: CVE-2018-18993

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 7d808751-463f-11e9-abf0-000c29342cb1 // CNVD: CNVD-2018-25281

AFFECTED PRODUCTS

vendor:omronmodel:cx-onescope: - version: -

Trust: 1.4

vendor:omronmodel:cx-onescope:lteversion:4.42

Trust: 1.0

vendor:omronmodel:cx-programmerscope:lteversion:9.66

Trust: 1.0

vendor:omronmodel:cx-serverscope:lteversion:5.0.23

Trust: 1.0

vendor:omronmodel:cx-serverscope:eqversion:5.0.23

Trust: 0.9

vendor:omronmodel:cx-programmerscope:eqversion:9.66

Trust: 0.9

vendor:omronmodel:cx-onescope:eqversion:4.42

Trust: 0.9

vendor:omronmodel:cx-programmerscope:lteversion:version 9.66

Trust: 0.8

vendor:omronmodel:cx-serverscope:lteversion:version 5.0.23

Trust: 0.8

vendor:omronmodel:cx-onescope:lteversion:<=4.42

Trust: 0.6

vendor:omronmodel:cx-serverscope:eqversion:5.0.22

Trust: 0.3

vendor:omronmodel:cx-programmerscope:eqversion:9.65

Trust: 0.3

vendor:omronmodel:cx-serverscope:neversion:5.0.24

Trust: 0.3

vendor:omronmodel:cx-programmerscope:neversion:9.70

Trust: 0.3

vendor:cx onemodel: - scope:eqversion:*

Trust: 0.2

vendor:cx programmermodel: - scope:eqversion:*

Trust: 0.2

vendor:cx servermodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 7d808751-463f-11e9-abf0-000c29342cb1 // ZDI: ZDI-18-1368 // ZDI: ZDI-18-1366 // CNVD: CNVD-2018-25281 // BID: 106106 // JVNDB: JVNDB-2018-010184 // CNNVD: CNNVD-201812-128 // NVD: CVE-2018-18993

CVSS

SEVERITY

CVSSV2

CVSSV3

JPCERT/CC: JVNDB-2018-010184
value: MEDIUM

Trust: 1.6

ZDI: CVE-2018-18993
value: HIGH

Trust: 1.4

nvd@nist.gov: CVE-2018-18993
value: HIGH

Trust: 1.0

CNVD: CNVD-2018-25281
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201812-128
value: HIGH

Trust: 0.6

IVD: 7d808751-463f-11e9-abf0-000c29342cb1
value: HIGH

Trust: 0.2

VULHUB: VHN-129608
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-18993
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-18993
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

JPCERT/CC: JVNDB-2018-010184
severity: MEDIUM
baseScore: 6.1
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

JPCERT/CC: JVNDB-2018-010184
severity: MEDIUM
baseScore: 5.2
vectorString: AV:L/AC:H/AU:N/C:P/I:P/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2018-25281
severity: MEDIUM
baseScore: 6.1
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 7d808751-463f-11e9-abf0-000c29342cb1
severity: MEDIUM
baseScore: 6.1
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-129608
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ZDI: CVE-2018-18993
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.4

nvd@nist.gov: CVE-2018-18993
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

JPCERT/CC: JVNDB-2018-010184
baseSeverity: MEDIUM
baseScore: 6.6
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

JPCERT/CC: JVNDB-2018-010184
baseSeverity: MEDIUM
baseScore: 5.8
vectorString: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 7d808751-463f-11e9-abf0-000c29342cb1 // ZDI: ZDI-18-1368 // ZDI: ZDI-18-1366 // CNVD: CNVD-2018-25281 // VULHUB: VHN-129608 // VULMON: CVE-2018-18993 // JVNDB: JVNDB-2018-010184 // JVNDB: JVNDB-2018-010184 // CNNVD: CNNVD-201812-128 // NVD: CVE-2018-18993

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-119

Trust: 0.1

sources: VULHUB: VHN-129608 // NVD: CVE-2018-18993

THREAT TYPE

local

Trust: 0.9

sources: BID: 106106 // CNNVD: CNNVD-201812-128

TYPE

Buffer error

Trust: 0.8

sources: IVD: 7d808751-463f-11e9-abf0-000c29342cb1 // CNNVD: CNNVD-201812-128

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-010184

PATCH
title:Omron has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-18-338-01
Trust: 1.4
title:CX-One バージョンアップ プログラム ダウンロードurl:https://www.fa.omron.co.jp/product/tool/26/cxone/one1.html
Trust: 0.8
title:CX-Programmer の更新内容 | Ver.9.70 : CX-Oneオートアップデート(V4向け_2018年12月)url:https://www.fa.omron.co.jp/product/tool/26/cxone/j4_doc.html#cx_programmer
Trust: 0.8
title:共通モジュール の更新内容 | - : CX-Oneオートアップデート(V4向け_2018年12月)url:https://www.fa.omron.co.jp/product/tool/26/cxone/j4_doc.html#common_module
Trust: 0.8
title:Omron CX-One Buffer Overflow Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/146977
Trust: 0.6
title:Omron CX-One Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87424
Trust: 0.6
sources:
            
            
            ZDI: ZDI-18-1368 // 
            
            
            
            ZDI: ZDI-18-1366 // 
            
            
            
            CNVD: CNVD-2018-25281 // 
            
            
            
            JVNDB: JVNDB-2018-010184 // 
            
            
            
            CNNVD: CNNVD-201812-128

EXTERNAL IDS
db:NVDid:CVE-2018-18993
Trust: 5.1
db:ICS CERTid:ICSA-18-338-01
Trust: 3.5
db:BIDid:106106
Trust: 2.7
db:CNNVDid:CNNVD-201812-128
Trust: 0.9
db:CNVDid:CNVD-2018-25281
Trust: 0.8
db:JVNid:JVNVU90473043
Trust: 0.8
db:JVNDBid:JVNDB-2018-010184
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-6610
Trust: 0.7
db:ZDIid:ZDI-18-1368
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-6603
Trust: 0.7
db:ZDIid:ZDI-18-1366
Trust: 0.7
db:IVDid:7D808751-463F-11E9-ABF0-000C29342CB1
Trust: 0.2
db:VULHUBid:VHN-129608
Trust: 0.1
db:VULMONid:CVE-2018-18993
Trust: 0.1
sources:
            
            
            IVD: 7d808751-463f-11e9-abf0-000c29342cb1 // 
            
            
            
            ZDI: ZDI-18-1368 // 
            
            
            
            ZDI: ZDI-18-1366 // 
            
            
            
            CNVD: CNVD-2018-25281 // 
            
            
            
            VULHUB: VHN-129608 // 
            
            
            
            VULMON: CVE-2018-18993 // 
            
            
            
            BID: 106106 // 
            
            
            
            JVNDB: JVNDB-2018-010184 // 
            
            
            
            CNNVD: CNNVD-201812-128 // 
            
            
            
            NVD: CVE-2018-18993

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-338-01
Trust: 5.0
url:http://www.securityfocus.com/bid/106106
Trust: 1.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18993
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18989
Trust: 0.8
url:https://jvn.jp/vu/jvnvu90473043/
Trust: 0.8
url:https://industrial.omron.eu/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/787.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            ZDI: ZDI-18-1368 // 
            
            
            
            ZDI: ZDI-18-1366 // 
            
            
            
            CNVD: CNVD-2018-25281 // 
            
            
            
            VULHUB: VHN-129608 // 
            
            
            
            VULMON: CVE-2018-18993 // 
            
            
            
            BID: 106106 // 
            
            
            
            JVNDB: JVNDB-2018-010184 // 
            
            
            
            CNNVD: CNNVD-201812-128 // 
            
            
            
            NVD: CVE-2018-18993

CREDITS
Esteban Ruiz (mr_me) of Source Incite
Trust: 1.4
sources:
            
            
            ZDI: ZDI-18-1368 // 
            
            
            
            ZDI: ZDI-18-1366

SOURCES
db:IVDid:7d808751-463f-11e9-abf0-000c29342cb1
db:ZDIid:ZDI-18-1368
db:ZDIid:ZDI-18-1366
db:CNVDid:CNVD-2018-25281
db:VULHUBid:VHN-129608
db:VULMONid:CVE-2018-18993
db:BIDid:106106
db:JVNDBid:JVNDB-2018-010184
db:CNNVDid:CNNVD-201812-128
db:NVDid:CVE-2018-18993

LAST UPDATE DATE
2024-11-23T22:45:08.278000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-18-1368date:2018-12-10T00:00:00
db:ZDIid:ZDI-18-1366date:2018-12-10T00:00:00
db:CNVDid:CNVD-2018-25281date:2018-12-14T00:00:00
db:VULHUBid:VHN-129608date:2020-09-18T00:00:00
db:VULMONid:CVE-2018-18993date:2020-09-18T00:00:00
db:BIDid:106106date:2018-12-04T00:00:00
db:JVNDBid:JVNDB-2018-010184date:2018-12-06T00:00:00
db:CNNVDid:CNNVD-201812-128date:2020-09-21T00:00:00
db:NVDid:CVE-2018-18993date:2024-11-21T03:57:00.207

SOURCES RELEASE DATE
db:IVDid:7d808751-463f-11e9-abf0-000c29342cb1date:2018-12-14T00:00:00
db:ZDIid:ZDI-18-1368date:2018-12-10T00:00:00
db:ZDIid:ZDI-18-1366date:2018-12-10T00:00:00
db:CNVDid:CNVD-2018-25281date:2018-12-13T00:00:00
db:VULHUBid:VHN-129608date:2018-12-04T00:00:00
db:VULMONid:CVE-2018-18993date:2018-12-04T00:00:00
db:BIDid:106106date:2018-12-04T00:00:00
db:JVNDBid:JVNDB-2018-010184date:2018-12-06T00:00:00
db:CNNVDid:CNNVD-201812-128date:2018-12-05T00:00:00
db:NVDid:CVE-2018-18993date:2018-12-04T22:29:00.340