Details of VAR-201103-0066

ID

VAR-201103-0066

CVE

CVE-2010-4773

TITLE

Hitachi EUR Product Unknown Code Execution Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2010-2820

DESCRIPTION

Unspecified vulnerability in Hitachi EUR Form Client before 05-10 -/D 2010.11.15 and 05-10-CA (* 2) 2010.11.15; Hitachi EUR Form Service before 05-10 -/D 2010.11.15; and uCosminexus EUR Form Service before 07-60 -/D 2010.11.15 on Windows, before 05-10 -/D 2010.11.15 and 07-50 -/D 2010.11.15 on Linux, and before 07-50 -/C 2010.11.15 on AIX; allows remote attackers to execute arbitrary code via unknown attack vectors. Multiple Hitachi products have security vulnerabilities that allow malicious users to compromise user systems. No detailed vulnerability details are provided at present, and an attacker who successfully exploited the vulnerability could execute arbitrary code. Successful exploits will compromise the application and possibly the underlying system. Failed exploit attempts will likely cause denial-of-service conditions. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Hitachi EUR Products Unspecified Code Execution Vulnerability SECUNIA ADVISORY ID: SA42207 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42207/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42207 RELEASE DATE: 2010-11-16 DISCUSS ADVISORY: http://secunia.com/advisories/42207/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42207/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42207 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in multiple Hitachi products, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error. No further information is currently available. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-027/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2010-4773 // CNVD: CNVD-2010-2820 // BID: 44845 // BID: 79783 // PACKETSTORM: 95845

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2010-2820

AFFECTED PRODUCTS

vendor:	hitachi	model:	eur form service	scope:	eq	version:	05-00	Trust: 1.9
vendor:	hitachi	model:	eur form service	scope:	eq	version:	01-00	Trust: 1.9
vendor:	hitachi	model:	eur form client	scope:	eq	version:	05-00	Trust: 1.9
vendor:	hitachi	model:	eur form client	scope:	eq	version:	01-00	Trust: 1.9
vendor:	hitachi	model:	eur form client	scope:	eq	version:	01-05-\/c\(\*1\)	Trust: 1.6
vendor:	hitachi	model:	eur form client	scope:	eq	version:	05-10-c	Trust: 1.6
vendor:	hitachi	model:	eur form client	scope:	eq	version:	05-10-b	Trust: 1.6
vendor:	hitachi	model:	eur form client	scope:	eq	version:	05-10-aa	Trust: 1.6
vendor:	hitachi	model:	eur form client	scope:	eq	version:	05-10-\/b	Trust: 1.6
vendor:	hitachi	model:	eur form client	scope:	eq	version:	05-10-a	Trust: 1.6
vendor:	hitachi	model:	ucosminexus eur form service	scope:	eq	version:	07-50	Trust: 1.3
vendor:	hitachi	model:	ucosminexus eur form service	scope:	eq	version:	05-05	Trust: 1.3
vendor:	hitachi	model:	ucosminexus eur form service	scope:	eq	version:	07-60-\/c	Trust: 1.0
vendor:	hitachi	model:	eur form service	scope:	eq	version:	05-10-\/b	Trust: 1.0
vendor:	hitachi	model:	ucosminexus eur form service	scope:	eq	version:	07-50-\/c	Trust: 1.0
vendor:	hitachi	model:	ucosminexus eur form service	scope:	eq	version:	05-10-\/b	Trust: 1.0
vendor:	hitachi	model:	eur form service	scope:	eq	version:	01-05\(\*1\)	Trust: 1.0
vendor:	hitachi	model:	eur form client	scope:	eq	version:	5.x	Trust: 0.6
vendor:	hitachi	model:	eur form service	scope:	eq	version:	5.x	Trust: 0.6
vendor:	hitachi	model:	ucosminexus eur form service	scope:	eq	version:	7.x	Trust: 0.6
vendor:	hitachi	model:	ucosminexus eur form service	scope:	eq	version:	0	Trust: 0.3
vendor:	hitachi	model:	standard set electronic form	scope:	eq	version:	0	Trust: 0.3
vendor:	hitachi	model:	eur form service	scope:	eq	version:	0	Trust: 0.3
vendor:	hitachi	model:	eur form client	scope:	eq	version:	0	Trust: 0.3
vendor:	hitachi	model:	electronic form workflow developer	scope:	eq	version:	0	Trust: 0.3
vendor:	hitachi	model:	electronic form professional library set	scope:	eq	version:	0	Trust: 0.3
vendor:	hitachi	model:	electronic form developer client	scope:	eq	version:	0	Trust: 0.3
vendor:	hitachi	model:	e-fomuwakufurosetto	scope:	eq	version:	0	Trust: 0.3
vendor:	hitachi	model:	ucosminexus eur form service 07-60-%2fc	scope:	-	version:	-	Trust: 0.3
vendor:	hitachi	model:	ucosminexus eur form service 07-50-%2fc	scope:	-	version:	-	Trust: 0.3
vendor:	hitachi	model:	ucosminexus eur form service 05-10-%2fb	scope:	-	version:	-	Trust: 0.3
vendor:	hitachi	model:	eur form service 05-10-%2fb	scope:	-	version:	-	Trust: 0.3
vendor:	hitachi	model:	eur form service 01-05%28%2a1%29	scope:	-	version:	-	Trust: 0.3
vendor:	hitachi	model:	eur form client 05-10-c	scope:	-	version:	-	Trust: 0.3
vendor:	hitachi	model:	eur form client 05-10-b	scope:	-	version:	-	Trust: 0.3
vendor:	hitachi	model:	eur form client 05-10-aa	scope:	-	version:	-	Trust: 0.3
vendor:	hitachi	model:	eur form client 05-10-a	scope:	-	version:	-	Trust: 0.3
vendor:	hitachi	model:	eur form client 05-10-%2fb	scope:	-	version:	-	Trust: 0.3
vendor:	hitachi	model:	eur form client 01-05-%2fc%28%2a1%29	scope:	-	version:	-	Trust: 0.3

sources: CNVD: CNVD-2010-2820 // BID: 44845 // BID: 79783 // CNNVD: CNNVD-201103-307 // NVD: CVE-2010-4773

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-4773
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-201103-307
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2010-4773
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

sources: CNNVD: CNNVD-201103-307 // NVD: CVE-2010-4773

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2010-4773

THREAT TYPE

network

Trust: 0.6

sources: BID: 44845 // BID: 79783

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201103-307

PATCH

title:

Patch for Hitachi EUR Product Unknown Code Execution Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/1741

Trust: 0.6

sources: CNVD: CNVD-2010-2820

EXTERNAL IDS

db:	SECUNIA	id:	42207	Trust: 2.4
db:	HITACHI	id:	HS10-027	Trust: 2.3
db:	NVD	id:	CVE-2010-4773	Trust: 1.9
db:	VUPEN	id:	ADV-2010-2989	Trust: 1.6
db:	OSVDB	id:	69363	Trust: 1.6
db:	XF	id:	63278	Trust: 0.9
db:	CNVD	id:	CNVD-2010-2820	Trust: 0.6
db:	CNNVD	id:	CNNVD-201103-307	Trust: 0.6
db:	BID	id:	44845	Trust: 0.3
db:	BID	id:	79783	Trust: 0.3
db:	PACKETSTORM	id:	95845	Trust: 0.1

sources: CNVD: CNVD-2010-2820 // BID: 44845 // BID: 79783 // PACKETSTORM: 95845 // CNNVD: CNNVD-201103-307 // NVD: CVE-2010-4773

REFERENCES

url:	http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs10-027/index.html	Trust: 2.3
url:	http://www.vupen.com/english/advisories/2010/2989	Trust: 1.6
url:	http://secunia.com/advisories/42207	Trust: 1.6
url:	http://osvdb.org/69363	Trust: 1.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/63278	Trust: 1.0
url:	http://xforce.iss.net/xforce/xfdb/63278	Trust: 0.9
url:	http://secunia.com/advisories/42207/	Trust: 0.7
url:	http://secunia.com/advisories/42207/#comments	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=42207	Trust: 0.1
url:	http://secunia.com/products/corporate/evm/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/products/corporate/vim/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: CNVD: CNVD-2010-2820 // BID: 44845 // BID: 79783 // PACKETSTORM: 95845 // CNNVD: CNNVD-201103-307 // NVD: CVE-2010-4773

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 44845

SOURCES

db:	CNVD	id:	CNVD-2010-2820
db:	BID	id:	44845
db:	BID	id:	79783
db:	PACKETSTORM	id:	95845
db:	CNNVD	id:	CNNVD-201103-307
db:	NVD	id:	CVE-2010-4773

LAST UPDATE DATE

2025-04-11T23:10:51.320000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2010-2820	date:	2010-11-16T00:00:00
db:	BID	id:	44845	date:	2010-11-15T00:00:00
db:	BID	id:	79783	date:	2011-03-23T00:00:00
db:	CNNVD	id:	CNNVD-201103-307	date:	2011-03-24T00:00:00
db:	NVD	id:	CVE-2010-4773	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2010-2820	date:	2010-11-16T00:00:00
db:	BID	id:	44845	date:	2010-11-15T00:00:00
db:	BID	id:	79783	date:	2011-03-23T00:00:00
db:	PACKETSTORM	id:	95845	date:	2010-11-15T04:49:02
db:	CNNVD	id:	CNNVD-201103-307	date:	2011-03-24T00:00:00
db:	NVD	id:	CVE-2010-4773	date:	2011-03-23T22:00:02.043