Sign-up

ID

VAR-202110-0968


CVE

CVE-2021-20836


TITLE

Made by OMRON  CX-Supervisor  Out-of-bounds memory reference vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-003080

DESCRIPTION

Out-of-bounds read vulnerability in CX-Supervisor v4.0.0.13 and v4.0.0.16 allows an attacker with administrative privileges to cause information disclosure and/or arbitrary code execution by opening a specially crafted SCS project files. Provided by OMRON Corporation CX-Supervisor Is a memory reference outside the area ( CWE-125 , CVE-2021-20836 ) Vulnerability exists. The following is the vulnerability information JPCERT/CC Report to JPCERT/CC Coordinated with the developers

Trust: 1.8

sources: NVD: CVE-2021-20836 // JVNDB: JVNDB-2021-003080 // VULHUB: VHN-378512 // VULMON: CVE-2021-20836

AFFECTED PRODUCTS

vendor:omronmodel:cx-supervisorscope:eqversion:4.0.0.13

Trust: 1.0

vendor:omronmodel:cx-supervisorscope:eqversion:4.0.0.16

Trust: 1.0

vendor:オムロン株式会社model:cx-supervisorscope:eqversion:v4.0.0.13

Trust: 0.8

vendor:オムロン株式会社model:cx-supervisorscope:eqversion:v4.0.0.16

Trust: 0.8

vendor:オムロン株式会社model:cx-supervisorscope:eqversion: -

Trust: 0.8

vendor:オムロン株式会社model:cx-supervisorscope:eqversion:also, is a product sold only outside japan.

Trust: 0.8

sources: JVNDB: JVNDB-2021-003080 // NVD: CVE-2021-20836

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-20836
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2021-003080
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202110-1213
value: MEDIUM

Trust: 0.6

VULHUB: VHN-378512
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-20836
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-20836
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-378512
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-20836
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.6
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2021-003080
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-378512 // VULMON: CVE-2021-20836 // JVNDB: JVNDB-2021-003080 // CNNVD: CNNVD-202110-1213 // NVD: CVE-2021-20836

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.1

problemtype:Out-of-bounds read (CWE-125) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-378512 // JVNDB: JVNDB-2021-003080 // NVD: CVE-2021-20836

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202110-1213

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202110-1213

PATCH

title:Release Notes For CX-Supervisor 4.1.1.2 OMRON Corporationurl:https://www.myomron.com/index.php?action=kb&article=1692

Trust: 0.8

title:Omron CX-Supervisor Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=167088

Trust: 0.6

sources: JVNDB: JVNDB-2021-003080 // CNNVD: CNNVD-202110-1213

EXTERNAL IDS

db:JVNid:JVNVU90041391

Trust: 2.6

db:NVDid:CVE-2021-20836

Trust: 2.6

db:JVNDBid:JVNDB-2021-003080

Trust: 1.4

db:CNNVDid:CNNVD-202110-1213

Trust: 0.6

db:VULHUBid:VHN-378512

Trust: 0.1

db:VULMONid:CVE-2021-20836

Trust: 0.1

sources: VULHUB: VHN-378512 // VULMON: CVE-2021-20836 // JVNDB: JVNDB-2021-003080 // CNNVD: CNNVD-202110-1213 // NVD: CVE-2021-20836

REFERENCES

url:https://jvn.jp/en/vu/jvnvu90041391/index.html

Trust: 1.8

url:https://www.myomron.com/index.php?action=kb&article=1692

Trust: 1.7

url:https://jvn.jp/vu/jvnvu90041391/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-20836

Trust: 0.8

url:https://jvndb.jvn.jp/en/contents/2021/jvndb-2021-003080.html

Trust: 0.6

url:https://www.myomron.com/index.php?action=kb&article=1692

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/125.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-378512 // VULMON: CVE-2021-20836 // JVNDB: JVNDB-2021-003080 // CNNVD: CNNVD-202110-1213 // NVD: CVE-2021-20836

SOURCES

db:VULHUBid:VHN-378512
db:VULMONid:CVE-2021-20836
db:JVNDBid:JVNDB-2021-003080
db:CNNVDid:CNNVD-202110-1213
db:NVDid:CVE-2021-20836

LAST UPDATE DATE

2024-08-14T15:37:52.499000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-378512date:2021-10-22T00:00:00
db:VULMONid:CVE-2021-20836date:2021-10-22T00:00:00
db:JVNDBid:JVNDB-2021-003080date:2021-11-01T06:34:00
db:CNNVDid:CNNVD-202110-1213date:2021-10-25T00:00:00
db:NVDid:CVE-2021-20836date:2021-10-22T17:02:14.547

SOURCES RELEASE DATE

db:VULHUBid:VHN-378512date:2021-10-19T00:00:00
db:VULMONid:CVE-2021-20836date:2021-10-19T00:00:00
db:JVNDBid:JVNDB-2021-003080date:2021-10-18T00:00:00
db:CNNVDid:CNNVD-202110-1213date:2021-10-15T00:00:00
db:NVDid:CVE-2021-20836date:2021-10-19T03:15:06.887