Details of VAR-201901-0854

ID

VAR-201901-0854

CVE

CVE-2018-19017

TITLE

OMRON CX-Supervisor SCS File Parsing Use-After-Free Remote Code Execution Vulnerability

Trust: 5.6

sources: ZDI: ZDI-19-176 // ZDI: ZDI-19-118 // ZDI: ZDI-19-115 // ZDI: ZDI-19-113 // ZDI: ZDI-19-114 // ZDI: ZDI-19-117 // ZDI: ZDI-19-112 // ZDI: ZDI-19-116

DESCRIPTION

Several use after free vulnerabilities have been identified in CX-Supervisor (Versions 3.42 and prior). When processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of project files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. The Omron CX-Supervisor is a powerful and advanced machine visualization package that provides a very flexible PC-based HMI environment. Program permission execution code. Omron CX-Supervisor is prone to the following security vulnerabilities: 1. A code-injection vulnerability 2. Multiple command-injection vulnerability 3. Omron CX-Supervisor is a visual machine controller produced by Omron Corporation of Japan

Trust: 7.74

sources: NVD: CVE-2018-19017 // JVNDB: JVNDB-2019-001051 // ZDI: ZDI-19-176 // ZDI: ZDI-19-118 // ZDI: ZDI-19-115 // ZDI: ZDI-19-113 // ZDI: ZDI-19-114 // ZDI: ZDI-19-117 // ZDI: ZDI-19-112 // ZDI: ZDI-19-116 // CNVD: CNVD-2019-14545 // BID: 106654 // IVD: a948638f-7894-4b71-88b6-ea6e2f59f286 // VULHUB: VHN-129634

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: a948638f-7894-4b71-88b6-ea6e2f59f286 // CNVD: CNVD-2019-14545

AFFECTED PRODUCTS

vendor:	omron	model:	cx-supervisor	scope:	-	version:	-	Trust: 5.6
vendor:	omron	model:	cx-supervisor	scope:	lte	version:	3.42	Trust: 1.0
vendor:	omron	model:	cx-supervisor	scope:	lte	version:	version 3.42	Trust: 0.8
vendor:	omron	model:	cx-supervisor	scope:	lte	version:	<=3.42	Trust: 0.6
vendor:	omron	model:	cx-supervisor	scope:	eq	version:	3.4.2	Trust: 0.3
vendor:	omron	model:	cx-supervisor	scope:	eq	version:	3.4.1	Trust: 0.3
vendor:	omron	model:	cx-supervisor	scope:	eq	version:	3.42	Trust: 0.3
vendor:	omron	model:	cx-supervisor	scope:	eq	version:	3.4.1.0	Trust: 0.3
vendor:	omron	model:	cx-supervisor	scope:	eq	version:	3.30	Trust: 0.3
vendor:	omron	model:	cx-supervisor	scope:	ne	version:	3.5.0.11	Trust: 0.3
vendor:	cx supervisor	model:	-	scope:	eq	version:	*	Trust: 0.2

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2018-19017
value:	HIGH
Trust: 4.2
JPCERT/CC:	JVNDB-2019-001051
value:	HIGH
Trust: 3.2
JPCERT/CC:	JVNDB-2019-001051
value:	MEDIUM
Trust: 1.6
ZDI:	CVE-2018-19017
value:	CRITICAL
Trust: 1.4
nvd@nist.gov:	CVE-2018-19017
value:	HIGH
Trust: 1.0
JPCERT/CC:	JVNDB-2019-001051
value:	LOW
Trust: 0.8
CNVD:	CNVD-2019-14545
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201901-739
value:	HIGH
Trust: 0.6
IVD:	a948638f-7894-4b71-88b6-ea6e2f59f286
value:	HIGH
Trust: 0.2
VULHUB:	VHN-129634
value:	MEDIUM
Trust: 0.1

JPCERT/CC:	JVNDB-2019-001051
severity:	MEDIUM
baseScore:	6.6
vectorString:	AV:L/AC:M/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 3.2
nvd@nist.gov:	CVE-2018-19017
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
JPCERT/CC:	JVNDB-2019-001051
severity:	MEDIUM
baseScore:	4.5
vectorString:	AV:L/AC:H/AU:S/C:N/I:P/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
JPCERT/CC:	JVNDB-2019-001051
severity:	MEDIUM
baseScore:	6.0
vectorString:	AV:L/AC:H/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
JPCERT/CC:	JVNDB-2019-001051
severity:	LOW
baseScore:	1.7
vectorString:	AV:L/AC:L/AU:S/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2019-14545
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	a948638f-7894-4b71-88b6-ea6e2f59f286
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-129634
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ZDI:	CVE-2018-19017
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 4.2
JPCERT/CC:	JVNDB-2019-001051
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 3.2
ZDI:	CVE-2018-19017
baseSeverity:	CRITICAL
baseScore:	7.0
vectorString:	AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.0
impactScore:	5.9
version:	3.0
Trust: 1.4
nvd@nist.gov:	CVE-2018-19017
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0
JPCERT/CC:	JVNDB-2019-001051
baseSeverity:	MEDIUM
baseScore:	5.0
vectorString:	CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
JPCERT/CC:	JVNDB-2019-001051
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
JPCERT/CC:	JVNDB-2019-001051
baseSeverity:	LOW
baseScore:	2.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: a948638f-7894-4b71-88b6-ea6e2f59f286 // ZDI: ZDI-19-176 // ZDI: ZDI-19-118 // ZDI: ZDI-19-115 // ZDI: ZDI-19-113 // ZDI: ZDI-19-114 // ZDI: ZDI-19-117 // ZDI: ZDI-19-112 // ZDI: ZDI-19-116 // CNVD: CNVD-2019-14545 // VULHUB: VHN-129634 // JVNDB: JVNDB-2019-001051 // JVNDB: JVNDB-2019-001051 // JVNDB: JVNDB-2019-001051 // JVNDB: JVNDB-2019-001051 // JVNDB: JVNDB-2019-001051 // JVNDB: JVNDB-2019-001051 // JVNDB: JVNDB-2019-001051 // CNNVD: CNNVD-201901-739 // NVD: CVE-2018-19017

PROBLEMTYPE DATA

problemtype:

CWE-416

Trust: 1.1

sources: VULHUB: VHN-129634 // NVD: CVE-2018-19017

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-739

TYPE

Resource management error

Trust: 0.8

sources: IVD: a948638f-7894-4b71-88b6-ea6e2f59f286 // CNNVD: CNNVD-201901-739

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001051

PATCH

title:	Omron has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01	Trust: 5.6
title:	Release Notes For CX-Supervisor 3.5	url:	https://www.myomron.com/index.php?action=kb&article=1711	Trust: 0.8
title:	Omron CX-Supervisor releases patches for reusing vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/161439	Trust: 0.6
title:	Omron CX-Supervisor Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89506	Trust: 0.6

sources: ZDI: ZDI-19-176 // ZDI: ZDI-19-118 // ZDI: ZDI-19-115 // ZDI: ZDI-19-113 // ZDI: ZDI-19-114 // ZDI: ZDI-19-117 // ZDI: ZDI-19-112 // ZDI: ZDI-19-116 // CNVD: CNVD-2019-14545 // JVNDB: JVNDB-2019-001051 // CNNVD: CNNVD-201901-739

EXTERNAL IDS

db:	NVD	id:	CVE-2018-19017	Trust: 9.2
db:	ICS CERT	id:	ICSA-19-017-01	Trust: 3.4
db:	BID	id:	106654	Trust: 2.0
db:	CNNVD	id:	CNNVD-201901-739	Trust: 0.9
db:	CNVD	id:	CNVD-2019-14545	Trust: 0.8
db:	JVN	id:	JVNVU90014171	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-001051	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-6698	Trust: 0.7
db:	ZDI	id:	ZDI-19-176	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6719	Trust: 0.7
db:	ZDI	id:	ZDI-19-118	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6689	Trust: 0.7
db:	ZDI	id:	ZDI-19-115	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6696	Trust: 0.7
db:	ZDI	id:	ZDI-19-113	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6688	Trust: 0.7
db:	ZDI	id:	ZDI-19-114	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6694	Trust: 0.7
db:	ZDI	id:	ZDI-19-117	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6693	Trust: 0.7
db:	ZDI	id:	ZDI-19-112	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6695	Trust: 0.7
db:	ZDI	id:	ZDI-19-116	Trust: 0.7
db:	IVD	id:	A948638F-7894-4B71-88B6-EA6E2F59F286	Trust: 0.2
db:	VULHUB	id:	VHN-129634	Trust: 0.1

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-19-017-01	Trust: 9.0
url:	http://www.securityfocus.com/bid/106654	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19019	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19018	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19020	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19011	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19013	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19015	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19017	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu90014171/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-19019	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-19018	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-19020	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-19011	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-19013	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-19015	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-19017	Trust: 0.8
url:	https://industrial.omron.eu/	Trust: 0.3

sources: ZDI: ZDI-19-176 // ZDI: ZDI-19-118 // ZDI: ZDI-19-115 // ZDI: ZDI-19-113 // ZDI: ZDI-19-114 // ZDI: ZDI-19-117 // ZDI: ZDI-19-112 // ZDI: ZDI-19-116 // CNVD: CNVD-2019-14545 // VULHUB: VHN-129634 // BID: 106654 // JVNDB: JVNDB-2019-001051 // CNNVD: CNNVD-201901-739 // NVD: CVE-2018-19017

CREDITS

Esteban Ruiz (mr_me) of Source Incite

Trust: 5.6

sources: ZDI: ZDI-19-176 // ZDI: ZDI-19-118 // ZDI: ZDI-19-115 // ZDI: ZDI-19-113 // ZDI: ZDI-19-114 // ZDI: ZDI-19-117 // ZDI: ZDI-19-112 // ZDI: ZDI-19-116

SOURCES

db:	IVD	id:	a948638f-7894-4b71-88b6-ea6e2f59f286
db:	ZDI	id:	ZDI-19-176
db:	ZDI	id:	ZDI-19-118
db:	ZDI	id:	ZDI-19-115
db:	ZDI	id:	ZDI-19-113
db:	ZDI	id:	ZDI-19-114
db:	ZDI	id:	ZDI-19-117
db:	ZDI	id:	ZDI-19-112
db:	ZDI	id:	ZDI-19-116
db:	CNVD	id:	CNVD-2019-14545
db:	VULHUB	id:	VHN-129634
db:	BID	id:	106654
db:	JVNDB	id:	JVNDB-2019-001051
db:	CNNVD	id:	CNNVD-201901-739
db:	NVD	id:	CVE-2018-19017

LAST UPDATE DATE

2024-11-23T22:21:50.738000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-19-176	date:	2019-02-08T00:00:00
db:	ZDI	id:	ZDI-19-118	date:	2019-01-19T00:00:00
db:	ZDI	id:	ZDI-19-115	date:	2019-01-19T00:00:00
db:	ZDI	id:	ZDI-19-113	date:	2019-01-19T00:00:00
db:	ZDI	id:	ZDI-19-114	date:	2019-01-19T00:00:00
db:	ZDI	id:	ZDI-19-117	date:	2019-01-19T00:00:00
db:	ZDI	id:	ZDI-19-112	date:	2019-01-19T00:00:00
db:	ZDI	id:	ZDI-19-116	date:	2019-01-19T00:00:00
db:	CNVD	id:	CNVD-2019-14545	date:	2019-05-16T00:00:00
db:	VULHUB	id:	VHN-129634	date:	2019-10-09T00:00:00
db:	BID	id:	106654	date:	2019-01-17T00:00:00
db:	JVNDB	id:	JVNDB-2019-001051	date:	2019-08-27T00:00:00
db:	CNNVD	id:	CNNVD-201901-739	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-19017	date:	2024-11-21T03:57:10.480

SOURCES RELEASE DATE

db:	IVD	id:	a948638f-7894-4b71-88b6-ea6e2f59f286	date:	2019-05-16T00:00:00
db:	ZDI	id:	ZDI-19-176	date:	2019-02-08T00:00:00
db:	ZDI	id:	ZDI-19-118	date:	2019-01-19T00:00:00
db:	ZDI	id:	ZDI-19-115	date:	2019-01-19T00:00:00
db:	ZDI	id:	ZDI-19-113	date:	2019-01-19T00:00:00
db:	ZDI	id:	ZDI-19-114	date:	2019-01-19T00:00:00
db:	ZDI	id:	ZDI-19-117	date:	2019-01-19T00:00:00
db:	ZDI	id:	ZDI-19-112	date:	2019-01-19T00:00:00
db:	ZDI	id:	ZDI-19-116	date:	2019-01-19T00:00:00
db:	CNVD	id:	CNVD-2019-14545	date:	2019-05-16T00:00:00
db:	VULHUB	id:	VHN-129634	date:	2019-01-22T00:00:00
db:	BID	id:	106654	date:	2019-01-17T00:00:00
db:	JVNDB	id:	JVNDB-2019-001051	date:	2019-01-21T00:00:00
db:	CNNVD	id:	CNNVD-201901-739	date:	2019-01-18T00:00:00
db:	NVD	id:	CVE-2018-19017	date:	2019-01-22T20:29:00.893