ID

VAR-201901-0858


CVE

CVE-2018-19027


TITLE

OMRON CX-One CX-Protocol CObject Type Confusion Remote Code Execution Vulnerability

Trust: 2.8

sources: ZDI: ZDI-19-120 // ZDI: ZDI-19-019 // ZDI: ZDI-19-017 // ZDI: ZDI-19-018

DESCRIPTION

Three type confusion vulnerabilities exist in CX-One Versions 4.50 and prior and CX-Protocol Versions 2.0 and prior when processing project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application. Provided by OMRON Corporation CX-One Contains a vulnerability that allows arbitrary code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of PSW files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. The Omron CX-One is an integrated toolkit from Omron, Japan (Omron) that includes networking, PT, frequency converters, temperature controllers, and PLC programming software. CX-Protocol is one of the components used to create serial communication protocols to communicate with standard serial devices. Omron CX-Protocol is prone to multiple arbitrary code-execution vulnerabilities. Failed exploits will result in denial-of-service conditions

Trust: 5.22

sources: NVD: CVE-2018-19027 // JVNDB: JVNDB-2019-001004 // ZDI: ZDI-19-120 // ZDI: ZDI-19-019 // ZDI: ZDI-19-017 // ZDI: ZDI-19-018 // CNVD: CNVD-2019-01682 // BID: 106524 // IVD: 7d84a600-463f-11e9-9ea8-000c29342cb1 // VULHUB: VHN-129645

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 7d84a600-463f-11e9-9ea8-000c29342cb1 // CNVD: CNVD-2019-01682

AFFECTED PRODUCTS

vendor:omronmodel:cx-onescope: - version: -

Trust: 2.8

vendor:omronmodel:cx-protocolscope:lteversion:2.0

Trust: 1.0

vendor:omronmodel:cx-onescope:lteversion:4.50

Trust: 1.0

vendor:omronmodel:cx-onescope:lteversion:version 4.50

Trust: 0.8

vendor:omronmodel:cx-protocolscope:lteversion:version 2.0

Trust: 0.8

vendor:omronmodel:cx-onescope:lteversion:<=4.50

Trust: 0.6

vendor:omronmodel:cx-protocolscope:lteversion:<=2.0

Trust: 0.6

vendor:omronmodel:cx-protocolscope:eqversion:2.0

Trust: 0.3

vendor:omronmodel:cx-protocolscope:eqversion:1.993

Trust: 0.3

vendor:omronmodel:cx-protocolscope:eqversion:1.992

Trust: 0.3

vendor:omronmodel:cx-onescope:eqversion:4.50

Trust: 0.3

vendor:omronmodel:cx-onescope:eqversion:4.42

Trust: 0.3

vendor:omronmodel:cx-protocolscope:neversion:2.0.1

Trust: 0.3

vendor:cx onemodel: - scope:eqversion:*

Trust: 0.2

vendor:cx protocolmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 7d84a600-463f-11e9-9ea8-000c29342cb1 // ZDI: ZDI-19-120 // ZDI: ZDI-19-019 // ZDI: ZDI-19-017 // ZDI: ZDI-19-018 // CNVD: CNVD-2019-01682 // BID: 106524 // JVNDB: JVNDB-2019-001004 // NVD: CVE-2018-19027

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2018-19027
value: HIGH

Trust: 2.8

nvd@nist.gov: CVE-2018-19027
value: HIGH

Trust: 1.0

JPCERT/CC: JVNDB-2019-001004
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-01682
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201901-432
value: HIGH

Trust: 0.6

IVD: 7d84a600-463f-11e9-9ea8-000c29342cb1
value: HIGH

Trust: 0.2

VULHUB: VHN-129645
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-19027
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

JPCERT/CC: JVNDB-2019-001004
severity: MEDIUM
baseScore: 5.4
vectorString: AV:A/AC:M/AU:N/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2019-01682
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 7d84a600-463f-11e9-9ea8-000c29342cb1
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-129645
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ZDI: CVE-2018-19027
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 2.8

nvd@nist.gov: CVE-2018-19027
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.0

JPCERT/CC: JVNDB-2019-001004
baseSeverity: MEDIUM
baseScore: 6.6
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 7d84a600-463f-11e9-9ea8-000c29342cb1 // ZDI: ZDI-19-120 // ZDI: ZDI-19-019 // ZDI: ZDI-19-017 // ZDI: ZDI-19-018 // CNVD: CNVD-2019-01682 // VULHUB: VHN-129645 // JVNDB: JVNDB-2019-001004 // CNNVD: CNNVD-201901-432 // NVD: CVE-2018-19027

PROBLEMTYPE DATA

problemtype:CWE-843

Trust: 1.8

problemtype:CWE-704

Trust: 1.1

sources: VULHUB: VHN-129645 // JVNDB: JVNDB-2019-001004 // NVD: CVE-2018-19027

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201901-432

TYPE

Code problem

Trust: 0.8

sources: IVD: 7d84a600-463f-11e9-9ea8-000c29342cb1 // CNNVD: CNNVD-201901-432

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001004

PATCH

title:Omron has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-19-010-02

Trust: 2.8

title:CX-One バージョンアップ プログラム ダウンロードurl:https://www.fa.omron.co.jp/product/tool/26/cxone/one1.html

Trust: 0.8

title:CX-Protocol の更新内容: Ver.2.01 : CX-Oneオートアップデート(V4向け_2019年1月)url:https://www.fa.omron.co.jp/product/tool/26/cxone/j4_doc.html#cx_protocol

Trust: 0.8

title:Omron CX-One CX-Protocol patch for arbitrary code execution vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/150175

Trust: 0.6

title:Omron CX-One CX-Protocol Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88590

Trust: 0.6

sources: ZDI: ZDI-19-120 // ZDI: ZDI-19-019 // ZDI: ZDI-19-017 // ZDI: ZDI-19-018 // CNVD: CNVD-2019-01682 // JVNDB: JVNDB-2019-001004 // CNNVD: CNNVD-201901-432

EXTERNAL IDS

db:NVDid:CVE-2018-19027

Trust: 6.4

db:ICS CERTid:ICSA-19-010-02

Trust: 2.8

db:BIDid:106524

Trust: 2.6

db:CNNVDid:CNNVD-201901-432

Trust: 0.9

db:CNVDid:CNVD-2019-01682

Trust: 0.8

db:JVNid:JVNVU97716739

Trust: 0.8

db:JVNDBid:JVNDB-2019-001004

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-6587

Trust: 0.7

db:ZDIid:ZDI-19-120

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6585

Trust: 0.7

db:ZDIid:ZDI-19-019

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6565

Trust: 0.7

db:ZDIid:ZDI-19-017

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6566

Trust: 0.7

db:ZDIid:ZDI-19-018

Trust: 0.7

db:IVDid:7D84A600-463F-11E9-9EA8-000C29342CB1

Trust: 0.2

db:SEEBUGid:SSVID-98818

Trust: 0.1

db:VULHUBid:VHN-129645

Trust: 0.1

sources: IVD: 7d84a600-463f-11e9-9ea8-000c29342cb1 // ZDI: ZDI-19-120 // ZDI: ZDI-19-019 // ZDI: ZDI-19-017 // ZDI: ZDI-19-018 // CNVD: CNVD-2019-01682 // VULHUB: VHN-129645 // BID: 106524 // JVNDB: JVNDB-2019-001004 // CNNVD: CNNVD-201901-432 // NVD: CVE-2018-19027

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-19-010-02

Trust: 5.6

url:http://www.securityfocus.com/bid/106524

Trust: 2.3

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19027

Trust: 0.8

url:https://jvn.jp/vu/jvnvu97716739/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-19027

Trust: 0.8

url:https://industrial.omron.us/en/home

Trust: 0.3

sources: ZDI: ZDI-19-120 // ZDI: ZDI-19-019 // ZDI: ZDI-19-017 // ZDI: ZDI-19-018 // CNVD: CNVD-2019-01682 // VULHUB: VHN-129645 // BID: 106524 // JVNDB: JVNDB-2019-001004 // CNNVD: CNNVD-201901-432 // NVD: CVE-2018-19027

CREDITS

Esteban Ruiz (mr_me) of Source Incite

Trust: 3.7

sources: ZDI: ZDI-19-120 // ZDI: ZDI-19-019 // ZDI: ZDI-19-017 // ZDI: ZDI-19-018 // BID: 106524 // CNNVD: CNNVD-201901-432

SOURCES

db:IVDid:7d84a600-463f-11e9-9ea8-000c29342cb1
db:ZDIid:ZDI-19-120
db:ZDIid:ZDI-19-019
db:ZDIid:ZDI-19-017
db:ZDIid:ZDI-19-018
db:CNVDid:CNVD-2019-01682
db:VULHUBid:VHN-129645
db:BIDid:106524
db:JVNDBid:JVNDB-2019-001004
db:CNNVDid:CNNVD-201901-432
db:NVDid:CVE-2018-19027

LAST UPDATE DATE

2024-11-23T22:48:30.648000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-19-120date:2019-01-24T00:00:00
db:ZDIid:ZDI-19-019date:2019-01-14T00:00:00
db:ZDIid:ZDI-19-017date:2019-01-14T00:00:00
db:ZDIid:ZDI-19-018date:2019-01-14T00:00:00
db:CNVDid:CNVD-2019-01682date:2019-01-16T00:00:00
db:VULHUBid:VHN-129645date:2019-10-09T00:00:00
db:BIDid:106524date:2019-01-10T00:00:00
db:JVNDBid:JVNDB-2019-001004date:2019-08-27T00:00:00
db:CNNVDid:CNNVD-201901-432date:2019-10-17T00:00:00
db:NVDid:CVE-2018-19027date:2024-11-21T03:57:11.363

SOURCES RELEASE DATE

db:IVDid:7d84a600-463f-11e9-9ea8-000c29342cb1date:2019-01-16T00:00:00
db:ZDIid:ZDI-19-120date:2019-01-24T00:00:00
db:ZDIid:ZDI-19-019date:2019-01-14T00:00:00
db:ZDIid:ZDI-19-017date:2019-01-14T00:00:00
db:ZDIid:ZDI-19-018date:2019-01-14T00:00:00
db:CNVDid:CNVD-2019-01682date:2019-01-16T00:00:00
db:VULHUBid:VHN-129645date:2019-01-30T00:00:00
db:BIDid:106524date:2019-01-10T00:00:00
db:JVNDBid:JVNDB-2019-001004date:2019-01-15T00:00:00
db:CNNVDid:CNNVD-201901-432date:2019-01-14T00:00:00
db:NVDid:CVE-2018-19027date:2019-01-30T16:29:00.690