Sign-up

ID

VAR-201902-0136


CVE

CVE-2019-6555


TITLE

Horner Automation Cscape CSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Trust: 1.4

sources: ZDI: ZDI-19-227 // ZDI: ZDI-19-226

DESCRIPTION

Cscape, 9.80 SP4 and prior. An improper input validation vulnerability may be exploited by processing specially crafted POC files. This may allow an attacker to read confidential information and remotely execute arbitrary code. Cscape Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of CSP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. Horner Automation Cscape version 9.80 SP4 and prior are vulnerable

Trust: 3.15

sources: NVD: CVE-2019-6555 // JVNDB: JVNDB-2019-002115 // ZDI: ZDI-19-227 // ZDI: ZDI-19-226 // BID: 107087

AFFECTED PRODUCTS

vendor:horner automationmodel:cscapescope: - version: -

Trust: 1.4

vendor:hornerautomationmodel:cscapescope:ltversion:9.80

Trust: 1.0

vendor:hornerautomationmodel:cscapescope:eqversion:9.80

Trust: 1.0

vendor:horner automationmodel:cscapescope:lteversion:9.80 sp4

Trust: 0.8

vendor:hornermodel:automation cscapescope:eqversion:9.80.75.3

Trust: 0.3

vendor:hornermodel:automation cscape sp4scope:eqversion:9.80

Trust: 0.3

vendor:hornermodel:automation cscape sp2scope:eqversion:9.80

Trust: 0.3

vendor:hornermodel:automation cscape sp1scope:eqversion:9.80

Trust: 0.3

vendor:hornermodel:automation cscapescope:eqversion:9.80

Trust: 0.3

vendor:hornermodel:automation cscapescope:eqversion:9.3

Trust: 0.3

vendor:hornermodel:automation cscapescope:eqversion:9.0

Trust: 0.3

vendor:hornermodel:automation cscapescope:eqversion:8.0

Trust: 0.3

vendor:hornermodel:automation cscapescope:eqversion:4

Trust: 0.3

vendor:hornermodel:automation cscapescope:neversion:9.90

Trust: 0.3

sources: ZDI: ZDI-19-227 // ZDI: ZDI-19-226 // BID: 107087 // JVNDB: JVNDB-2019-002115 // NVD: CVE-2019-6555

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2019-6555
value: HIGH

Trust: 1.4

nvd@nist.gov: CVE-2019-6555
value: HIGH

Trust: 1.0

NVD: CVE-2019-6555
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201902-740
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-6555
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2019-6555
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.4

nvd@nist.gov: CVE-2019-6555
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-6555
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: ZDI: ZDI-19-227 // ZDI: ZDI-19-226 // JVNDB: JVNDB-2019-002115 // CNNVD: CNNVD-201902-740 // NVD: CVE-2019-6555

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2019-002115 // NVD: CVE-2019-6555

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201902-740

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 107087 // CNNVD: CNNVD-201902-740

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-002115

PATCH
title:Horner Automation has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-19-050-03
Trust: 1.4
title:Cscapeurl:http://www.horner-apg.com/en/products/software/cscape.aspx
Trust: 0.8
title:Horner Automation Cscape Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89541
Trust: 0.6
sources:
            
            
            ZDI: ZDI-19-227 // 
            
            
            
            ZDI: ZDI-19-226 // 
            
            
            
            JVNDB: JVNDB-2019-002115 // 
            
            
            
            CNNVD: CNNVD-201902-740

EXTERNAL IDS
db:NVDid:CVE-2019-6555
Trust: 4.1
db:ICS CERTid:ICSA-19-050-03
Trust: 2.7
db:BIDid:107087
Trust: 1.9
db:ZDIid:ZDI-19-227
Trust: 1.3
db:JVNDBid:JVNDB-2019-002115
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-7615
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-7616
Trust: 0.7
db:ZDIid:ZDI-19-226
Trust: 0.7
db:NSFOCUSid:43679
Trust: 0.6
db:AUSCERTid:ESB-2019.0520
Trust: 0.6
db:CNNVDid:CNNVD-201902-740
Trust: 0.6
sources:
            
            
            ZDI: ZDI-19-227 // 
            
            
            
            ZDI: ZDI-19-226 // 
            
            
            
            BID: 107087 // 
            
            
            
            JVNDB: JVNDB-2019-002115 // 
            
            
            
            CNNVD: CNNVD-201902-740 // 
            
            
            
            NVD: CVE-2019-6555

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-19-050-03
Trust: 4.7
url:http://www.securityfocus.com/bid/107087
Trust: 2.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-6555
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6555
Trust: 0.8
url:https://www.auscert.org.au/bulletins/75822
Trust: 0.6
url:http://www.nsfocus.net/vulndb/43679
Trust: 0.6
url:https://www.zerodayinitiative.com/advisories/zdi-19-227/
Trust: 0.6
url:https://hornerautomation.com/cscape-software/
Trust: 0.3
url:https://hornerautomation.com/
Trust: 0.3
sources:
            
            
            ZDI: ZDI-19-227 // 
            
            
            
            ZDI: ZDI-19-226 // 
            
            
            
            BID: 107087 // 
            
            
            
            JVNDB: JVNDB-2019-002115 // 
            
            
            
            CNNVD: CNNVD-201902-740 // 
            
            
            
            NVD: CVE-2019-6555

CREDITS
Anonymous
Trust: 1.4
sources:
            
            
            ZDI: ZDI-19-227 // 
            
            
            
            ZDI: ZDI-19-226

SOURCES
db:ZDIid:ZDI-19-227
db:ZDIid:ZDI-19-226
db:BIDid:107087
db:JVNDBid:JVNDB-2019-002115
db:CNNVDid:CNNVD-201902-740
db:NVDid:CVE-2019-6555

LAST UPDATE DATE
2024-08-14T15:34:04.936000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-19-227date:2019-02-20T00:00:00
db:ZDIid:ZDI-19-226date:2019-02-20T00:00:00
db:BIDid:107087date:2019-02-19T00:00:00
db:JVNDBid:JVNDB-2019-002115date:2019-04-03T00:00:00
db:CNNVDid:CNNVD-201902-740date:2019-10-17T00:00:00
db:NVDid:CVE-2019-6555date:2022-11-30T22:13:23.347

SOURCES RELEASE DATE
db:ZDIid:ZDI-19-227date:2019-02-20T00:00:00
db:ZDIid:ZDI-19-226date:2019-02-20T00:00:00
db:BIDid:107087date:2019-02-19T00:00:00
db:JVNDBid:JVNDB-2019-002115date:2019-04-03T00:00:00
db:CNNVDid:CNNVD-201902-740date:2019-02-19T00:00:00
db:NVDid:CVE-2019-6555date:2019-02-28T20:29:00.323