CVE-2018-0651 - OpenCVE

Buffer overflow in the license management function of YOKOGAWA products (iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earlier) allows remote attackers to stop the license management function or execute an arbitrary program via unspecified vectors.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Yokogawa	Stardom Fcn\/fcj Simulator Stardom Versatile Data Server Firmware Idefine For Prosafe-rs Firmware Idefine For Prosafe-rs Stardom Fcn\/fcj Simulator Firmware Astplanner Trifellows Stardom Versatile Data Server

Configuration 1 [-]

AND

cpe:2.3:o:yokogawa:idefine_for_prosafe-rs_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:yokogawa:idefine_for_prosafe-rs:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:yokogawa:stardom_versatile_data_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:yokogawa:stardom_versatile_data_server:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:yokogawa:stardom_fcn\/fcj_simulator_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:yokogawa:stardom_fcn\/fcj_simulator:-:*:*:*:*:*:*:*

Configuration 4 [-]

cpe:2.3:a:yokogawa:astplanner:*:*:*:*:*:*:*:*

Configuration 5 [-]

cpe:2.3:a:yokogawa:trifellows:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/105124	Third Party Advisory VDB Entry
https://jvn.jp/vu/JVNVU93845358/	Third Party Advisory
https://web-material3.yokogawa.com/YSAR-18-0006-E.pdf	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: jpcert

Published: 2019-01-09T22:00:00

Updated: 2019-01-10T10:57:01

Reserved: 2017-11-27T00:00:00

Link: CVE-2018-0651

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-01-09T23:29:01.310

Modified: 2019-02-11T15:10:59.997

Link: CVE-2018-0651

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "The license management function of YOKOGAWA products", "vendor": "Yokogawa Electric Corporation", "versions": [{"status": "affected", "version": "(iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earlier)"}]}], "datePublic": "2019-01-09T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in the license management function of YOKOGAWA products (iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earlier) allows remote attackers to stop the license management function or execute an arbitrary program via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "Buffer Overflow", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-01-10T10:57:01", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://web-material3.yokogawa.com/YSAR-18-0006-E.pdf"}, {"name": "105124", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/105124"}, {"tags": ["x_refsource_MISC"], "url": "https://jvn.jp/vu/JVNVU93845358/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2018-0651", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "The license management function of YOKOGAWA products", "version": {"version_data": [{"version_value": "(iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earlier)"}]}}]}, "vendor_name": "Yokogawa Electric Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in the license management function of YOKOGAWA products (iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earlier) allows remote attackers to stop the license management function or execute an arbitrary program via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Buffer Overflow"}]}]}, "references": {"reference_data": [{"name": "https://web-material3.yokogawa.com/YSAR-18-0006-E.pdf", "refsource": "MISC", "url": "https://web-material3.yokogawa.com/YSAR-18-0006-E.pdf"}, {"name": "105124", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105124"}, {"name": "https://jvn.jp/vu/JVNVU93845358/", "refsource": "MISC", "url": "https://jvn.jp/vu/JVNVU93845358/"}]}}}}, "cveMetadata": {"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2018-0651", "datePublished": "2019-01-09T22:00:00", "dateReserved": "2017-11-27T00:00:00", "dateUpdated": "2019-01-10T10:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:yokogawa:idefine_for_prosafe-rs_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7851E070-90AB-4D59-8344-0EE2793CA6FE", "versionEndIncluding": "r1.16.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:yokogawa:idefine_for_prosafe-rs:-:*:*:*:*:*:*:*", "matchCriteriaId": "32A41D85-4B1C-4BC2-985B-EEF7B2A54CB4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:yokogawa:stardom_versatile_data_server_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "77AA433A-952F-4E08-809F-33AFCCD4F78F", "versionEndIncluding": "r7.50", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:yokogawa:stardom_versatile_data_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "5F710319-2FCB-4917-AFF4-879A083018B9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:yokogawa:stardom_fcn\\/fcj_simulator_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "627067AE-6ABE-4FE2-A449-2BC0CA3FE44F", "versionEndIncluding": "r4.20", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:yokogawa:stardom_fcn\\/fcj_simulator:-:*:*:*:*:*:*:*", "matchCriteriaId": "2CEC8244-968F-45D9-BFEB-FFF947CCCA16", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:yokogawa:astplanner:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB408657-A584-4D66-A178-E84487FF6481", "versionEndIncluding": "r15.01", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:yokogawa:trifellows:*:*:*:*:*:*:*:*", "matchCriteriaId": "F8D1FBF3-9F09-4C11-BBBC-4B105DBC3460", "versionEndIncluding": "v5.04", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in the license management function of YOKOGAWA products (iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earlier) allows remote attackers to stop the license management function or execute an arbitrary program via unspecified vectors."}, {"lang": "es", "value": "Un desbordamiento de b\u00fafer en la funci\u00f3n license management de los productos YOKOGAWA (iDefine para ProSafe-RS R1.16.3 y anteriores, STARDOM VDS R7.50 y anteriores, STARDOM FCN/FCJ Simulator R4.20 y anteriores, ASTPLANNER R15.01 y anteriores y TriFellows V5.04 y anteriores) permite a los atacantes remotos detener la funci\u00f3n license management o ejecutar un programa arbitrario mediante vectores sin especificar."}], "id": "CVE-2018-0651", "lastModified": "2019-02-11T15:10:59.997", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-01-09T23:29:01.310", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105124"}, {"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/vu/JVNVU93845358/"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://web-material3.yokogawa.com/YSAR-18-0006-E.pdf"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}