cvelistv5 - cve-2018-0651

CVE-2018-0651 (GCVE-0-2018-0651)

Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 03:35

Summary

Severity ?

No CVSS data available.

CWE

Buffer Overflow

Assigner

jpcert

References

URL

Tags

	https://web-material3.yokogawa.com/YSAR-18-0006-E.pdf	x_refsource_MISC
	http://www.securityfocus.com/bid/105124	vdb-entryx_refsource_BID
	https://jvn.jp/vu/JVNVU93845358/	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Yokogawa Electric Corporation	The license management function of YOKOGAWA products	Affected: (iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earlier)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:35:49.354Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://web-material3.yokogawa.com/YSAR-18-0006-E.pdf"
          },
          {
            "name": "105124",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105124"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/vu/JVNVU93845358/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "The license management function of YOKOGAWA products",
          "vendor": "Yokogawa Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "(iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earlier)"
            }
          ]
        }
      ],
      "datePublic": "2019-01-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the license management function of YOKOGAWA products (iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earlier) allows remote attackers to stop the license management function or execute an arbitrary program via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Buffer Overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-01-10T10:57:01",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://web-material3.yokogawa.com/YSAR-18-0006-E.pdf"
        },
        {
          "name": "105124",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105124"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/vu/JVNVU93845358/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-0651",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "The license management function of YOKOGAWA products",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "(iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earlier)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Yokogawa Electric Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the license management function of YOKOGAWA products (iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earlier) allows remote attackers to stop the license management function or execute an arbitrary program via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Buffer Overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://web-material3.yokogawa.com/YSAR-18-0006-E.pdf",
              "refsource": "MISC",
              "url": "https://web-material3.yokogawa.com/YSAR-18-0006-E.pdf"
            },
            {
              "name": "105124",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105124"
            },
            {
              "name": "https://jvn.jp/vu/JVNVU93845358/",
              "refsource": "MISC",
              "url": "https://jvn.jp/vu/JVNVU93845358/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2018-0651",
    "datePublished": "2019-01-09T22:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-08-05T03:35:49.354Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:yokogawa:idefine_for_prosafe-rs_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"r1.16.3\", \"matchCriteriaId\": \"7851E070-90AB-4D59-8344-0EE2793CA6FE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:yokogawa:idefine_for_prosafe-rs:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"32A41D85-4B1C-4BC2-985B-EEF7B2A54CB4\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:yokogawa:stardom_versatile_data_server_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"r7.50\", \"matchCriteriaId\": \"77AA433A-952F-4E08-809F-33AFCCD4F78F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:yokogawa:stardom_versatile_data_server:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F710319-2FCB-4917-AFF4-879A083018B9\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:yokogawa:stardom_fcn\\\\/fcj_simulator_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"r4.20\", \"matchCriteriaId\": \"627067AE-6ABE-4FE2-A449-2BC0CA3FE44F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:yokogawa:stardom_fcn\\\\/fcj_simulator:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CEC8244-968F-45D9-BFEB-FFF947CCCA16\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yokogawa:astplanner:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"r15.01\", \"matchCriteriaId\": \"AB408657-A584-4D66-A178-E84487FF6481\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yokogawa:trifellows:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"v5.04\", \"matchCriteriaId\": \"F8D1FBF3-9F09-4C11-BBBC-4B105DBC3460\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Buffer overflow in the license management function of YOKOGAWA products (iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earlier) allows remote attackers to stop the license management function or execute an arbitrary program via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"Un desbordamiento de b\\u00fafer en la funci\\u00f3n license management de los productos YOKOGAWA (iDefine para ProSafe-RS R1.16.3 y anteriores, STARDOM VDS R7.50 y anteriores, STARDOM FCN/FCJ Simulator R4.20 y anteriores, ASTPLANNER R15.01 y anteriores y TriFellows V5.04 y anteriores) permite a los atacantes remotos detener la funci\\u00f3n license management o ejecutar un programa arbitrario mediante vectores sin especificar.\"}]",
      "id": "CVE-2018-0651",
      "lastModified": "2024-11-21T03:38:40.040",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-01-09T23:29:01.310",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/105124\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://jvn.jp/vu/JVNVU93845358/\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://web-material3.yokogawa.com/YSAR-18-0006-E.pdf\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/105124\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://jvn.jp/vu/JVNVU93845358/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://web-material3.yokogawa.com/YSAR-18-0006-E.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "vultures@jpcert.or.jp",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-0651\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2019-01-09T23:29:01.310\",\"lastModified\":\"2024-11-21T03:38:40.040\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflow in the license management function of YOKOGAWA products (iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earlier) allows remote attackers to stop the license management function or execute an arbitrary program via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Un desbordamiento de b\u00fafer en la funci\u00f3n license management de los productos YOKOGAWA (iDefine para ProSafe-RS R1.16.3 y anteriores, STARDOM VDS R7.50 y anteriores, STARDOM FCN/FCJ Simulator R4.20 y anteriores, ASTPLANNER R15.01 y anteriores y TriFellows V5.04 y anteriores) permite a los atacantes remotos detener la funci\u00f3n license management o ejecutar un programa arbitrario mediante vectores sin especificar.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:yokogawa:idefine_for_prosafe-rs_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"r1.16.3\",\"matchCriteriaId\":\"7851E070-90AB-4D59-8344-0EE2793CA6FE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:yokogawa:idefine_for_prosafe-rs:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32A41D85-4B1C-4BC2-985B-EEF7B2A54CB4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:yokogawa:stardom_versatile_data_server_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"r7.50\",\"matchCriteriaId\":\"77AA433A-952F-4E08-809F-33AFCCD4F78F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:yokogawa:stardom_versatile_data_server:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F710319-2FCB-4917-AFF4-879A083018B9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:yokogawa:stardom_fcn\\\\/fcj_simulator_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"r4.20\",\"matchCriteriaId\":\"627067AE-6ABE-4FE2-A449-2BC0CA3FE44F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:yokogawa:stardom_fcn\\\\/fcj_simulator:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CEC8244-968F-45D9-BFEB-FFF947CCCA16\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yokogawa:astplanner:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"r15.01\",\"matchCriteriaId\":\"AB408657-A584-4D66-A178-E84487FF6481\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yokogawa:trifellows:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"v5.04\",\"matchCriteriaId\":\"F8D1FBF3-9F09-4C11-BBBC-4B105DBC3460\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/105124\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://jvn.jp/vu/JVNVU93845358/\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://web-material3.yokogawa.com/YSAR-18-0006-E.pdf\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/105124\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://jvn.jp/vu/JVNVU93845358/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://web-material3.yokogawa.com/YSAR-18-0006-E.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

ICSA-18-233-01

Vulnerability from csaf_cisa - Published: 2018-08-21 00:00 - Updated: 2018-08-21 00:00

Summary

Yokogawa iDefine, STARDOM, ASTPLANNER, and TriFellows

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of this vulnerability may allow arbitrary code execution, or the stopping of the license management function.

Critical infrastructure sectors

Critical Manufacturing, Energy, and Food and Agriculture

Countries/areas deployed

Worldwide

Company headquarters location

Japan

Recommended Practices

NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.

Exploitability

No known public exploits specifically target this vulnerability.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "Yokogawa",
        "summary": "reporting this vulnerability to NCCIC"
      },
      {
        "organization": "JPCERT",
        "summary": "reporting this vulnerability to NCCIC"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of this vulnerability may allow arbitrary code execution, or the stopping of the license management function.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing, Energy, and Food and Agriculture",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Japan",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target this vulnerability.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-18-233-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2018/icsa-18-233-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-18-233-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-18-233-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "Yokogawa iDefine, STARDOM, ASTPLANNER, and TriFellows",
    "tracking": {
      "current_release_date": "2018-08-21T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-18-233-01",
      "initial_release_date": "2018-08-21T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2018-08-21T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-18-233-01 Yokogawa iDefine, STARDOM, ASTPLANNER, and TriFellows"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 5.04",
                "product": {
                  "name": "TriFellows: Version 5.04 and prior",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "TriFellows"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=VDS R7.50 | \u003c=FCN/FCJ Simulator R4.20",
                "product": {
                  "name": "STARDOM: VDS R7.50 and prior and FCN/FCJ Simulator R4.20 and prior",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "STARDOM"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= R15.01",
                "product": {
                  "name": "ASTPLANNER: R15.01 and prior",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "ASTPLANNER"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= R1.16.3",
                "product": {
                  "name": "iDefine for ProSafe-RS: R1.16.3 and prior",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "iDefine for ProSafe-RS"
          }
        ],
        "category": "vendor",
        "name": "Yokogawa"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-0651",
      "cwe": {
        "id": "CWE-121",
        "name": "Stack-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "summary",
          "text": "This vulnerability that affects the license management function when it receives specially crafted data. An attacker could overflow the buffer by exploiting this, which may result in the license management function stopping or result in arbitrary code execution.CVE-2018-0651 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0651"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Yokogawa recommends users to update to the latest versions or apply the patch:ASTPLANNER: Update to R15.02.01 or contact support for the patch",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "iDefine for ProSafe-RS: Update to R1.16.4,",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        },
        {
          "category": "mitigation",
          "details": "STARDOM: Update to VDS R8.10 or contact support for the patch, and",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        },
        {
          "category": "mitigation",
          "details": "TriFellows: Update to Version 5.10 or contact support for the patch.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "iDefine for ProSafe-RS and STARDOM users: https://contact.yokogawa.com/cs/gw?c-id=000498",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://contact.yokogawa.com/cs/gw?c-id=000498"
        },
        {
          "category": "mitigation",
          "details": "ASTPLANNER and TriFellows users: https://contact.yokogawa.com/cs/gw?c-id=000497",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://contact.yokogawa.com/cs/gw?c-id=000497"
        },
        {
          "category": "mitigation",
          "details": "When Yokogawa service personnel perform system upgrade or install patches, those charges are borne by the user. Please contact support in the following section for the countermeasures regarding the affected products. Yokogawa strongly suggests all users to introduce appropriate security measures not only for the vulnerability identified, but also to the overall systems.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        },
        {
          "category": "mitigation",
          "details": "Refer to Yokogawa\u0027s security notification YSAR-18-0006 for more information",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        }
      ]
    }
  ]
}

GHSA-8VQF-H5VG-6VQM

Vulnerability from github – Published: 2022-05-14 01:35 – Updated: 2022-05-14 01:35

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-0651"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-01-09T23:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "Buffer overflow in the license management function of YOKOGAWA products (iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earlier) allows remote attackers to stop the license management function or execute an arbitrary program via unspecified vectors.",
  "id": "GHSA-8vqf-h5vg-6vqm",
  "modified": "2022-05-14T01:35:18Z",
  "published": "2022-05-14T01:35:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0651"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/vu/JVNVU93845358"
    },
    {
      "type": "WEB",
      "url": "https://web-material3.yokogawa.com/YSAR-18-0006-E.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105124"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

VAR-201901-0718

Vulnerability from variot - Updated: 2023-12-18 13:02

Buffer overflow in the license management function of YOKOGAWA products (iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earlier) allows remote attackers to stop the license management function or execute an arbitrary program via unspecified vectors. Multiple Yokogawa Products are prone to stack-based buffer overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. Yokogawa ASTPLANNER, etc. are all products of Japan's Yokogawa Electric (Yokogawa) company. Yokogawa ASTPLANNER is a production planning system; iDefine for ProSafe-RS is a functional safety management tool in the system safety life cycle

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201901-0718",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "astplanner",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "yokogawa",
        "version": "r15.01"
      },
      {
        "model": "stardom fcn\\/fcj simulator",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "yokogawa",
        "version": "r4.20"
      },
      {
        "model": "trifellows",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "yokogawa",
        "version": "v5.04"
      },
      {
        "model": "idefine for prosafe-rs",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "yokogawa",
        "version": "r1.16.3"
      },
      {
        "model": "stardom versatile data server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "yokogawa",
        "version": "r7.50"
      },
      {
        "model": "astplanner",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "yokogawa electric",
        "version": "r15.01"
      },
      {
        "model": "idefine for prosafe-rs",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "yokogawa electric",
        "version": "r1.16.3"
      },
      {
        "model": "stardom fcn/fcj simulator",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "yokogawa electric",
        "version": "r4.20"
      },
      {
        "model": "stardom vds",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "yokogawa electric",
        "version": "r7.50"
      },
      {
        "model": "trifellows",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "yokogawa electric",
        "version": "v5.04"
      },
      {
        "model": "trifellows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": "5.04"
      },
      {
        "model": "stardom vds r7.50",
        "scope": null,
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "idefine for prosafe-rs r1.16.3",
        "scope": null,
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "fcn/fcj simulator r4.20",
        "scope": null,
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "astplanner r15.01",
        "scope": null,
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "trifellows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": "5.10"
      },
      {
        "model": "stardom vds r8.10",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "idefine for prosafe-rs r1.16.4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "astplanner r15.02.01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "105124"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006408"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0651"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:yokogawa:idefine_for_prosafe-rs_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "r1.16.3",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:yokogawa:idefine_for_prosafe-rs:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:yokogawa:stardom_versatile_data_server_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "r7.50",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:yokogawa:stardom_versatile_data_server:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:yokogawa:stardom_fcn\\/fcj_simulator_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "r4.20",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:yokogawa:stardom_fcn\\/fcj_simulator:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:yokogawa:astplanner:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "r15.01",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:yokogawa:trifellows:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "v5.04",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0651"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Yokogawa worked with JPCERT",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201808-636"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2018-0651",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "JPCERT/CC",
            "availabilityImpact": "Complete",
            "baseScore": 9.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-006408",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-118853",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "JPCERT/CC",
            "availabilityImpact": "High",
            "baseScore": 8.6,
            "baseSeverity": "High",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-006408",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-0651",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "JPCERT/CC",
            "id": "JVNDB-2018-006408",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201808-636",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-118853",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118853"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006408"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0651"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201808-636"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflow in the license management function of YOKOGAWA products (iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earlier) allows remote attackers to stop the license management function or execute an arbitrary program via unspecified vectors. Multiple Yokogawa Products are prone to stack-based buffer overflow vulnerability because  it fails to properly bounds-check user-supplied input before copying it  to an insufficiently sized memory buffer. \nAttackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. Yokogawa ASTPLANNER, etc. are all products of Japan\u0027s Yokogawa Electric (Yokogawa) company. Yokogawa ASTPLANNER is a production planning system; iDefine for ProSafe-RS is a functional safety management tool in the system safety life cycle",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0651"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006408"
      },
      {
        "db": "BID",
        "id": "105124"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118853"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-0651",
        "trust": 2.8
      },
      {
        "db": "JVN",
        "id": "JVNVU93845358",
        "trust": 2.5
      },
      {
        "db": "BID",
        "id": "105124",
        "trust": 1.4
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-18-233-01",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006408",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201808-636",
        "trust": 0.7
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-98911",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-118853",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118853"
      },
      {
        "db": "BID",
        "id": "105124"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006408"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0651"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201808-636"
      }
    ]
  },
  "id": "VAR-201901-0718",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118853"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:02:22.390000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "YSAR-18-0006: \u8907\u6570\u306e\u6a2a\u6cb3\u88fd\u54c1\u306e\u30e9\u30a4\u30bb\u30f3\u30b9\u7ba1\u7406\u6a5f\u80fd\u306b\u30d0\u30c3\u30d5\u30a1\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u306e\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "https://www.yokogawa.co.jp/library/resources/white-papers/yokogawa-security-advisory-report-list/"
      },
      {
        "title": "Multiple Yokogawa Product Buffer Error Vulnerability Fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=84197"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006408"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201808-636"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118853"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006408"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0651"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://jvn.jp/vu/jvnvu93845358/"
      },
      {
        "trust": 1.7,
        "url": "https://web-material3.yokogawa.com/ysar-18-0006-e.pdf"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/105124"
      },
      {
        "trust": 1.1,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-233-01"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0651"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0651"
      },
      {
        "trust": 0.3,
        "url": "https://www.yokogawa.com/in/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118853"
      },
      {
        "db": "BID",
        "id": "105124"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006408"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0651"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201808-636"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-118853"
      },
      {
        "db": "BID",
        "id": "105124"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006408"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0651"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201808-636"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-01-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-118853"
      },
      {
        "date": "2018-08-21T00:00:00",
        "db": "BID",
        "id": "105124"
      },
      {
        "date": "2018-08-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-006408"
      },
      {
        "date": "2019-01-09T23:29:01.310000",
        "db": "NVD",
        "id": "CVE-2018-0651"
      },
      {
        "date": "2018-08-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201808-636"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-02-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-118853"
      },
      {
        "date": "2018-08-21T00:00:00",
        "db": "BID",
        "id": "105124"
      },
      {
        "date": "2019-08-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-006408"
      },
      {
        "date": "2019-02-11T15:10:59.997000",
        "db": "NVD",
        "id": "CVE-2018-0651"
      },
      {
        "date": "2019-02-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201808-636"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "105124"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflow vulnerability in license management function of multiple Yokogawa products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006408"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201808-636"
      }
    ],
    "trust": 0.6
  }
}

GSD-2018-0651

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-0651

Aliases

CVE-2018-0651

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-0651",
    "description": "Buffer overflow in the license management function of YOKOGAWA products (iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earlier) allows remote attackers to stop the license management function or execute an arbitrary program via unspecified vectors.",
    "id": "GSD-2018-0651"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-0651"
      ],
      "details": "Buffer overflow in the license management function of YOKOGAWA products (iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earlier) allows remote attackers to stop the license management function or execute an arbitrary program via unspecified vectors.",
      "id": "GSD-2018-0651",
      "modified": "2023-12-13T01:22:24.378606Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2018-0651",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "The license management function of YOKOGAWA products",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "(iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earlier)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Yokogawa Electric Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Buffer overflow in the license management function of YOKOGAWA products (iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earlier) allows remote attackers to stop the license management function or execute an arbitrary program via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Buffer Overflow"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://web-material3.yokogawa.com/YSAR-18-0006-E.pdf",
            "refsource": "MISC",
            "url": "https://web-material3.yokogawa.com/YSAR-18-0006-E.pdf"
          },
          {
            "name": "105124",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/105124"
          },
          {
            "name": "https://jvn.jp/vu/JVNVU93845358/",
            "refsource": "MISC",
            "url": "https://jvn.jp/vu/JVNVU93845358/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:yokogawa:idefine_for_prosafe-rs_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "r1.16.3",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:yokogawa:idefine_for_prosafe-rs:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:yokogawa:stardom_versatile_data_server_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "r7.50",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:yokogawa:stardom_versatile_data_server:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:yokogawa:stardom_fcn\\/fcj_simulator_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "r4.20",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:yokogawa:stardom_fcn\\/fcj_simulator:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:yokogawa:astplanner:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "r15.01",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:yokogawa:trifellows:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "v5.04",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-0651"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Buffer overflow in the license management function of YOKOGAWA products (iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earlier) allows remote attackers to stop the license management function or execute an arbitrary program via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://web-material3.yokogawa.com/YSAR-18-0006-E.pdf",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://web-material3.yokogawa.com/YSAR-18-0006-E.pdf"
            },
            {
              "name": "https://jvn.jp/vu/JVNVU93845358/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://jvn.jp/vu/JVNVU93845358/"
            },
            {
              "name": "105124",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/105124"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-02-11T15:10Z",
      "publishedDate": "2019-01-09T23:29Z"
    }
  }
}

FKIE_CVE-2018-0651

Vulnerability from fkie_nvd - Published: 2019-01-09 23:29 - Updated: 2024-11-21 03:38

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
vultures@jpcert.or.jp	http://www.securityfocus.com/bid/105124	Third Party Advisory, VDB Entry
vultures@jpcert.or.jp	https://jvn.jp/vu/JVNVU93845358/	Third Party Advisory
vultures@jpcert.or.jp	https://web-material3.yokogawa.com/YSAR-18-0006-E.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105124	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/vu/JVNVU93845358/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://web-material3.yokogawa.com/YSAR-18-0006-E.pdf	Vendor Advisory

Impacted products

Vendor	Product	Version
yokogawa	idefine_for_prosafe-rs_firmware	*
yokogawa	idefine_for_prosafe-rs	-
yokogawa	stardom_versatile_data_server_firmware	*
yokogawa	stardom_versatile_data_server	-
yokogawa	stardom_fcn\/fcj_simulator_firmware	*
yokogawa	stardom_fcn\/fcj_simulator	-
yokogawa	astplanner	*
yokogawa	trifellows	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:yokogawa:idefine_for_prosafe-rs_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7851E070-90AB-4D59-8344-0EE2793CA6FE",
              "versionEndIncluding": "r1.16.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:yokogawa:idefine_for_prosafe-rs:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32A41D85-4B1C-4BC2-985B-EEF7B2A54CB4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:yokogawa:stardom_versatile_data_server_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "77AA433A-952F-4E08-809F-33AFCCD4F78F",
              "versionEndIncluding": "r7.50",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:yokogawa:stardom_versatile_data_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F710319-2FCB-4917-AFF4-879A083018B9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:yokogawa:stardom_fcn\\/fcj_simulator_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "627067AE-6ABE-4FE2-A449-2BC0CA3FE44F",
              "versionEndIncluding": "r4.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:yokogawa:stardom_fcn\\/fcj_simulator:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CEC8244-968F-45D9-BFEB-FFF947CCCA16",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:yokogawa:astplanner:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB408657-A584-4D66-A178-E84487FF6481",
              "versionEndIncluding": "r15.01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:yokogawa:trifellows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8D1FBF3-9F09-4C11-BBBC-4B105DBC3460",
              "versionEndIncluding": "v5.04",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the license management function of YOKOGAWA products (iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earlier) allows remote attackers to stop the license management function or execute an arbitrary program via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Un desbordamiento de b\u00fafer en la funci\u00f3n license management de los productos YOKOGAWA (iDefine para ProSafe-RS R1.16.3 y anteriores, STARDOM VDS R7.50 y anteriores, STARDOM FCN/FCJ Simulator R4.20 y anteriores, ASTPLANNER R15.01 y anteriores y TriFellows V5.04 y anteriores) permite a los atacantes remotos detener la funci\u00f3n license management o ejecutar un programa arbitrario mediante vectores sin especificar."
    }
  ],
  "id": "CVE-2018-0651",
  "lastModified": "2024-11-21T03:38:40.040",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-01-09T23:29:01.310",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105124"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/vu/JVNVU93845358/"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://web-material3.yokogawa.com/YSAR-18-0006-E.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105124"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/vu/JVNVU93845358/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://web-material3.yokogawa.com/YSAR-18-0006-E.pdf"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-0651 (GCVE-0-2018-0651)

ICSA-18-233-01

GHSA-8VQF-H5VG-6VQM

VAR-201901-0718

GSD-2018-0651

FKIE_CVE-2018-0651

Tags

Sightings

Nomenclature