Vulnerability CVE-2018-0651


Published: 2019-01-09

Description:
Buffer overflow in the license management function of YOKOGAWA products (iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earlier) allows remote attackers to stop the license management function or execute an arbitrary program via unspecified vectors.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Yokogawa -> Astplanner 
Yokogawa -> Trifellows 
Yokogawa -> Idefine for prosafe-rs firmware 
Yokogawa -> Stardom fcn/fcj simulator firmware 
Yokogawa -> Stardom versatile data server firmware 

 References:
http://www.securityfocus.com/bid/105124
https://jvn.jp/vu/JVNVU93845358/
https://web-material3.yokogawa.com/YSAR-18-0006-E.pdf

Copyright 2020, cxsecurity.com

 

Back to Top