Details of VAR-201910-1211

ID

VAR-201910-1211

CVE

CVE-2019-13541

TITLE

Horner Automation Cscape Input validation error vulnerability

Trust: 1.4

sources: IVD: 44f0526f-dea9-4432-8189-6feef60c5577 // CNVD: CNVD-2019-38466 // CNNVD: CNNVD-201910-1222

DESCRIPTION

In Horner Automation Cscape 9.90 and prior, an improper input validation vulnerability has been identified that may be exploited by processing files lacking user input validation. This may allow an attacker to access information and remotely execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of CSP files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. Horner Automation Cscape is a set of programming software for the development of industrial control systems by Horner Automation

Trust: 2.97

sources: NVD: CVE-2019-13541 // JVNDB: JVNDB-2019-011073 // ZDI: ZDI-19-902 // CNVD: CNVD-2019-38466 // IVD: 44f0526f-dea9-4432-8189-6feef60c5577

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 44f0526f-dea9-4432-8189-6feef60c5577 // CNVD: CNVD-2019-38466

AFFECTED PRODUCTS

vendor:	hornerautomation	model:	cscape	scope:	lte	version:	9.90	Trust: 1.0
vendor:	horner automation	model:	cscape	scope:	lte	version:	9.90	Trust: 0.8
vendor:	horner automation	model:	cscape	scope:	-	version:	-	Trust: 0.7
vendor:	horner	model:	automation cscape	scope:	lte	version:	<=9.90	Trust: 0.6
vendor:	cscape	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 44f0526f-dea9-4432-8189-6feef60c5577 // ZDI: ZDI-19-902 // CNVD: CNVD-2019-38466 // JVNDB: JVNDB-2019-011073 // NVD: CVE-2019-13541

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-13541
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-13541
value:	HIGH
Trust: 0.8
ZDI:	CVE-2019-13541
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2019-38466
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201910-1222
value:	HIGH
Trust: 0.6
IVD:	44f0526f-dea9-4432-8189-6feef60c5577
value:	HIGH
Trust: 0.2

nvd@nist.gov:	CVE-2019-13541
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-38466
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	44f0526f-dea9-4432-8189-6feef60c5577
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2019-13541
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-13541
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2019-13541
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: IVD: 44f0526f-dea9-4432-8189-6feef60c5577 // ZDI: ZDI-19-902 // CNVD: CNVD-2019-38466 // JVNDB: JVNDB-2019-011073 // CNNVD: CNNVD-201910-1222 // NVD: CVE-2019-13541

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.8
problemtype:	CWE-787	Trust: 1.0

sources: JVNDB: JVNDB-2019-011073 // NVD: CVE-2019-13541

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201910-1222

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201910-1222

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-011073

PATCH

title:	Cscape	url:	http://www.horner-apg.com/en/products/software/cscape.aspx	Trust: 0.8
title:	Horner Automation has issued an update to correct this vulnerability.	url:	https://www.us-cert.gov/ics/advisories/icsa-19-290-02	Trust: 0.7
title:	Patch for Horner Automation Cscape Input Validation Error Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/188073	Trust: 0.6

sources: ZDI: ZDI-19-902 // CNVD: CNVD-2019-38466 // JVNDB: JVNDB-2019-011073

EXTERNAL IDS

db:	NVD	id:	CVE-2019-13541	Trust: 3.9
db:	ICS CERT	id:	ICSA-19-290-02	Trust: 3.0
db:	ZDI	id:	ZDI-19-902	Trust: 2.3
db:	CNVD	id:	CNVD-2019-38466	Trust: 0.8
db:	CNNVD	id:	CNNVD-201910-1222	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-011073	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-8444	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.3885	Trust: 0.6
db:	IVD	id:	44F0526F-DEA9-4432-8189-6FEEF60C5577	Trust: 0.2

sources: IVD: 44f0526f-dea9-4432-8189-6feef60c5577 // ZDI: ZDI-19-902 // CNVD: CNVD-2019-38466 // JVNDB: JVNDB-2019-011073 // CNNVD: CNNVD-201910-1222 // NVD: CVE-2019-13541

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsa-19-290-02	Trust: 4.3
url:	https://www.zerodayinitiative.com/advisories/zdi-19-902/	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13541	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13541	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2019.3885/	Trust: 0.6

sources: ZDI: ZDI-19-902 // CNVD: CNVD-2019-38466 // JVNDB: JVNDB-2019-011073 // CNNVD: CNNVD-201910-1222 // NVD: CVE-2019-13541

CREDITS

Francis Provencher {PRL}

Trust: 1.3

sources: ZDI: ZDI-19-902 // CNNVD: CNNVD-201910-1222

SOURCES

db:	IVD	id:	44f0526f-dea9-4432-8189-6feef60c5577
db:	ZDI	id:	ZDI-19-902
db:	CNVD	id:	CNVD-2019-38466
db:	JVNDB	id:	JVNDB-2019-011073
db:	CNNVD	id:	CNNVD-201910-1222
db:	NVD	id:	CVE-2019-13541

LAST UPDATE DATE

2024-08-14T14:04:10.702000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-19-902	date:	2019-10-18T00:00:00
db:	CNVD	id:	CNVD-2019-38466	date:	2019-11-01T00:00:00
db:	JVNDB	id:	JVNDB-2019-011073	date:	2019-10-28T00:00:00
db:	CNNVD	id:	CNNVD-201910-1222	date:	2020-10-10T00:00:00
db:	NVD	id:	CVE-2019-13541	date:	2020-10-09T12:54:44.273

SOURCES RELEASE DATE

db:	IVD	id:	44f0526f-dea9-4432-8189-6feef60c5577	date:	2019-11-01T00:00:00
db:	ZDI	id:	ZDI-19-902	date:	2019-10-18T00:00:00
db:	CNVD	id:	CNVD-2019-38466	date:	2019-10-31T00:00:00
db:	JVNDB	id:	JVNDB-2019-011073	date:	2019-10-28T00:00:00
db:	CNNVD	id:	CNNVD-201910-1222	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2019-13541	date:	2019-10-18T19:15:10.960