Sign-up

ID

VAR-201901-0851


CVE

CVE-2018-19013


TITLE

Omron CX-Supervisor Command injection vulnerability

Trust: 1.4

sources: IVD: 1c7e5b44-5c6b-4ac1-9519-e37db013737a // CNVD: CNVD-2019-14548 // CNNVD: CNNVD-201901-737

DESCRIPTION

An attacker could inject commands to delete files and/or delete the contents of a file on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file. Provided by OMRON Corporation CX-Supervisor Contains the following multiple vulnerabilities: * Code injection (CWE-94) - CVE-2018-19011 By processing a specially crafted project file, arbitrary code can be executed with application privileges. * Use After Free ( Use of freed memory ) (CWE-416) - CVE-2018-19017 By processing a specially crafted project file, arbitrary code can be executed with application privileges. * Access of Resource Using Incompatible Type ( Mixing of molds ) (CWE-843) - CVE-2018-19019 By processing a specially crafted project file, arbitrary code can be executed with application privileges. * Access of Uninitialized Pointer ( Uninitialized pointer access ) (CWE-824) - CVE-2018-19018 By processing a specially crafted project file, arbitrary code can be executed with application privileges. * Out-of-bounds Read ( Read out of bounds ) (CWE-125) - CVE-2018-19020 By processing a specially crafted project file, the application reads values outside the array.Service disruption by a third party (DoS) An attacker could be attacked or execute arbitrary code with application privileges. This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of project files. The issue results from the lack of proper validation of a user-supplied string, which could allow the deletion of any file on the system. An attacker could use this to delete data or create a denial-of-service condition. The Omron CX-Supervisor is a powerful and advanced machine visualization package that provides a very flexible PC-based HMI environment. Omron CX-Supervisor is prone to the following security vulnerabilities: 1. A code-injection vulnerability 2. Multiple command-injection vulnerability 3. Omron CX-Supervisor 3.42 and prior versions are vulnerable. Omron CX-Supervisor is a visual machine controller produced by Omron Corporation of Japan. A command injection vulnerability exists in Omron CX-Supervisor 3.42 and earlier versions

Trust: 3.96

sources: NVD: CVE-2018-19013 // JVNDB: JVNDB-2019-001051 // ZDI: ZDI-19-105 // ZDI: ZDI-19-102 // CNVD: CNVD-2019-14548 // BID: 106654 // IVD: 1c7e5b44-5c6b-4ac1-9519-e37db013737a // VULHUB: VHN-129630

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 1c7e5b44-5c6b-4ac1-9519-e37db013737a // CNVD: CNVD-2019-14548

AFFECTED PRODUCTS

vendor:omronmodel:cx-supervisorscope: - version: -

Trust: 1.4

vendor:omronmodel:cx-supervisorscope:lteversion:3.42

Trust: 1.0

vendor:omronmodel:cx-supervisorscope:lteversion:version 3.42

Trust: 0.8

vendor:omronmodel:cx-supervisorscope:lteversion:<=3.42

Trust: 0.6

vendor:omronmodel:cx-supervisorscope:eqversion:3.4.2

Trust: 0.3

vendor:omronmodel:cx-supervisorscope:eqversion:3.4.1

Trust: 0.3

vendor:omronmodel:cx-supervisorscope:eqversion:3.42

Trust: 0.3

vendor:omronmodel:cx-supervisorscope:eqversion:3.4.1.0

Trust: 0.3

vendor:omronmodel:cx-supervisorscope:eqversion:3.30

Trust: 0.3

vendor:omronmodel:cx-supervisorscope:neversion:3.5.0.11

Trust: 0.3

vendor:cx supervisormodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 1c7e5b44-5c6b-4ac1-9519-e37db013737a // ZDI: ZDI-19-105 // ZDI: ZDI-19-102 // CNVD: CNVD-2019-14548 // BID: 106654 // JVNDB: JVNDB-2019-001051 // NVD: CVE-2018-19013

CVSS

SEVERITY

CVSSV2

CVSSV3

JPCERT/CC: JVNDB-2019-001051
value: HIGH

Trust: 3.2

JPCERT/CC: JVNDB-2019-001051
value: MEDIUM

Trust: 1.6

ZDI: CVE-2018-19013
value: MEDIUM

Trust: 1.4

nvd@nist.gov: CVE-2018-19013
value: MEDIUM

Trust: 1.0

JPCERT/CC: JVNDB-2019-001051
value: LOW

Trust: 0.8

CNVD: CNVD-2019-14548
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201901-737
value: MEDIUM

Trust: 0.6

IVD: 1c7e5b44-5c6b-4ac1-9519-e37db013737a
value: MEDIUM

Trust: 0.2

VULHUB: VHN-129630
value: MEDIUM

Trust: 0.1

JPCERT/CC: JVNDB-2019-001051
severity: MEDIUM
baseScore: 6.6
vectorString: AV:L/AC:M/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 3.2

nvd@nist.gov: CVE-2018-19013
severity: MEDIUM
baseScore: 4.9
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

JPCERT/CC: JVNDB-2019-001051
severity: MEDIUM
baseScore: 4.5
vectorString: AV:L/AC:H/AU:S/C:N/I:P/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

JPCERT/CC: JVNDB-2019-001051
severity: MEDIUM
baseScore: 6.0
vectorString: AV:L/AC:H/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

JPCERT/CC: JVNDB-2019-001051
severity: LOW
baseScore: 1.7
vectorString: AV:L/AC:L/AU:S/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2019-14548
severity: MEDIUM
baseScore: 4.9
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 1c7e5b44-5c6b-4ac1-9519-e37db013737a
severity: MEDIUM
baseScore: 4.9
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-129630
severity: MEDIUM
baseScore: 4.9
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

JPCERT/CC: JVNDB-2019-001051
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 3.2

ZDI: CVE-2018-19013
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 4.2
version: 3.0

Trust: 1.4

nvd@nist.gov: CVE-2018-19013
baseSeverity: MEDIUM
baseScore: 5.0
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.3
impactScore: 3.6
version: 3.0

Trust: 1.0

JPCERT/CC: JVNDB-2019-001051
baseSeverity: MEDIUM
baseScore: 5.0
vectorString: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

JPCERT/CC: JVNDB-2019-001051
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

JPCERT/CC: JVNDB-2019-001051
baseSeverity: LOW
baseScore: 2.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 1c7e5b44-5c6b-4ac1-9519-e37db013737a // ZDI: ZDI-19-105 // ZDI: ZDI-19-102 // CNVD: CNVD-2019-14548 // VULHUB: VHN-129630 // JVNDB: JVNDB-2019-001051 // JVNDB: JVNDB-2019-001051 // JVNDB: JVNDB-2019-001051 // JVNDB: JVNDB-2019-001051 // JVNDB: JVNDB-2019-001051 // JVNDB: JVNDB-2019-001051 // JVNDB: JVNDB-2019-001051 // CNNVD: CNNVD-201901-737 // NVD: CVE-2018-19013

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.1

sources: VULHUB: VHN-129630 // NVD: CVE-2018-19013

THREAT TYPE

local

Trust: 0.9

sources: BID: 106654 // CNNVD: CNNVD-201901-737

TYPE

Command injection

Trust: 0.8

sources: IVD: 1c7e5b44-5c6b-4ac1-9519-e37db013737a // CNNVD: CNNVD-201901-737

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-001051

PATCH
title:Omron has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01
Trust: 1.4
title:Release Notes For CX-Supervisor 3.5url:https://www.myomron.com/index.php?action=kb&article=1711
Trust: 0.8
title:Omron CX-Supervisor command to inject vulnerability patchesurl:https://www.cnvd.org.cn/patchInfo/show/161433
Trust: 0.6
sources:
            
            
            ZDI: ZDI-19-105 // 
            
            
            
            ZDI: ZDI-19-102 // 
            
            
            
            CNVD: CNVD-2019-14548 // 
            
            
            
            JVNDB: JVNDB-2019-001051

EXTERNAL IDS
db:NVDid:CVE-2018-19013
Trust: 5.0
db:ICS CERTid:ICSA-19-017-01
Trust: 3.4
db:BIDid:106654
Trust: 2.0
db:CNNVDid:CNNVD-201901-737
Trust: 0.9
db:CNVDid:CNVD-2019-14548
Trust: 0.8
db:JVNid:JVNVU90014171
Trust: 0.8
db:JVNDBid:JVNDB-2019-001051
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-6646
Trust: 0.7
db:ZDIid:ZDI-19-105
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-6662
Trust: 0.7
db:ZDIid:ZDI-19-102
Trust: 0.7
db:IVDid:1C7E5B44-5C6B-4AC1-9519-E37DB013737A
Trust: 0.2
db:VULHUBid:VHN-129630
Trust: 0.1
sources:
            
            
            IVD: 1c7e5b44-5c6b-4ac1-9519-e37db013737a // 
            
            
            
            ZDI: ZDI-19-105 // 
            
            
            
            ZDI: ZDI-19-102 // 
            
            
            
            CNVD: CNVD-2019-14548 // 
            
            
            
            VULHUB: VHN-129630 // 
            
            
            
            BID: 106654 // 
            
            
            
            JVNDB: JVNDB-2019-001051 // 
            
            
            
            CNNVD: CNNVD-201901-737 // 
            
            
            
            NVD: CVE-2018-19013

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-19-017-01
Trust: 4.8
url:http://www.securityfocus.com/bid/106654
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19019
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19018
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19020
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19011
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19013
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19015
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19017
Trust: 0.8
url:https://jvn.jp/vu/jvnvu90014171/
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-19019
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-19018
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-19020
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-19011
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-19013
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-19015
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-19017
Trust: 0.8
url:https://industrial.omron.eu/
Trust: 0.3
sources:
            
            
            ZDI: ZDI-19-105 // 
            
            
            
            ZDI: ZDI-19-102 // 
            
            
            
            CNVD: CNVD-2019-14548 // 
            
            
            
            VULHUB: VHN-129630 // 
            
            
            
            BID: 106654 // 
            
            
            
            JVNDB: JVNDB-2019-001051 // 
            
            
            
            CNNVD: CNNVD-201901-737 // 
            
            
            
            NVD: CVE-2018-19013

CREDITS
Esteban Ruiz (mr_me) of Source Incite
Trust: 1.4
sources:
            
            
            ZDI: ZDI-19-105 // 
            
            
            
            ZDI: ZDI-19-102

SOURCES
db:IVDid:1c7e5b44-5c6b-4ac1-9519-e37db013737a
db:ZDIid:ZDI-19-105
db:ZDIid:ZDI-19-102
db:CNVDid:CNVD-2019-14548
db:VULHUBid:VHN-129630
db:BIDid:106654
db:JVNDBid:JVNDB-2019-001051
db:CNNVDid:CNNVD-201901-737
db:NVDid:CVE-2018-19013

LAST UPDATE DATE
2024-11-23T22:21:50.814000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-19-105date:2019-01-19T00:00:00
db:ZDIid:ZDI-19-102date:2019-01-19T00:00:00
db:CNVDid:CNVD-2019-14548date:2019-05-16T00:00:00
db:VULHUBid:VHN-129630date:2019-10-09T00:00:00
db:BIDid:106654date:2019-01-17T00:00:00
db:JVNDBid:JVNDB-2019-001051date:2019-08-27T00:00:00
db:CNNVDid:CNNVD-201901-737date:2019-10-17T00:00:00
db:NVDid:CVE-2018-19013date:2024-11-21T03:57:09.967

SOURCES RELEASE DATE
db:IVDid:1c7e5b44-5c6b-4ac1-9519-e37db013737adate:2019-05-16T00:00:00
db:ZDIid:ZDI-19-105date:2019-01-19T00:00:00
db:ZDIid:ZDI-19-102date:2019-01-19T00:00:00
db:CNVDid:CNVD-2019-14548date:2019-05-16T00:00:00
db:VULHUBid:VHN-129630date:2019-01-22T00:00:00
db:BIDid:106654date:2019-01-17T00:00:00
db:JVNDBid:JVNDB-2019-001051date:2019-01-21T00:00:00
db:CNNVDid:CNNVD-201901-737date:2019-01-18T00:00:00
db:NVDid:CVE-2018-19013date:2019-01-22T20:29:00.660