CVE-2018-0651

Published: Jan 9, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Buffer overflow in the license management function of YOKOGAWA products (iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earlier) allows remote attackers to stop the license management function or execute an arbitrary program via unspecified vectors.

Affected (5)

Products: Yokogawa: Idefine For Prosafe Rs Firmware, Stardom Versatile Data Server Firmware, Stardom Fcn/fcj Simulator Firmware, Astplanner, Trifellows

5 products

Idefine For Prosafe Rs Firmware

Stardom Versatile Data Server Firmware

Stardom Fcn/fcj Simulator Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Yokogawa Idefine For Prosafe Rs Firmware	Up to r1.16.3

Running on/with	Platform Versions
Yokogawa Idefine For Prosafe Rs	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Yokogawa Stardom Versatile Data Server Firmware	Up to r7.50

Running on/with	Platform Versions
Yokogawa Stardom Versatile Data Server	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Yokogawa Stardom Fcn/fcj Simulator Firmware	Up to r4.20

Running on/with	Platform Versions
Yokogawa Stardom Fcn/fcj Simulator	All versions

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Yokogawa Astplanner	Up to r15.01

Configuration E

1 vulnerable

Vulnerable Software	Affected Versions
Yokogawa Trifellows	Up to v5.04

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (6)

http://www.securityfocus.com/bid/105124

Source: vultures@jpcert.or.jp

Third Party AdvisoryVDB Entry

https://jvn.jp/vu/JVNVU93845358/

Source: vultures@jpcert.or.jp

Third Party Advisory

https://web-material3.yokogawa.com/YSAR-18-0006-E.pdf

Source: vultures@jpcert.or.jp

Vendor Advisory

http://www.securityfocus.com/bid/105124

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://jvn.jp/vu/JVNVU93845358/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://web-material3.yokogawa.com/YSAR-18-0006-E.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.