Sign-up

ID

VAR-201902-0644


CVE

CVE-2018-19020


TITLE

OMRON CX-Supervisor Multiple vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2019-001051

DESCRIPTION

When CX-Supervisor (Versions 3.42 and prior) processes project files and tampers with the value of an offset, an attacker can force the application to read a value outside of an array. Provided by OMRON Corporation CX-Supervisor Contains the following multiple vulnerabilities: * Code injection (CWE-94) - CVE-2018-19011 By processing a specially crafted project file, arbitrary code can be executed with application privileges. * Command injection (CWE-77) - CVE-2018-19013 By processing a specially crafted project file, files on the device and their contents are deleted. * Command injection (CWE-77) - CVE-2018-19015 By processing a specially crafted project file, the program is executed with the authority of the application, and a file on the device is created, written and read. * Use After Free ( Use of freed memory ) (CWE-416) - CVE-2018-19017 By processing a specially crafted project file, arbitrary code can be executed with application privileges. * Access of Resource Using Incompatible Type ( Mixing of molds ) (CWE-843) - CVE-2018-19019 By processing a specially crafted project file, arbitrary code can be executed with application privileges. * Access of Uninitialized Pointer ( Uninitialized pointer access ) (CWE-824) - CVE-2018-19018 By processing a specially crafted project file, arbitrary code can be executed with application privileges. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of SCS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Omron CX-Supervisor is a visual machine controller produced by Omron Corporation of Japan. A security vulnerability exists in Omron CX-Supervisor 3.42 and earlier

Trust: 2.34

sources: NVD: CVE-2018-19020 // JVNDB: JVNDB-2019-001051 // ZDI: ZDI-19-173 // VULHUB: VHN-129638

AFFECTED PRODUCTS

vendor:omronmodel:cx-supervisorscope:lteversion:3.42

Trust: 1.0

vendor:omronmodel:cx-supervisorscope:lteversion:version 3.42

Trust: 0.8

vendor:omronmodel:cx-supervisorscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-19-173 // JVNDB: JVNDB-2019-001051 // NVD: CVE-2018-19020

CVSS

SEVERITY

CVSSV2

CVSSV3

JPCERT/CC: JVNDB-2019-001051
value: HIGH

Trust: 3.2

JPCERT/CC: JVNDB-2019-001051
value: MEDIUM

Trust: 1.6

nvd@nist.gov: CVE-2018-19020
value: MEDIUM

Trust: 1.0

JPCERT/CC: JVNDB-2019-001051
value: LOW

Trust: 0.8

ZDI: CVE-2018-19020
value: LOW

Trust: 0.7

CNNVD: CNNVD-201902-511
value: MEDIUM

Trust: 0.6

VULHUB: VHN-129638
value: LOW

Trust: 0.1

JPCERT/CC: JVNDB-2019-001051
severity: MEDIUM
baseScore: 6.6
vectorString: AV:L/AC:M/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 3.2

nvd@nist.gov: CVE-2018-19020
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

JPCERT/CC: JVNDB-2019-001051
severity: MEDIUM
baseScore: 4.5
vectorString: AV:L/AC:H/AU:S/C:N/I:P/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

JPCERT/CC: JVNDB-2019-001051
severity: MEDIUM
baseScore: 6.0
vectorString: AV:L/AC:H/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

JPCERT/CC: JVNDB-2019-001051
severity: LOW
baseScore: 1.7
vectorString: AV:L/AC:L/AU:S/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-129638
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

JPCERT/CC: JVNDB-2019-001051
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 3.2

nvd@nist.gov: CVE-2018-19020
baseSeverity: MEDIUM
baseScore: 5.0
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.3
impactScore: 3.6
version: 3.0

Trust: 1.0

JPCERT/CC: JVNDB-2019-001051
baseSeverity: MEDIUM
baseScore: 5.0
vectorString: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

JPCERT/CC: JVNDB-2019-001051
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

JPCERT/CC: JVNDB-2019-001051
baseSeverity: LOW
baseScore: 2.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2018-19020
baseSeverity: LOW
baseScore: 3.3
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-19-173 // VULHUB: VHN-129638 // JVNDB: JVNDB-2019-001051 // JVNDB: JVNDB-2019-001051 // JVNDB: JVNDB-2019-001051 // JVNDB: JVNDB-2019-001051 // JVNDB: JVNDB-2019-001051 // JVNDB: JVNDB-2019-001051 // JVNDB: JVNDB-2019-001051 // CNNVD: CNNVD-201902-511 // NVD: CVE-2018-19020

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.1

sources: VULHUB: VHN-129638 // NVD: CVE-2018-19020

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201902-511

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201902-511

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-001051

PATCH
title:Release Notes For CX-Supervisor 3.5url:https://www.myomron.com/index.php?action=kb&article=1711
Trust: 0.8
title:Omron has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01
Trust: 0.7
title:Omron CX-Supervisor Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89322
Trust: 0.6
sources:
            
            
            ZDI: ZDI-19-173 // 
            
            
            
            JVNDB: JVNDB-2019-001051 // 
            
            
            
            CNNVD: CNNVD-201902-511

EXTERNAL IDS
db:NVDid:CVE-2018-19020
Trust: 3.2
db:ICS CERTid:ICSA-19-017-01
Trust: 2.5
db:JVNid:JVNVU90014171
Trust: 0.8
db:JVNDBid:JVNDB-2019-001051
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-7464
Trust: 0.7
db:ZDIid:ZDI-19-173
Trust: 0.7
db:CNNVDid:CNNVD-201902-511
Trust: 0.7
db:VULHUBid:VHN-129638
Trust: 0.1
sources:
            
            
            ZDI: ZDI-19-173 // 
            
            
            
            VULHUB: VHN-129638 // 
            
            
            
            JVNDB: JVNDB-2019-001051 // 
            
            
            
            CNNVD: CNNVD-201902-511 // 
            
            
            
            NVD: CVE-2018-19020

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-19-017-01
Trust: 3.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-19020
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19019
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19018
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19020
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19011
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19013
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19015
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19017
Trust: 0.8
url:https://jvn.jp/vu/jvnvu90014171/
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-19019
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-19018
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-19011
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-19013
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-19015
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-19017
Trust: 0.8
sources:
            
            
            ZDI: ZDI-19-173 // 
            
            
            
            VULHUB: VHN-129638 // 
            
            
            
            JVNDB: JVNDB-2019-001051 // 
            
            
            
            CNNVD: CNNVD-201902-511 // 
            
            
            
            NVD: CVE-2018-19020

CREDITS
Michael DePlante of Trend Micro Zero Day Initiative
Trust: 0.7
sources:
            
            
            ZDI: ZDI-19-173

SOURCES
db:ZDIid:ZDI-19-173
db:VULHUBid:VHN-129638
db:JVNDBid:JVNDB-2019-001051
db:CNNVDid:CNNVD-201902-511
db:NVDid:CVE-2018-19020

LAST UPDATE DATE
2024-11-23T22:21:50.945000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-19-173date:2019-02-08T00:00:00
db:VULHUBid:VHN-129638date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-001051date:2019-08-27T00:00:00
db:CNNVDid:CNNVD-201902-511date:2019-10-17T00:00:00
db:NVDid:CVE-2018-19020date:2024-11-21T03:57:10.860

SOURCES RELEASE DATE
db:ZDIid:ZDI-19-173date:2019-02-08T00:00:00
db:VULHUBid:VHN-129638date:2019-02-12T00:00:00
db:JVNDBid:JVNDB-2019-001051date:2019-01-21T00:00:00
db:CNNVDid:CNNVD-201902-511date:2019-02-12T00:00:00
db:NVDid:CVE-2018-19020date:2019-02-12T22:29:00.407