Sign-up

ID

VAR-201904-0185


CVE

CVE-2019-6556


TITLE

OMRON CX-One Free memory usage vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-002360

DESCRIPTION

When processing project files, the application (Omron CX-Programmer v9.70 and prior and Common Components January 2019 and prior) fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One CX-Programmer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of CXP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. Omron CX-Programmer is prone to an arbitrary code-execution vulnerability. Failed attempts will likely cause a denial-of-service condition. Omron CX-Programmer version 9.70 and prior are vulnerable; other versions may also be vulnerable. Both Omron CX-Programmer and Omron Common Components are products of Omron Corporation of Japan. Omron CX-Programmer is a PLC (Programmable Logic Controller) programming software. Omron Common Components is a PLC common component. This product includes PLC tools such as I/O table, PLC memory, PLC system setup, data trace/time graph monitoring, PLC error log, file memory, PLC clock, routing table and data link table. A resource management error vulnerability exists in Omron CX-Programmer 9.70 and earlier and Common Components 2019-1 and earlier. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products

Trust: 2.61

sources: NVD: CVE-2019-6556 // JVNDB: JVNDB-2019-002360 // ZDI: ZDI-19-344 // BID: 107773 // VULHUB: VHN-157991

AFFECTED PRODUCTS

vendor:omronmodel:cx-programmerscope:lteversion:9.70

Trust: 1.8

vendor:omronmodel:common componentsscope:lteversion:2019-01

Trust: 1.0

vendor:omronmodel:common componentsscope:lteversion:january 2019

Trust: 0.8

vendor:omronmodel:cx-onescope: - version: -

Trust: 0.7

vendor:omronmodel:cx-programmerscope:eqversion:9.70

Trust: 0.3

vendor:omronmodel:cx-programmerscope:eqversion:9.66

Trust: 0.3

vendor:omronmodel:cx-programmerscope:eqversion:9.65

Trust: 0.3

vendor:omronmodel:cx-programmerscope:neversion:9.71

Trust: 0.3

sources: ZDI: ZDI-19-344 // BID: 107773 // JVNDB: JVNDB-2019-002360 // NVD: CVE-2019-6556

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6556
value: MEDIUM

Trust: 1.0

JPCERT/CC: JVNDB-2019-002360
value: MEDIUM

Trust: 0.8

ZDI: CVE-2019-6556
value: HIGH

Trust: 0.7

CNNVD: CNNVD-201904-228
value: MEDIUM

Trust: 0.6

VULHUB: VHN-157991
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-6556
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

JPCERT/CC: JVNDB-2019-002360
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-157991
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-6556
baseSeverity: MEDIUM
baseScore: 6.6
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 4.7
version: 3.0

Trust: 1.0

JPCERT/CC: JVNDB-2019-002360
baseSeverity: MEDIUM
baseScore: 6.6
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2019-6556
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-19-344 // VULHUB: VHN-157991 // JVNDB: JVNDB-2019-002360 // CNNVD: CNNVD-201904-228 // NVD: CVE-2019-6556

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.9

sources: VULHUB: VHN-157991 // JVNDB: JVNDB-2019-002360 // NVD: CVE-2019-6556

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201904-228

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201904-228

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-002360

PATCH
title:CX-One バージョンアップ プログラム ダウンロードurl:https://www.fa.omron.co.jp/product/tool/26/cxone/one1.html
Trust: 0.8
title:CX-Programmer の更新内容 | Ver.9.71 : CX-Oneオートアップデート(V4向け_2019年4月)url:https://www.fa.omron.co.jp/product/tool/26/cxone/j4_doc.html#cx_programmer
Trust: 0.8
title:共通モジュール の更新内容 | − :CX-Oneオートアップデート(V4向け_2019年4月)url:https://www.fa.omron.co.jp/product/tool/26/cxone/j4_doc.html#common_module
Trust: 0.8
title:Omron has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-19-094-01
Trust: 0.7
title:Omron CX-Programmer Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91096
Trust: 0.6
sources:
            
            
            ZDI: ZDI-19-344 // 
            
            
            
            JVNDB: JVNDB-2019-002360 // 
            
            
            
            CNNVD: CNNVD-201904-228

EXTERNAL IDS
db:NVDid:CVE-2019-6556
Trust: 3.5
db:ICS CERTid:ICSA-19-094-01
Trust: 2.8
db:ZDIid:ZDI-19-344
Trust: 2.4
db:BIDid:107773
Trust: 1.0
db:JVNid:JVNVU98267543
Trust: 0.8
db:JVNDBid:JVNDB-2019-002360
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-6609
Trust: 0.7
db:CNNVDid:CNNVD-201904-228
Trust: 0.7
db:AUSCERTid:ESB-2019.1152
Trust: 0.6
db:VULHUBid:VHN-157991
Trust: 0.1
sources:
            
            
            ZDI: ZDI-19-344 // 
            
            
            
            VULHUB: VHN-157991 // 
            
            
            
            BID: 107773 // 
            
            
            
            JVNDB: JVNDB-2019-002360 // 
            
            
            
            CNNVD: CNNVD-201904-228 // 
            
            
            
            NVD: CVE-2019-6556

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-19-094-01
Trust: 3.5
url:https://www.zerodayinitiative.com/advisories/zdi-19-344/
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-6556
Trust: 1.4
url:http://www.securityfocus.com/bid/107773
Trust: 1.2
url:https://industrial.omron.us/en/home
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6556
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98267543/
Trust: 0.8
url:https://www.auscert.org.au/bulletins/78474
Trust: 0.6
sources:
            
            
            ZDI: ZDI-19-344 // 
            
            
            
            VULHUB: VHN-157991 // 
            
            
            
            BID: 107773 // 
            
            
            
            JVNDB: JVNDB-2019-002360 // 
            
            
            
            CNNVD: CNNVD-201904-228 // 
            
            
            
            NVD: CVE-2019-6556

CREDITS
Esteban Ruiz (mr_me) of Source Incite
Trust: 0.7
sources:
            
            
            ZDI: ZDI-19-344

SOURCES
db:ZDIid:ZDI-19-344
db:VULHUBid:VHN-157991
db:BIDid:107773
db:JVNDBid:JVNDB-2019-002360
db:CNNVDid:CNNVD-201904-228
db:NVDid:CVE-2019-6556

LAST UPDATE DATE
2024-11-23T21:52:22.055000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-19-344date:2019-04-15T00:00:00
db:VULHUBid:VHN-157991date:2019-04-15T00:00:00
db:BIDid:107773date:2019-04-04T00:00:00
db:JVNDBid:JVNDB-2019-002360date:2019-09-30T00:00:00
db:CNNVDid:CNNVD-201904-228date:2019-04-16T00:00:00
db:NVDid:CVE-2019-6556date:2024-11-21T04:46:41.313

SOURCES RELEASE DATE
db:ZDIid:ZDI-19-344date:2019-04-15T00:00:00
db:VULHUBid:VHN-157991date:2019-04-10T00:00:00
db:BIDid:107773date:2019-04-04T00:00:00
db:JVNDBid:JVNDB-2019-002360date:2019-04-08T00:00:00
db:CNNVDid:CNNVD-201904-228date:2019-04-04T00:00:00
db:NVDid:CVE-2019-6556date:2019-04-10T20:29:01.210