Search criteria
12 vulnerabilities found for e-designer by mitsubishielectric
VAR-201804-0783
Vulnerability from variot - Updated: 2023-12-18 12:36Mitsubishi E-Designer, Version 7.52 Build 344 contains five code sections which may be exploited to overwrite the heap. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash. Mitsubishi E-Designer Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mitsubishi Electric E-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of a driver configuration file when initializing the BEMicroLogix component. When parsing the property TCP_IP_Address, the process fails to properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the Administrator. E-Designer is an E-series programming software from Mitsubishi Electric Europe B.V. Mitsubishi Electric Europe B.V. Mitsubishi E-Designer is prone to the following vulnerabilities: 1. Multiple stack-based overflow vulnerabilities. 2. Multiple heap-based overflow vulnerabilities. 3. Multiple denial-of-service overflow vulnerabilities. Failed exploit attempts will result in denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0783",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "e-designer",
"scope": null,
"trust": 3.5,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "e-designer",
"scope": "eq",
"trust": 1.6,
"vendor": "mitsubishielectric",
"version": "7.52"
},
{
"model": "e-designer",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "7.52 build 344"
},
{
"model": "electric europe b.v. e-designer build",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "7.52344"
},
{
"model": "electric e-designer build",
"scope": "eq",
"trust": 0.3,
"vendor": "mitsubishi",
"version": "7.52344"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "e designer",
"version": "7.52"
}
],
"sources": [
{
"db": "IVD",
"id": "de3e14c2-eb4d-4863-9a11-51565da2e669"
},
{
"db": "ZDI",
"id": "ZDI-17-510"
},
{
"db": "ZDI",
"id": "ZDI-17-518"
},
{
"db": "ZDI",
"id": "ZDI-17-517"
},
{
"db": "ZDI",
"id": "ZDI-17-512"
},
{
"db": "ZDI",
"id": "ZDI-17-511"
},
{
"db": "CNVD",
"id": "CNVD-2017-22836"
},
{
"db": "BID",
"id": "100097"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013250"
},
{
"db": "NVD",
"id": "CVE-2017-9636"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-867"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:e-designer:7.52:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9636"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-510"
},
{
"db": "ZDI",
"id": "ZDI-17-518"
},
{
"db": "ZDI",
"id": "ZDI-17-517"
},
{
"db": "ZDI",
"id": "ZDI-17-512"
},
{
"db": "ZDI",
"id": "ZDI-17-511"
}
],
"trust": 3.5
},
"cve": "CVE-2017-9636",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2017-9636",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 3.5,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-9636",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-22836",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "de3e14c2-eb4d-4863-9a11-51565da2e669",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-9636",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2017-9636",
"trust": 3.5,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-9636",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2017-22836",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-867",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "de3e14c2-eb4d-4863-9a11-51565da2e669",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2017-9636",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "de3e14c2-eb4d-4863-9a11-51565da2e669"
},
{
"db": "ZDI",
"id": "ZDI-17-510"
},
{
"db": "ZDI",
"id": "ZDI-17-518"
},
{
"db": "ZDI",
"id": "ZDI-17-517"
},
{
"db": "ZDI",
"id": "ZDI-17-512"
},
{
"db": "ZDI",
"id": "ZDI-17-511"
},
{
"db": "CNVD",
"id": "CNVD-2017-22836"
},
{
"db": "VULMON",
"id": "CVE-2017-9636"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013250"
},
{
"db": "NVD",
"id": "CVE-2017-9636"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-867"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mitsubishi E-Designer, Version 7.52 Build 344 contains five code sections which may be exploited to overwrite the heap. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash. Mitsubishi E-Designer Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mitsubishi Electric E-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of a driver configuration file when initializing the BEMicroLogix component. When parsing the property TCP_IP_Address, the process fails to properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the Administrator. E-Designer is an E-series programming software from Mitsubishi Electric Europe B.V. Mitsubishi Electric Europe B.V. Mitsubishi E-Designer is prone to the following vulnerabilities:\n1. Multiple stack-based overflow vulnerabilities. \n2. Multiple heap-based overflow vulnerabilities. \n3. Multiple denial-of-service overflow vulnerabilities. Failed exploit attempts will result in denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9636"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013250"
},
{
"db": "ZDI",
"id": "ZDI-17-510"
},
{
"db": "ZDI",
"id": "ZDI-17-518"
},
{
"db": "ZDI",
"id": "ZDI-17-517"
},
{
"db": "ZDI",
"id": "ZDI-17-512"
},
{
"db": "ZDI",
"id": "ZDI-17-511"
},
{
"db": "CNVD",
"id": "CNVD-2017-22836"
},
{
"db": "BID",
"id": "100097"
},
{
"db": "IVD",
"id": "de3e14c2-eb4d-4863-9a11-51565da2e669"
},
{
"db": "VULMON",
"id": "CVE-2017-9636"
}
],
"trust": 5.85
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9636",
"trust": 7.1
},
{
"db": "ICS CERT",
"id": "ICSA-17-213-01",
"trust": 3.4
},
{
"db": "BID",
"id": "100097",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2017-22836",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-867",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013250",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3802",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-510",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3794",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-518",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3795",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-517",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3800",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-512",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3801",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-511",
"trust": 0.7
},
{
"db": "IVD",
"id": "DE3E14C2-EB4D-4863-9A11-51565DA2E669",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2017-9636",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "de3e14c2-eb4d-4863-9a11-51565da2e669"
},
{
"db": "ZDI",
"id": "ZDI-17-510"
},
{
"db": "ZDI",
"id": "ZDI-17-518"
},
{
"db": "ZDI",
"id": "ZDI-17-517"
},
{
"db": "ZDI",
"id": "ZDI-17-512"
},
{
"db": "ZDI",
"id": "ZDI-17-511"
},
{
"db": "CNVD",
"id": "CNVD-2017-22836"
},
{
"db": "VULMON",
"id": "CVE-2017-9636"
},
{
"db": "BID",
"id": "100097"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013250"
},
{
"db": "NVD",
"id": "CVE-2017-9636"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-867"
}
]
},
"id": "VAR-201804-0783",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "de3e14c2-eb4d-4863-9a11-51565da2e669"
},
{
"db": "CNVD",
"id": "CNVD-2017-22836"
}
],
"trust": 1.675
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "de3e14c2-eb4d-4863-9a11-51565da2e669"
},
{
"db": "CNVD",
"id": "CNVD-2017-22836"
}
]
},
"last_update_date": "2023-12-18T12:36:52.098000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Mitsubishi Electric has issued an update to correct this vulnerability.",
"trust": 3.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-213-01"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.mitsubishielectric.co.jp/fa/"
},
{
"title": "Patch for Mitsubishi Electric Europe B.V. E-Designer Buffer Overflow Vulnerability (CNVD-2017-22836)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/100853"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-510"
},
{
"db": "ZDI",
"id": "ZDI-17-518"
},
{
"db": "ZDI",
"id": "ZDI-17-517"
},
{
"db": "ZDI",
"id": "ZDI-17-512"
},
{
"db": "ZDI",
"id": "ZDI-17-511"
},
{
"db": "CNVD",
"id": "CNVD-2017-22836"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013250"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013250"
},
{
"db": "NVD",
"id": "CVE-2017-9636"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 6.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-213-01"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/100097"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9636"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9636"
},
{
"trust": 0.3,
"url": "http://www.mrslim.com/home.asp"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-510"
},
{
"db": "ZDI",
"id": "ZDI-17-518"
},
{
"db": "ZDI",
"id": "ZDI-17-517"
},
{
"db": "ZDI",
"id": "ZDI-17-512"
},
{
"db": "ZDI",
"id": "ZDI-17-511"
},
{
"db": "CNVD",
"id": "CNVD-2017-22836"
},
{
"db": "VULMON",
"id": "CVE-2017-9636"
},
{
"db": "BID",
"id": "100097"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013250"
},
{
"db": "NVD",
"id": "CVE-2017-9636"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-867"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "de3e14c2-eb4d-4863-9a11-51565da2e669"
},
{
"db": "ZDI",
"id": "ZDI-17-510"
},
{
"db": "ZDI",
"id": "ZDI-17-518"
},
{
"db": "ZDI",
"id": "ZDI-17-517"
},
{
"db": "ZDI",
"id": "ZDI-17-512"
},
{
"db": "ZDI",
"id": "ZDI-17-511"
},
{
"db": "CNVD",
"id": "CNVD-2017-22836"
},
{
"db": "VULMON",
"id": "CVE-2017-9636"
},
{
"db": "BID",
"id": "100097"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013250"
},
{
"db": "NVD",
"id": "CVE-2017-9636"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-867"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "de3e14c2-eb4d-4863-9a11-51565da2e669"
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-510"
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-518"
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-517"
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-512"
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-511"
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22836"
},
{
"date": "2018-04-17T00:00:00",
"db": "VULMON",
"id": "CVE-2017-9636"
},
{
"date": "2017-08-01T00:00:00",
"db": "BID",
"id": "100097"
},
{
"date": "2018-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013250"
},
{
"date": "2018-04-17T14:29:00.417000",
"db": "NVD",
"id": "CVE-2017-9636"
},
{
"date": "2017-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-867"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-510"
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-518"
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-517"
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-512"
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-511"
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22836"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2017-9636"
},
{
"date": "2017-08-01T00:00:00",
"db": "BID",
"id": "100097"
},
{
"date": "2018-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013250"
},
{
"date": "2019-10-09T23:30:44.737000",
"db": "NVD",
"id": "CVE-2017-9636"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-867"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-867"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mitsubishi E-Designer Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013250"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "de3e14c2-eb4d-4863-9a11-51565da2e669"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-867"
}
],
"trust": 0.8
}
}
VAR-201804-0784
Vulnerability from variot - Updated: 2023-12-18 12:36Mitsubishi E-Designer, Version 7.52 Build 344 contains six code sections which may be exploited to overwrite the stack. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash. Mitsubishi E-Designer Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mitsubishi Electric E-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of SetupAlarm sections of a mpa (project specification) file. When parsing the property Font, the process fails to properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the Administrator. E-Designer is an E-series programming software from Mitsubishi Electric Europe B.V. Mitsubishi E-Designer is prone to the following vulnerabilities: 1. Multiple stack-based overflow vulnerabilities. 2. Multiple heap-based overflow vulnerabilities. 3. Multiple denial-of-service overflow vulnerabilities. Failed exploit attempts will result in denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0784",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "e-designer",
"scope": null,
"trust": 4.2,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "e-designer",
"scope": "eq",
"trust": 1.6,
"vendor": "mitsubishielectric",
"version": "7.52"
},
{
"model": "e-designer",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "7.52 build 344"
},
{
"model": "electric europe b.v. e-designer build",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "7.52344"
},
{
"model": "electric e-designer build",
"scope": "eq",
"trust": 0.3,
"vendor": "mitsubishi",
"version": "7.52344"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "e designer",
"version": "7.52"
}
],
"sources": [
{
"db": "IVD",
"id": "ba5b1d78-480a-4bc9-a667-e19335367d20"
},
{
"db": "ZDI",
"id": "ZDI-17-508"
},
{
"db": "ZDI",
"id": "ZDI-17-509"
},
{
"db": "ZDI",
"id": "ZDI-17-516"
},
{
"db": "ZDI",
"id": "ZDI-17-514"
},
{
"db": "ZDI",
"id": "ZDI-17-513"
},
{
"db": "ZDI",
"id": "ZDI-17-515"
},
{
"db": "CNVD",
"id": "CNVD-2017-22835"
},
{
"db": "BID",
"id": "100097"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013251"
},
{
"db": "NVD",
"id": "CVE-2017-9638"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-865"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:e-designer:7.52:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9638"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-508"
},
{
"db": "ZDI",
"id": "ZDI-17-509"
},
{
"db": "ZDI",
"id": "ZDI-17-516"
},
{
"db": "ZDI",
"id": "ZDI-17-514"
},
{
"db": "ZDI",
"id": "ZDI-17-513"
},
{
"db": "ZDI",
"id": "ZDI-17-515"
}
],
"trust": 4.2
},
"cve": "CVE-2017-9638",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2017-9638",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 4.2,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-9638",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-22835",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "ba5b1d78-480a-4bc9-a667-e19335367d20",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-9638",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2017-9638",
"trust": 4.2,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-9638",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2017-22835",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-865",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "ba5b1d78-480a-4bc9-a667-e19335367d20",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2017-9638",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ba5b1d78-480a-4bc9-a667-e19335367d20"
},
{
"db": "ZDI",
"id": "ZDI-17-508"
},
{
"db": "ZDI",
"id": "ZDI-17-509"
},
{
"db": "ZDI",
"id": "ZDI-17-516"
},
{
"db": "ZDI",
"id": "ZDI-17-514"
},
{
"db": "ZDI",
"id": "ZDI-17-513"
},
{
"db": "ZDI",
"id": "ZDI-17-515"
},
{
"db": "CNVD",
"id": "CNVD-2017-22835"
},
{
"db": "VULMON",
"id": "CVE-2017-9638"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013251"
},
{
"db": "NVD",
"id": "CVE-2017-9638"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-865"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mitsubishi E-Designer, Version 7.52 Build 344 contains six code sections which may be exploited to overwrite the stack. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash. Mitsubishi E-Designer Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mitsubishi Electric E-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of SetupAlarm sections of a mpa (project specification) file. When parsing the property Font, the process fails to properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the Administrator. E-Designer is an E-series programming software from Mitsubishi Electric Europe B.V. Mitsubishi E-Designer is prone to the following vulnerabilities:\n1. Multiple stack-based overflow vulnerabilities. \n2. Multiple heap-based overflow vulnerabilities. \n3. Multiple denial-of-service overflow vulnerabilities. Failed exploit attempts will result in denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9638"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013251"
},
{
"db": "ZDI",
"id": "ZDI-17-508"
},
{
"db": "ZDI",
"id": "ZDI-17-509"
},
{
"db": "ZDI",
"id": "ZDI-17-516"
},
{
"db": "ZDI",
"id": "ZDI-17-514"
},
{
"db": "ZDI",
"id": "ZDI-17-513"
},
{
"db": "ZDI",
"id": "ZDI-17-515"
},
{
"db": "CNVD",
"id": "CNVD-2017-22835"
},
{
"db": "BID",
"id": "100097"
},
{
"db": "IVD",
"id": "ba5b1d78-480a-4bc9-a667-e19335367d20"
},
{
"db": "VULMON",
"id": "CVE-2017-9638"
}
],
"trust": 6.48
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9638",
"trust": 7.8
},
{
"db": "ICS CERT",
"id": "ICSA-17-213-01",
"trust": 3.4
},
{
"db": "BID",
"id": "100097",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2017-22835",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-865",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013251",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3803",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-508",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3808",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-509",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3796",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-516",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3798",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-514",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3799",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-513",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3797",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-515",
"trust": 0.7
},
{
"db": "IVD",
"id": "BA5B1D78-480A-4BC9-A667-E19335367D20",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2017-9638",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "ba5b1d78-480a-4bc9-a667-e19335367d20"
},
{
"db": "ZDI",
"id": "ZDI-17-508"
},
{
"db": "ZDI",
"id": "ZDI-17-509"
},
{
"db": "ZDI",
"id": "ZDI-17-516"
},
{
"db": "ZDI",
"id": "ZDI-17-514"
},
{
"db": "ZDI",
"id": "ZDI-17-513"
},
{
"db": "ZDI",
"id": "ZDI-17-515"
},
{
"db": "CNVD",
"id": "CNVD-2017-22835"
},
{
"db": "VULMON",
"id": "CVE-2017-9638"
},
{
"db": "BID",
"id": "100097"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013251"
},
{
"db": "NVD",
"id": "CVE-2017-9638"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-865"
}
]
},
"id": "VAR-201804-0784",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "ba5b1d78-480a-4bc9-a667-e19335367d20"
},
{
"db": "CNVD",
"id": "CNVD-2017-22835"
}
],
"trust": 1.675
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "ba5b1d78-480a-4bc9-a667-e19335367d20"
},
{
"db": "CNVD",
"id": "CNVD-2017-22835"
}
]
},
"last_update_date": "2023-12-18T12:36:52.212000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Mitsubishi Electric has issued an update to correct this vulnerability.",
"trust": 4.2,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-213-01"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.mitsubishielectric.co.jp/fa/"
},
{
"title": "Patch for Mitsubishi Electric Europe B.V. E-Designer Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/100854"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-508"
},
{
"db": "ZDI",
"id": "ZDI-17-509"
},
{
"db": "ZDI",
"id": "ZDI-17-516"
},
{
"db": "ZDI",
"id": "ZDI-17-514"
},
{
"db": "ZDI",
"id": "ZDI-17-513"
},
{
"db": "ZDI",
"id": "ZDI-17-515"
},
{
"db": "CNVD",
"id": "CNVD-2017-22835"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013251"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013251"
},
{
"db": "NVD",
"id": "CVE-2017-9638"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 7.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-213-01"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/100097"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9638"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9638"
},
{
"trust": 0.3,
"url": "http://www.mrslim.com/home.asp"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-508"
},
{
"db": "ZDI",
"id": "ZDI-17-509"
},
{
"db": "ZDI",
"id": "ZDI-17-516"
},
{
"db": "ZDI",
"id": "ZDI-17-514"
},
{
"db": "ZDI",
"id": "ZDI-17-513"
},
{
"db": "ZDI",
"id": "ZDI-17-515"
},
{
"db": "CNVD",
"id": "CNVD-2017-22835"
},
{
"db": "VULMON",
"id": "CVE-2017-9638"
},
{
"db": "BID",
"id": "100097"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013251"
},
{
"db": "NVD",
"id": "CVE-2017-9638"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-865"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "ba5b1d78-480a-4bc9-a667-e19335367d20"
},
{
"db": "ZDI",
"id": "ZDI-17-508"
},
{
"db": "ZDI",
"id": "ZDI-17-509"
},
{
"db": "ZDI",
"id": "ZDI-17-516"
},
{
"db": "ZDI",
"id": "ZDI-17-514"
},
{
"db": "ZDI",
"id": "ZDI-17-513"
},
{
"db": "ZDI",
"id": "ZDI-17-515"
},
{
"db": "CNVD",
"id": "CNVD-2017-22835"
},
{
"db": "VULMON",
"id": "CVE-2017-9638"
},
{
"db": "BID",
"id": "100097"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013251"
},
{
"db": "NVD",
"id": "CVE-2017-9638"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-865"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "ba5b1d78-480a-4bc9-a667-e19335367d20"
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-508"
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-509"
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-516"
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-514"
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-513"
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-515"
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22835"
},
{
"date": "2018-04-17T00:00:00",
"db": "VULMON",
"id": "CVE-2017-9638"
},
{
"date": "2017-08-01T00:00:00",
"db": "BID",
"id": "100097"
},
{
"date": "2018-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013251"
},
{
"date": "2018-04-17T14:29:00.463000",
"db": "NVD",
"id": "CVE-2017-9638"
},
{
"date": "2017-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-865"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-508"
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-509"
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-516"
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-514"
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-513"
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-515"
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22835"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2017-9638"
},
{
"date": "2017-08-01T00:00:00",
"db": "BID",
"id": "100097"
},
{
"date": "2018-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013251"
},
{
"date": "2019-10-09T23:30:44.957000",
"db": "NVD",
"id": "CVE-2017-9638"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-865"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-865"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mitsubishi Electric Europe B.V. E-Designer Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "ba5b1d78-480a-4bc9-a667-e19335367d20"
},
{
"db": "CNVD",
"id": "CNVD-2017-22835"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "ba5b1d78-480a-4bc9-a667-e19335367d20"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-865"
}
],
"trust": 0.8
}
}
VAR-201804-0782
Vulnerability from variot - Updated: 2023-12-18 12:36Mitsubishi E-Designer, Version 7.52 Build 344 contains two code sections which may be exploited to allow an attacker to overwrite arbitrary memory locations. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash. Mitsubishi E-Designer Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of TxStaticString sections of a mpa (project specification) file. An out-of-bounds value for the column specification will cause a user-supplied string to be written to an arbitrary memory address. An attacker can leverage this vulnerability to execute arbitrary code in the context of the Administrator. E-Designer is an E-series programming software from Mitsubishi Electric Europe B.V. Mitsubishi Electric Europe B.V. Mitsubishi E-Designer is prone to the following vulnerabilities: 1. Multiple stack-based overflow vulnerabilities. 2. Multiple heap-based overflow vulnerabilities. 3. Multiple denial-of-service overflow vulnerabilities. Failed exploit attempts will result in denial-of-service conditions. Mitsubishi E-Designer version 7.52 Build 344 is vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0782",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "e-designer",
"scope": "eq",
"trust": 1.6,
"vendor": "mitsubishielectric",
"version": "7.52"
},
{
"model": "e-designer",
"scope": null,
"trust": 1.4,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "e-designer",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "7.52 build 344"
},
{
"model": "electric europe b.v. e-designer build",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "7.52344"
},
{
"model": "electric e-designer build",
"scope": "eq",
"trust": 0.3,
"vendor": "mitsubishi",
"version": "7.52344"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "e designer",
"version": "7.52"
}
],
"sources": [
{
"db": "IVD",
"id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5"
},
{
"db": "ZDI",
"id": "ZDI-17-507"
},
{
"db": "ZDI",
"id": "ZDI-17-506"
},
{
"db": "CNVD",
"id": "CNVD-2017-22837"
},
{
"db": "BID",
"id": "100097"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013249"
},
{
"db": "NVD",
"id": "CVE-2017-9634"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-869"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:e-designer:7.52:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9634"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-507"
},
{
"db": "ZDI",
"id": "ZDI-17-506"
}
],
"trust": 1.4
},
"cve": "CVE-2017-9634",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2017-9634",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 1.4,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-9634",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-22837",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-9634",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-9634",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "ZDI",
"id": "CVE-2017-9634",
"trust": 1.4,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-22837",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-869",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2017-9634",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5"
},
{
"db": "ZDI",
"id": "ZDI-17-507"
},
{
"db": "ZDI",
"id": "ZDI-17-506"
},
{
"db": "CNVD",
"id": "CNVD-2017-22837"
},
{
"db": "VULMON",
"id": "CVE-2017-9634"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013249"
},
{
"db": "NVD",
"id": "CVE-2017-9634"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-869"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mitsubishi E-Designer, Version 7.52 Build 344 contains two code sections which may be exploited to allow an attacker to overwrite arbitrary memory locations. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash. Mitsubishi E-Designer Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of TxStaticString sections of a mpa (project specification) file. An out-of-bounds value for the column specification will cause a user-supplied string to be written to an arbitrary memory address. An attacker can leverage this vulnerability to execute arbitrary code in the context of the Administrator. E-Designer is an E-series programming software from Mitsubishi Electric Europe B.V. Mitsubishi Electric Europe B.V. Mitsubishi E-Designer is prone to the following vulnerabilities:\n1. Multiple stack-based overflow vulnerabilities. \n2. Multiple heap-based overflow vulnerabilities. \n3. Multiple denial-of-service overflow vulnerabilities. Failed exploit attempts will result in denial-of-service conditions. \nMitsubishi E-Designer version 7.52 Build 344 is vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9634"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013249"
},
{
"db": "ZDI",
"id": "ZDI-17-507"
},
{
"db": "ZDI",
"id": "ZDI-17-506"
},
{
"db": "CNVD",
"id": "CNVD-2017-22837"
},
{
"db": "BID",
"id": "100097"
},
{
"db": "IVD",
"id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5"
},
{
"db": "VULMON",
"id": "CVE-2017-9634"
}
],
"trust": 3.96
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9634",
"trust": 5.0
},
{
"db": "ICS CERT",
"id": "ICSA-17-213-01",
"trust": 3.4
},
{
"db": "BID",
"id": "100097",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2017-22837",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-869",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013249",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3804",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-507",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3759",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-506",
"trust": 0.7
},
{
"db": "IVD",
"id": "3F385BD9-7C1C-4E38-AD57-7DB92192B1A5",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2017-9634",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5"
},
{
"db": "ZDI",
"id": "ZDI-17-507"
},
{
"db": "ZDI",
"id": "ZDI-17-506"
},
{
"db": "CNVD",
"id": "CNVD-2017-22837"
},
{
"db": "VULMON",
"id": "CVE-2017-9634"
},
{
"db": "BID",
"id": "100097"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013249"
},
{
"db": "NVD",
"id": "CVE-2017-9634"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-869"
}
]
},
"id": "VAR-201804-0782",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5"
},
{
"db": "CNVD",
"id": "CNVD-2017-22837"
}
],
"trust": 1.675
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5"
},
{
"db": "CNVD",
"id": "CNVD-2017-22837"
}
]
},
"last_update_date": "2023-12-18T12:36:52.157000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Mitsubishi Electric has issued an update to correct this vulnerability.",
"trust": 1.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-213-01"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.mitsubishielectric.co.jp/fa/"
},
{
"title": "Mitsubishi Electric Europe B.V. E-Designer patch for out-of-bounds write vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/100852"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-507"
},
{
"db": "ZDI",
"id": "ZDI-17-506"
},
{
"db": "CNVD",
"id": "CNVD-2017-22837"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013249"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013249"
},
{
"db": "NVD",
"id": "CVE-2017-9634"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-213-01"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/100097"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9634"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9634"
},
{
"trust": 0.3,
"url": "http://www.mrslim.com/home.asp"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-507"
},
{
"db": "ZDI",
"id": "ZDI-17-506"
},
{
"db": "CNVD",
"id": "CNVD-2017-22837"
},
{
"db": "VULMON",
"id": "CVE-2017-9634"
},
{
"db": "BID",
"id": "100097"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013249"
},
{
"db": "NVD",
"id": "CVE-2017-9634"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-869"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5"
},
{
"db": "ZDI",
"id": "ZDI-17-507"
},
{
"db": "ZDI",
"id": "ZDI-17-506"
},
{
"db": "CNVD",
"id": "CNVD-2017-22837"
},
{
"db": "VULMON",
"id": "CVE-2017-9634"
},
{
"db": "BID",
"id": "100097"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013249"
},
{
"db": "NVD",
"id": "CVE-2017-9634"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-869"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5"
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-507"
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-506"
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22837"
},
{
"date": "2018-04-17T00:00:00",
"db": "VULMON",
"id": "CVE-2017-9634"
},
{
"date": "2017-08-01T00:00:00",
"db": "BID",
"id": "100097"
},
{
"date": "2018-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013249"
},
{
"date": "2018-04-17T14:29:00.353000",
"db": "NVD",
"id": "CVE-2017-9634"
},
{
"date": "2017-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-869"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-507"
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-506"
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22837"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2017-9634"
},
{
"date": "2017-08-01T00:00:00",
"db": "BID",
"id": "100097"
},
{
"date": "2018-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013249"
},
{
"date": "2019-10-09T23:30:44.470000",
"db": "NVD",
"id": "CVE-2017-9634"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-869"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-869"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mitsubishi E-Designer Vulnerable to out-of-bounds writing",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013249"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-869"
}
],
"trust": 0.8
}
}
FKIE_CVE-2017-9634
Vulnerability from fkie_nvd - Published: 2018-04-17 14:29 - Updated: 2024-11-21 03:36
Severity ?
Summary
Mitsubishi E-Designer, Version 7.52 Build 344 contains two code sections which may be exploited to allow an attacker to overwrite arbitrary memory locations. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/100097 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100097 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitsubishielectric | e-designer | 7.52 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mitsubishielectric:e-designer:7.52:*:*:*:*:*:*:*",
"matchCriteriaId": "0F159210-BEA9-4E62-BFDD-84CD41852E0B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mitsubishi E-Designer, Version 7.52 Build 344 contains two code sections which may be exploited to allow an attacker to overwrite arbitrary memory locations. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash."
},
{
"lang": "es",
"value": "Mitsubishi E-Designer, Version 7.52 Build 344, contiene dos secciones de c\u00f3digo que podr\u00edan ser explotadas para permitir que un atacante sobrescriba ubicaciones de memoria arbitrarias. Esto puede resultar en la ejecuci\u00f3n de c\u00f3digo arbitrario, el compromiso de la integridad de los datos, denegaci\u00f3n de servicio (DoS) y cierre inesperado del sistema."
}
],
"id": "CVE-2017-9634",
"lastModified": "2024-11-21T03:36:33.573",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-17T14:29:00.353",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100097"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-9636
Vulnerability from fkie_nvd - Published: 2018-04-17 14:29 - Updated: 2024-11-21 03:36
Severity ?
Summary
Mitsubishi E-Designer, Version 7.52 Build 344 contains five code sections which may be exploited to overwrite the heap. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/100097 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100097 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitsubishielectric | e-designer | 7.52 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mitsubishielectric:e-designer:7.52:*:*:*:*:*:*:*",
"matchCriteriaId": "0F159210-BEA9-4E62-BFDD-84CD41852E0B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mitsubishi E-Designer, Version 7.52 Build 344 contains five code sections which may be exploited to overwrite the heap. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash."
},
{
"lang": "es",
"value": "Mitsubishi E-Designer, Version 7.52 Build 344, contiene cinco secciones de c\u00f3digo que podr\u00edan ser explotadas para sobrescribir la memoria din\u00e1mica (heap). Esto puede resultar en la ejecuci\u00f3n de c\u00f3digo arbitrario, el compromiso de la integridad de los datos, denegaci\u00f3n de servicio (DoS) y cierre inesperado del sistema."
}
],
"id": "CVE-2017-9636",
"lastModified": "2024-11-21T03:36:33.803",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-17T14:29:00.417",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100097"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-9638
Vulnerability from fkie_nvd - Published: 2018-04-17 14:29 - Updated: 2024-11-21 03:36
Severity ?
Summary
Mitsubishi E-Designer, Version 7.52 Build 344 contains six code sections which may be exploited to overwrite the stack. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/100097 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100097 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitsubishielectric | e-designer | 7.52 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mitsubishielectric:e-designer:7.52:*:*:*:*:*:*:*",
"matchCriteriaId": "0F159210-BEA9-4E62-BFDD-84CD41852E0B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mitsubishi E-Designer, Version 7.52 Build 344 contains six code sections which may be exploited to overwrite the stack. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash."
},
{
"lang": "es",
"value": "Mitsubishi E-Designer, Version 7.52 Build 344, contiene seis secciones de c\u00f3digo que podr\u00edan ser explotadas para sobrescribir la pila. Esto puede resultar en la ejecuci\u00f3n de c\u00f3digo arbitrario, el compromiso de la integridad de los datos, denegaci\u00f3n de servicio (DoS) y cierre inesperado del sistema."
}
],
"id": "CVE-2017-9638",
"lastModified": "2024-11-21T03:36:34.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-17T14:29:00.463",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100097"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2017-9638 (GCVE-0-2017-9638)
Vulnerability from cvelistv5 – Published: 2018-04-17 14:00 – Updated: 2024-09-17 02:16
VLAI?
Summary
Mitsubishi E-Designer, Version 7.52 Build 344 contains six code sections which may be exploited to overwrite the stack. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash.
Severity ?
No CVSS data available.
CWE
- CWE-121 - Stack based buffer overflow CWE-121
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mitsubishi Electric Europe B.V. | E-Designer |
Affected:
Version 7.52 Build 344.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:11:02.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01"
},
{
"name": "100097",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100097"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E-Designer",
"vendor": "Mitsubishi Electric Europe B.V.",
"versions": [
{
"status": "affected",
"version": "Version 7.52 Build 344."
}
]
}
],
"datePublic": "2017-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mitsubishi E-Designer, Version 7.52 Build 344 contains six code sections which may be exploited to overwrite the stack. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack based buffer overflow CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-18T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01"
},
{
"name": "100097",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100097"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2017-08-01T00:00:00",
"ID": "CVE-2017-9638",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "E-Designer",
"version": {
"version_data": [
{
"version_value": "Version 7.52 Build 344."
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric Europe B.V."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mitsubishi E-Designer, Version 7.52 Build 344 contains six code sections which may be exploited to overwrite the stack. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack based buffer overflow CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01"
},
{
"name": "100097",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100097"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-9638",
"datePublished": "2018-04-17T14:00:00Z",
"dateReserved": "2017-06-14T00:00:00",
"dateUpdated": "2024-09-17T02:16:13.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9634 (GCVE-0-2017-9634)
Vulnerability from cvelistv5 – Published: 2018-04-17 14:00 – Updated: 2024-09-17 00:02
VLAI?
Summary
Mitsubishi E-Designer, Version 7.52 Build 344 contains two code sections which may be exploited to allow an attacker to overwrite arbitrary memory locations. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash.
Severity ?
No CVSS data available.
CWE
- CWE-787 - Out-of-bounds write CWE-787
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mitsubishi Electric Europe B.V. | E-Designer |
Affected:
Version 7.52 Build 344.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:11:02.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01"
},
{
"name": "100097",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100097"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E-Designer",
"vendor": "Mitsubishi Electric Europe B.V.",
"versions": [
{
"status": "affected",
"version": "Version 7.52 Build 344."
}
]
}
],
"datePublic": "2017-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mitsubishi E-Designer, Version 7.52 Build 344 contains two code sections which may be exploited to allow an attacker to overwrite arbitrary memory locations. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds write CWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-18T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01"
},
{
"name": "100097",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100097"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2017-08-01T00:00:00",
"ID": "CVE-2017-9634",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "E-Designer",
"version": {
"version_data": [
{
"version_value": "Version 7.52 Build 344."
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric Europe B.V."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mitsubishi E-Designer, Version 7.52 Build 344 contains two code sections which may be exploited to allow an attacker to overwrite arbitrary memory locations. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds write CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01"
},
{
"name": "100097",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100097"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-9634",
"datePublished": "2018-04-17T14:00:00Z",
"dateReserved": "2017-06-14T00:00:00",
"dateUpdated": "2024-09-17T00:02:36.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9636 (GCVE-0-2017-9636)
Vulnerability from cvelistv5 – Published: 2018-04-17 14:00 – Updated: 2024-09-16 18:50
VLAI?
Summary
Mitsubishi E-Designer, Version 7.52 Build 344 contains five code sections which may be exploited to overwrite the heap. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash.
Severity ?
No CVSS data available.
CWE
- CWE-122 - Heap based buffer overflow CWE-122
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mitsubishi Electric Europe B.V. | E-Designer |
Affected:
Version 7.52 Build 344.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:11:02.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01"
},
{
"name": "100097",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100097"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E-Designer",
"vendor": "Mitsubishi Electric Europe B.V.",
"versions": [
{
"status": "affected",
"version": "Version 7.52 Build 344."
}
]
}
],
"datePublic": "2017-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mitsubishi E-Designer, Version 7.52 Build 344 contains five code sections which may be exploited to overwrite the heap. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap based buffer overflow CWE-122",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-18T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01"
},
{
"name": "100097",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100097"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2017-08-01T00:00:00",
"ID": "CVE-2017-9636",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "E-Designer",
"version": {
"version_data": [
{
"version_value": "Version 7.52 Build 344."
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric Europe B.V."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mitsubishi E-Designer, Version 7.52 Build 344 contains five code sections which may be exploited to overwrite the heap. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap based buffer overflow CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01"
},
{
"name": "100097",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100097"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-9636",
"datePublished": "2018-04-17T14:00:00Z",
"dateReserved": "2017-06-14T00:00:00",
"dateUpdated": "2024-09-16T18:50:19.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9638 (GCVE-0-2017-9638)
Vulnerability from nvd – Published: 2018-04-17 14:00 – Updated: 2024-09-17 02:16
VLAI?
Summary
Mitsubishi E-Designer, Version 7.52 Build 344 contains six code sections which may be exploited to overwrite the stack. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash.
Severity ?
No CVSS data available.
CWE
- CWE-121 - Stack based buffer overflow CWE-121
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mitsubishi Electric Europe B.V. | E-Designer |
Affected:
Version 7.52 Build 344.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:11:02.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01"
},
{
"name": "100097",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100097"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E-Designer",
"vendor": "Mitsubishi Electric Europe B.V.",
"versions": [
{
"status": "affected",
"version": "Version 7.52 Build 344."
}
]
}
],
"datePublic": "2017-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mitsubishi E-Designer, Version 7.52 Build 344 contains six code sections which may be exploited to overwrite the stack. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack based buffer overflow CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-18T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01"
},
{
"name": "100097",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100097"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2017-08-01T00:00:00",
"ID": "CVE-2017-9638",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "E-Designer",
"version": {
"version_data": [
{
"version_value": "Version 7.52 Build 344."
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric Europe B.V."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mitsubishi E-Designer, Version 7.52 Build 344 contains six code sections which may be exploited to overwrite the stack. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack based buffer overflow CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01"
},
{
"name": "100097",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100097"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-9638",
"datePublished": "2018-04-17T14:00:00Z",
"dateReserved": "2017-06-14T00:00:00",
"dateUpdated": "2024-09-17T02:16:13.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9634 (GCVE-0-2017-9634)
Vulnerability from nvd – Published: 2018-04-17 14:00 – Updated: 2024-09-17 00:02
VLAI?
Summary
Mitsubishi E-Designer, Version 7.52 Build 344 contains two code sections which may be exploited to allow an attacker to overwrite arbitrary memory locations. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash.
Severity ?
No CVSS data available.
CWE
- CWE-787 - Out-of-bounds write CWE-787
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mitsubishi Electric Europe B.V. | E-Designer |
Affected:
Version 7.52 Build 344.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:11:02.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01"
},
{
"name": "100097",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100097"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E-Designer",
"vendor": "Mitsubishi Electric Europe B.V.",
"versions": [
{
"status": "affected",
"version": "Version 7.52 Build 344."
}
]
}
],
"datePublic": "2017-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mitsubishi E-Designer, Version 7.52 Build 344 contains two code sections which may be exploited to allow an attacker to overwrite arbitrary memory locations. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds write CWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-18T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01"
},
{
"name": "100097",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100097"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2017-08-01T00:00:00",
"ID": "CVE-2017-9634",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "E-Designer",
"version": {
"version_data": [
{
"version_value": "Version 7.52 Build 344."
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric Europe B.V."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mitsubishi E-Designer, Version 7.52 Build 344 contains two code sections which may be exploited to allow an attacker to overwrite arbitrary memory locations. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds write CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01"
},
{
"name": "100097",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100097"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-9634",
"datePublished": "2018-04-17T14:00:00Z",
"dateReserved": "2017-06-14T00:00:00",
"dateUpdated": "2024-09-17T00:02:36.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9636 (GCVE-0-2017-9636)
Vulnerability from nvd – Published: 2018-04-17 14:00 – Updated: 2024-09-16 18:50
VLAI?
Summary
Mitsubishi E-Designer, Version 7.52 Build 344 contains five code sections which may be exploited to overwrite the heap. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash.
Severity ?
No CVSS data available.
CWE
- CWE-122 - Heap based buffer overflow CWE-122
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mitsubishi Electric Europe B.V. | E-Designer |
Affected:
Version 7.52 Build 344.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:11:02.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01"
},
{
"name": "100097",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100097"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E-Designer",
"vendor": "Mitsubishi Electric Europe B.V.",
"versions": [
{
"status": "affected",
"version": "Version 7.52 Build 344."
}
]
}
],
"datePublic": "2017-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mitsubishi E-Designer, Version 7.52 Build 344 contains five code sections which may be exploited to overwrite the heap. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap based buffer overflow CWE-122",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-18T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01"
},
{
"name": "100097",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100097"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2017-08-01T00:00:00",
"ID": "CVE-2017-9636",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "E-Designer",
"version": {
"version_data": [
{
"version_value": "Version 7.52 Build 344."
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric Europe B.V."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mitsubishi E-Designer, Version 7.52 Build 344 contains five code sections which may be exploited to overwrite the heap. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap based buffer overflow CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01"
},
{
"name": "100097",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100097"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-9636",
"datePublished": "2018-04-17T14:00:00Z",
"dateReserved": "2017-06-14T00:00:00",
"dateUpdated": "2024-09-16T18:50:19.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}