CVE-2018-0651

Buffer overflow in the license management function of YOKOGAWA products (iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earlier) allows remote attackers to stop the license management function or execute an arbitrary program via unspecified vectors.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/105124	Third Party Advisory VDB Entry
https://jvn.jp/vu/JVNVU93845358/	Third Party Advisory
https://web-material3.yokogawa.com/YSAR-18-0006-E.pdf	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:yokogawa:idefine_for_prosafe-rs_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:yokogawa:idefine_for_prosafe-rs:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:yokogawa:stardom_versatile_data_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:yokogawa:stardom_versatile_data_server:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:yokogawa:stardom_fcn\/fcj_simulator_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:yokogawa:stardom_fcn\/fcj_simulator:-:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:yokogawa:astplanner:*:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:a:yokogawa:trifellows:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-01-09 23:29

Updated : 2024-02-04 20:03

NVD link : CVE-2018-0651

Mitre link : CVE-2018-0651

CVE.ORG link : CVE-2018-0651

JSON object : View

Products Affected

yokogawa

idefine_for_prosafe-rs
trifellows
idefine_for_prosafe-rs_firmware
astplanner
stardom_fcn\/fcj_simulator_firmware
stardom_versatile_data_server
stardom_fcn\/fcj_simulator
stardom_versatile_data_server_firmware

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2018-0651", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-01-09T23:29:01.310", "references": [{"url": "http://www.securityfocus.com/bid/105124", "tags": ["Third Party Advisory", "VDB Entry"], "source": "vultures@jpcert.or.jp"}, {"url": "https://jvn.jp/vu/JVNVU93845358/", "tags": ["Third Party Advisory"], "source": "vultures@jpcert.or.jp"}, {"url": "https://web-material3.yokogawa.com/YSAR-18-0006-E.pdf", "tags": ["Vendor Advisory"], "source": "vultures@jpcert.or.jp"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in the license management function of YOKOGAWA products (iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earlier) allows remote attackers to stop the license management function or execute an arbitrary program via unspecified vectors."}, {"lang": "es", "value": "Un desbordamiento de b\u00fafer en la funci\u00f3n license management de los productos YOKOGAWA (iDefine para ProSafe-RS R1.16.3 y anteriores, STARDOM VDS R7.50 y anteriores, STARDOM FCN/FCJ Simulator R4.20 y anteriores, ASTPLANNER R15.01 y anteriores y TriFellows V5.04 y anteriores) permite a los atacantes remotos detener la funci\u00f3n license management o ejecutar un programa arbitrario mediante vectores sin especificar."}], "lastModified": "2019-02-11T15:10:59.997", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:yokogawa:idefine_for_prosafe-rs_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7851E070-90AB-4D59-8344-0EE2793CA6FE", "versionEndIncluding": "r1.16.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:yokogawa:idefine_for_prosafe-rs:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "32A41D85-4B1C-4BC2-985B-EEF7B2A54CB4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:yokogawa:stardom_versatile_data_server_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77AA433A-952F-4E08-809F-33AFCCD4F78F", "versionEndIncluding": "r7.50"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:yokogawa:stardom_versatile_data_server:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5F710319-2FCB-4917-AFF4-879A083018B9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:yokogawa:stardom_fcn\\/fcj_simulator_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "627067AE-6ABE-4FE2-A449-2BC0CA3FE44F", "versionEndIncluding": "r4.20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:yokogawa:stardom_fcn\\/fcj_simulator:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2CEC8244-968F-45D9-BFEB-FFF947CCCA16"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:yokogawa:astplanner:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB408657-A584-4D66-A178-E84487FF6481", "versionEndIncluding": "r15.01"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:yokogawa:trifellows:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8D1FBF3-9F09-4C11-BBBC-4B105DBC3460", "versionEndIncluding": "v5.04"}], "operator": "OR"}]}], "sourceIdentifier": "vultures@jpcert.or.jp"}