Details of VAR-201911-1039

ID

VAR-201911-1039

CVE

CVE-2019-18251

TITLE

Omron CX-Supervisor and Teamviewer Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2019-012792

DESCRIPTION

In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervisor ships with Teamviewer Version 5.0.8703 QS. This version of Teamviewer is vulnerable to an obsolete function vulnerability requiring user interaction to exploit. Omron CX-Supervisor and Teamviewer Has unspecified vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of OMRON CX-Supervisor. The issue results from the use of an outdated version of Teamviewer containing known vulnerabilities. An attacker can leverage this vulnerability to execute code in the context of the current process. Omron CX-Supervisor is a visual machine controller from Japan's Omron. CX-Supervisor has an unknown vulnerability, which can be used by an attacker to cause information leakage, comprehensive damage to the system, and denial of service. TeamViewer is a set of software for remote control, desktop sharing and file transfer of German TeamViewer company

Trust: 3.15

sources: NVD: CVE-2019-18251 // JVNDB: JVNDB-2019-012792 // ZDI: ZDI-19-997 // CNVD: CNVD-2019-42429 // IVD: 72b943a0-4d32-4f39-8090-625814291929 // VULHUB: VHN-150579 // VULMON: CVE-2019-18251

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 72b943a0-4d32-4f39-8090-625814291929 // CNVD: CNVD-2019-42429

AFFECTED PRODUCTS

vendor:	teamviewer	model:	teamviewer	scope:	eq	version:	5.0.8703_qs	Trust: 1.0
vendor:	omron	model:	cx-supervisor	scope:	lte	version:	3.5\(12\)	Trust: 1.0
vendor:	teamviewer	model:	teamviewer	scope:	eq	version:	5.0.8703 qs	Trust: 0.8
vendor:	omron	model:	cx-supervisor	scope:	lte	version:	3.5 (12)	Trust: 0.8
vendor:	omron	model:	cx-supervisor	scope:	-	version:	-	Trust: 0.7
vendor:	omron	model:	cx-supervisor	scope:	lte	version:	<=3.5(12)	Trust: 0.6
vendor:	cx supervisor	model:	-	scope:	lte	version:	<=3.5(12)	Trust: 0.2

sources: IVD: 72b943a0-4d32-4f39-8090-625814291929 // ZDI: ZDI-19-997 // CNVD: CNVD-2019-42429 // JVNDB: JVNDB-2019-012792 // NVD: CVE-2019-18251

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-18251
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-18251
value:	HIGH
Trust: 0.8
ZDI:	CVE-2019-18251
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2019-42429
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201911-999
value:	HIGH
Trust: 0.6
IVD:	72b943a0-4d32-4f39-8090-625814291929
value:	HIGH
Trust: 0.2
VULHUB:	VHN-150579
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2019-18251
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-18251
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2019-42429
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	72b943a0-4d32-4f39-8090-625814291929
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-150579
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-18251
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-18251
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2019-18251
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: IVD: 72b943a0-4d32-4f39-8090-625814291929 // ZDI: ZDI-19-997 // CNVD: CNVD-2019-42429 // VULHUB: VHN-150579 // VULMON: CVE-2019-18251 // JVNDB: JVNDB-2019-012792 // CNNVD: CNNVD-201911-999 // NVD: CVE-2019-18251

PROBLEMTYPE DATA

problemtype:	CWE-477	Trust: 1.0
problemtype:	NVD-CWE-noinfo	Trust: 1.0

sources: NVD: CVE-2019-18251

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-999

TYPE

other

Trust: 0.8

sources: IVD: 72b943a0-4d32-4f39-8090-625814291929 // CNNVD: CNNVD-201911-999

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-012792

PATCH

title:	Top Page	url:	https://www.fa.omron.co.jp/	Trust: 0.8
title:	Top Page	url:	https://www.teamviewer.com/ja/	Trust: 0.8
title:	Omron has issued an update to correct this vulnerability.	url:	https://www.us-cert.gov/ics/advisories/icsa-19-318-04	Trust: 0.7
title:	Patch for Omron CX-Supervisor has an unknown vulnerability (CNVD-2019-42429)	url:	https://www.cnvd.org.cn/patchInfo/show/192107	Trust: 0.6
title:	Omron CX-Supervisor Teamviewer Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103868	Trust: 0.6
title:	nvd_scrapper	url:	https://github.com/abhav/nvd_scrapper	Trust: 0.1

sources: ZDI: ZDI-19-997 // CNVD: CNVD-2019-42429 // VULMON: CVE-2019-18251 // JVNDB: JVNDB-2019-012792 // CNNVD: CNNVD-201911-999

EXTERNAL IDS

db:	NVD	id:	CVE-2019-18251	Trust: 4.1
db:	ZDI	id:	ZDI-19-997	Trust: 3.3
db:	ICS CERT	id:	ICSA-19-318-04	Trust: 3.2
db:	CNNVD	id:	CNNVD-201911-999	Trust: 0.9
db:	CNVD	id:	CNVD-2019-42429	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-012792	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-9313	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.4729	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4314	Trust: 0.6
db:	NSFOCUS	id:	47528	Trust: 0.6
db:	IVD	id:	72B943A0-4D32-4F39-8090-625814291929	Trust: 0.2
db:	VULHUB	id:	VHN-150579	Trust: 0.1
db:	VULMON	id:	CVE-2019-18251	Trust: 0.1

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsa-19-318-04	Trust: 3.9
url:	https://www.zerodayinitiative.com/advisories/zdi-19-997/	Trust: 2.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-18251	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18251	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2019.4729/	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/47528	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4314/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/171553	Trust: 0.1
url:	https://github.com/abhav/nvd_scrapper	Trust: 0.1

sources: ZDI: ZDI-19-997 // CNVD: CNVD-2019-42429 // VULHUB: VHN-150579 // VULMON: CVE-2019-18251 // JVNDB: JVNDB-2019-012792 // CNNVD: CNNVD-201911-999 // NVD: CVE-2019-18251

CREDITS

Michael DePlante

Trust: 1.3

sources: ZDI: ZDI-19-997 // CNNVD: CNNVD-201911-999

SOURCES

db:	IVD	id:	72b943a0-4d32-4f39-8090-625814291929
db:	ZDI	id:	ZDI-19-997
db:	CNVD	id:	CNVD-2019-42429
db:	VULHUB	id:	VHN-150579
db:	VULMON	id:	CVE-2019-18251
db:	JVNDB	id:	JVNDB-2019-012792
db:	CNNVD	id:	CNNVD-201911-999
db:	NVD	id:	CVE-2019-18251

LAST UPDATE DATE

2024-11-23T22:33:39.414000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-19-997	date:	2019-12-09T00:00:00
db:	CNVD	id:	CNVD-2019-42429	date:	2019-11-27T00:00:00
db:	VULHUB	id:	VHN-150579	date:	2019-12-11T00:00:00
db:	VULMON	id:	CVE-2019-18251	date:	2019-12-11T00:00:00
db:	JVNDB	id:	JVNDB-2019-012792	date:	2019-12-13T00:00:00
db:	CNNVD	id:	CNNVD-201911-999	date:	2020-08-10T00:00:00
db:	NVD	id:	CVE-2019-18251	date:	2024-11-21T04:32:55.383

SOURCES RELEASE DATE

db:	IVD	id:	72b943a0-4d32-4f39-8090-625814291929	date:	2019-11-27T00:00:00
db:	ZDI	id:	ZDI-19-997	date:	2019-12-09T00:00:00
db:	CNVD	id:	CNVD-2019-42429	date:	2019-11-27T00:00:00
db:	VULHUB	id:	VHN-150579	date:	2019-11-26T00:00:00
db:	VULMON	id:	CVE-2019-18251	date:	2019-11-26T00:00:00
db:	JVNDB	id:	JVNDB-2019-012792	date:	2019-12-13T00:00:00
db:	CNNVD	id:	CNNVD-201911-999	date:	2019-11-14T00:00:00
db:	NVD	id:	CVE-2019-18251	date:	2019-11-26T00:15:11.857