Sign-up

ID

VAR-201901-0849


CVE

CVE-2018-19011


TITLE

Omron CX-Supervisor Code injection vulnerability

Trust: 1.4

sources: IVD: 451797bd-6e00-4053-8f07-fb66ecf9af70 // CNVD: CNVD-2019-14549 // CNNVD: CNNVD-201901-736

DESCRIPTION

CX-Supervisor (Versions 3.42 and prior) can execute code that has been injected into a project file. An attacker could exploit this to execute code under the privileges of the application. Provided by OMRON Corporation CX-Supervisor Contains the following multiple vulnerabilities: * Code injection (CWE-94) - CVE-2018-19011 By processing a specially crafted project file, arbitrary code can be executed with application privileges. * Command injection (CWE-77) - CVE-2018-19013 By processing a specially crafted project file, files on the device and their contents are deleted. * Command injection (CWE-77) - CVE-2018-19015 By processing a specially crafted project file, the program is executed with the authority of the application, and a file on the device is created, written and read. * Use After Free ( Use of freed memory ) (CWE-416) - CVE-2018-19017 By processing a specially crafted project file, arbitrary code can be executed with application privileges. * Access of Resource Using Incompatible Type ( Mixing of molds ) (CWE-843) - CVE-2018-19019 By processing a specially crafted project file, arbitrary code can be executed with application privileges. * Access of Uninitialized Pointer ( Uninitialized pointer access ) (CWE-824) - CVE-2018-19018 By processing a specially crafted project file, arbitrary code can be executed with application privileges. * Out-of-bounds Read ( Read out of bounds ) (CWE-125) - CVE-2018-19020 By processing a specially crafted project file, the application reads values outside the array.Service disruption by a third party (DoS) An attacker could be attacked or execute arbitrary code with application privileges. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of project files. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. The Omron CX-Supervisor is a powerful and advanced machine visualization package that provides a very flexible PC-based HMI environment. Omron CX-Supervisor is prone to the following security vulnerabilities: 1. A code-injection vulnerability 2. Multiple command-injection vulnerability 3. Omron CX-Supervisor 3.42 and prior versions are vulnerable. Omron CX-Supervisor is a visual machine controller produced by Omron Corporation of Japan

Trust: 3.33

sources: NVD: CVE-2018-19011 // JVNDB: JVNDB-2019-001051 // ZDI: ZDI-19-100 // CNVD: CNVD-2019-14549 // BID: 106654 // IVD: 451797bd-6e00-4053-8f07-fb66ecf9af70 // VULHUB: VHN-129628

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 451797bd-6e00-4053-8f07-fb66ecf9af70 // CNVD: CNVD-2019-14549

AFFECTED PRODUCTS

vendor:omronmodel:cx-supervisorscope:lteversion:3.42

Trust: 1.0

vendor:omronmodel:cx-supervisorscope:lteversion:version 3.42

Trust: 0.8

vendor:omronmodel:cx-supervisorscope: - version: -

Trust: 0.7

vendor:omronmodel:cx-supervisorscope:lteversion:<=3.42

Trust: 0.6

vendor:omronmodel:cx-supervisorscope:eqversion:3.4.2

Trust: 0.3

vendor:omronmodel:cx-supervisorscope:eqversion:3.4.1

Trust: 0.3

vendor:omronmodel:cx-supervisorscope:eqversion:3.42

Trust: 0.3

vendor:omronmodel:cx-supervisorscope:eqversion:3.4.1.0

Trust: 0.3

vendor:omronmodel:cx-supervisorscope:eqversion:3.30

Trust: 0.3

vendor:omronmodel:cx-supervisorscope:neversion:3.5.0.11

Trust: 0.3

vendor:cx supervisormodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 451797bd-6e00-4053-8f07-fb66ecf9af70 // ZDI: ZDI-19-100 // CNVD: CNVD-2019-14549 // BID: 106654 // JVNDB: JVNDB-2019-001051 // NVD: CVE-2018-19011

CVSS

SEVERITY

CVSSV2

CVSSV3

JPCERT/CC: JVNDB-2019-001051
value: HIGH

Trust: 3.2

JPCERT/CC: JVNDB-2019-001051
value: MEDIUM

Trust: 1.6

nvd@nist.gov: CVE-2018-19011
value: HIGH

Trust: 1.0

JPCERT/CC: JVNDB-2019-001051
value: LOW

Trust: 0.8

ZDI: CVE-2018-19011
value: HIGH

Trust: 0.7

CNVD: CNVD-2019-14549
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201901-736
value: HIGH

Trust: 0.6

IVD: 451797bd-6e00-4053-8f07-fb66ecf9af70
value: HIGH

Trust: 0.2

VULHUB: VHN-129628
value: MEDIUM

Trust: 0.1

JPCERT/CC: JVNDB-2019-001051
severity: MEDIUM
baseScore: 6.6
vectorString: AV:L/AC:M/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 3.2

nvd@nist.gov: CVE-2018-19011
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

JPCERT/CC: JVNDB-2019-001051
severity: MEDIUM
baseScore: 4.5
vectorString: AV:L/AC:H/AU:S/C:N/I:P/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

JPCERT/CC: JVNDB-2019-001051
severity: MEDIUM
baseScore: 6.0
vectorString: AV:L/AC:H/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

JPCERT/CC: JVNDB-2019-001051
severity: LOW
baseScore: 1.7
vectorString: AV:L/AC:L/AU:S/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2019-14549
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 451797bd-6e00-4053-8f07-fb66ecf9af70
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-129628
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

JPCERT/CC: JVNDB-2019-001051
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 3.2

nvd@nist.gov: CVE-2018-19011
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

JPCERT/CC: JVNDB-2019-001051
baseSeverity: MEDIUM
baseScore: 5.0
vectorString: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

JPCERT/CC: JVNDB-2019-001051
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

JPCERT/CC: JVNDB-2019-001051
baseSeverity: LOW
baseScore: 2.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2018-19011
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: IVD: 451797bd-6e00-4053-8f07-fb66ecf9af70 // ZDI: ZDI-19-100 // CNVD: CNVD-2019-14549 // VULHUB: VHN-129628 // JVNDB: JVNDB-2019-001051 // JVNDB: JVNDB-2019-001051 // JVNDB: JVNDB-2019-001051 // JVNDB: JVNDB-2019-001051 // JVNDB: JVNDB-2019-001051 // JVNDB: JVNDB-2019-001051 // JVNDB: JVNDB-2019-001051 // CNNVD: CNNVD-201901-736 // NVD: CVE-2018-19011

PROBLEMTYPE DATA

problemtype:CWE-94

Trust: 1.1

problemtype:CWE-77

Trust: 0.1

sources: VULHUB: VHN-129628 // NVD: CVE-2018-19011

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-736

TYPE

Code injection

Trust: 0.8

sources: IVD: 451797bd-6e00-4053-8f07-fb66ecf9af70 // CNNVD: CNNVD-201901-736

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-001051

PATCH
title:Release Notes For CX-Supervisor 3.5url:https://www.myomron.com/index.php?action=kb&article=1711
Trust: 0.8
title:Omron has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01
Trust: 0.7
title:Omron CX-Supervisor code injection vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/161431
Trust: 0.6
title:Omron CX-Supervisor Fixes for code injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89507
Trust: 0.6
sources:
            
            
            ZDI: ZDI-19-100 // 
            
            
            
            CNVD: CNVD-2019-14549 // 
            
            
            
            JVNDB: JVNDB-2019-001051 // 
            
            
            
            CNNVD: CNNVD-201901-736

EXTERNAL IDS
db:NVDid:CVE-2018-19011
Trust: 4.3
db:ICS CERTid:ICSA-19-017-01
Trust: 3.4
db:BIDid:106654
Trust: 2.6
db:CNNVDid:CNNVD-201901-736
Trust: 0.9
db:CNVDid:CNVD-2019-14549
Trust: 0.8
db:JVNid:JVNVU90014171
Trust: 0.8
db:JVNDBid:JVNDB-2019-001051
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-6645
Trust: 0.7
db:ZDIid:ZDI-19-100
Trust: 0.7
db:IVDid:451797BD-6E00-4053-8F07-FB66ECF9AF70
Trust: 0.2
db:VULHUBid:VHN-129628
Trust: 0.1
sources:
            
            
            IVD: 451797bd-6e00-4053-8f07-fb66ecf9af70 // 
            
            
            
            ZDI: ZDI-19-100 // 
            
            
            
            CNVD: CNVD-2019-14549 // 
            
            
            
            VULHUB: VHN-129628 // 
            
            
            
            BID: 106654 // 
            
            
            
            JVNDB: JVNDB-2019-001051 // 
            
            
            
            CNNVD: CNNVD-201901-736 // 
            
            
            
            NVD: CVE-2018-19011

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-19-017-01
Trust: 4.1
url:http://www.securityfocus.com/bid/106654
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19019
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19018
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19020
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19011
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19013
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19015
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19017
Trust: 0.8
url:https://jvn.jp/vu/jvnvu90014171/
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-19019
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-19018
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-19020
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-19011
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-19013
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-19015
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-19017
Trust: 0.8
url:https://industrial.omron.eu/
Trust: 0.3
sources:
            
            
            ZDI: ZDI-19-100 // 
            
            
            
            CNVD: CNVD-2019-14549 // 
            
            
            
            VULHUB: VHN-129628 // 
            
            
            
            BID: 106654 // 
            
            
            
            JVNDB: JVNDB-2019-001051 // 
            
            
            
            CNNVD: CNNVD-201901-736 // 
            
            
            
            NVD: CVE-2018-19011

CREDITS
Esteban Ruiz (mr_me) of Source Incite
Trust: 0.7
sources:
            
            
            ZDI: ZDI-19-100

SOURCES
db:IVDid:451797bd-6e00-4053-8f07-fb66ecf9af70
db:ZDIid:ZDI-19-100
db:CNVDid:CNVD-2019-14549
db:VULHUBid:VHN-129628
db:BIDid:106654
db:JVNDBid:JVNDB-2019-001051
db:CNNVDid:CNNVD-201901-736
db:NVDid:CVE-2018-19011

LAST UPDATE DATE
2024-11-23T22:21:50.609000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-19-100date:2019-01-19T00:00:00
db:CNVDid:CNVD-2019-14549date:2019-05-16T00:00:00
db:VULHUBid:VHN-129628date:2019-10-09T00:00:00
db:BIDid:106654date:2019-01-17T00:00:00
db:JVNDBid:JVNDB-2019-001051date:2019-08-27T00:00:00
db:CNNVDid:CNNVD-201901-736date:2019-10-17T00:00:00
db:NVDid:CVE-2018-19011date:2024-11-21T03:57:09.707

SOURCES RELEASE DATE
db:IVDid:451797bd-6e00-4053-8f07-fb66ecf9af70date:2019-05-16T00:00:00
db:ZDIid:ZDI-19-100date:2019-01-19T00:00:00
db:CNVDid:CNVD-2019-14549date:2019-05-16T00:00:00
db:VULHUBid:VHN-129628date:2019-01-22T00:00:00
db:BIDid:106654date:2019-01-17T00:00:00
db:JVNDBid:JVNDB-2019-001051date:2019-01-21T00:00:00
db:CNNVDid:CNNVD-201901-736date:2019-01-18T00:00:00
db:NVDid:CVE-2018-19011date:2019-01-22T20:29:00.410