Sign-up

ID

VAR-201208-0268


CVE

CVE-2012-4274


TITLE

Hitachi COBOL GUI Run Time System Unknown Remote Code Execution Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2012-8815 // CNNVD: CNNVD-201205-230

DESCRIPTION

Unspecified vulnerability in Hitachi Cobol GUI Option 06-00, 06-01 through 06-01-/A, 07-00, 07-01 before 07-01-/B, and 08-00 before 08-00-/B and Cobol GUI Option Server 07-00, 07-01 before 07-01-/B, and 08-00 before 08-00-/B allows remote attackers to execute arbitrary code via unknown attack vectors. This problem does not occur when only the following runtime products are solely used. HITACHI COBOL is an integrated development environment. No detailed details are provided at this time. ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Hitachi COBOL GUI Run Time System Code Execution Vulnerability SECUNIA ADVISORY ID: SA49158 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49158/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49158 RELEASE DATE: 2012-05-14 DISCUSS ADVISORY: http://secunia.com/advisories/49158/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/49158/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=49158 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Hitachi COBOL GUI Run Time System and Hitachi COBOL Server GUI Run Time System, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error. No further information is currently available. The vulnerability is reported in versions 06-00, 06-01 through 06-01-/A, 07-00, 07-01 through 07-01-/A, and 08-00 through 08-00-/A. SOLUTION: Update or upgrade to version 07-01-/B or 08-00-/B. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HS12-013: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-013/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 3.33

sources: NVD: CVE-2012-4274 // JVNDB: JVNDB-2012-002377 // CNVD: CNVD-2012-8815 // CNVD: CNVD-2012-2534 // BID: 78127 // BID: 53506 // PACKETSTORM: 112713

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.2

sources: CNVD: CNVD-2012-8815 // CNVD: CNVD-2012-2534

AFFECTED PRODUCTS

vendor:hitachimodel:cobol gui option serverscope:eqversion:08-00

Trust: 1.9

vendor:hitachimodel:cobol gui option serverscope:eqversion:07-01

Trust: 1.9

vendor:hitachimodel:cobol gui option serverscope:eqversion:07-00

Trust: 1.9

vendor:hitachimodel:cobol gui optionscope:eqversion:08-00

Trust: 1.9

vendor:hitachimodel:cobol gui optionscope:eqversion:07-01

Trust: 1.9

vendor:hitachimodel:cobol gui optionscope:eqversion:07-00

Trust: 1.9

vendor:hitachimodel:cobol gui option serverscope:eqversion:07-01\/a

Trust: 1.6

vendor:hitachimodel:cobol gui optionscope:eqversion:08-00\/a

Trust: 1.6

vendor:hitachimodel:cobol gui option serverscope:eqversion:08-00\/a

Trust: 1.6

vendor:hitachimodel:cobol gui optionscope:eqversion:06-01\/a

Trust: 1.6

vendor:hitachimodel:cobol gui optionscope:eqversion:06-01

Trust: 1.3

vendor:hitachimodel:cobol gui optionscope:eqversion:06-00

Trust: 1.3

vendor:hitachimodel:cobol gui optionscope:eqversion:07-01\/a

Trust: 1.0

vendor:hitachimodel:cobol gui server run time systemscope:eqversion:07-01

Trust: 0.9

vendor:hitachimodel:cobol gui server run time systemscope:eqversion:08-00

Trust: 0.9

vendor:hitachimodel:cobol gui server run time system 08-00-/ascope: - version: -

Trust: 0.9

vendor:hitachimodel:cobol gui server run time systemscope:eqversion:07-00

Trust: 0.9

vendor:hitachimodel:cobol gui server run time system 07-01-/ascope: - version: -

Trust: 0.9

vendor:hitachimodel:cobol gui run time systemscope:eqversion:07-00

Trust: 0.9

vendor:hitachimodel:cobol gui run time systemscope:eqversion:07-01

Trust: 0.9

vendor:hitachimodel:cobol gui run time system 07-01-/ascope: - version: -

Trust: 0.9

vendor:hitachimodel:cobol gui run time systemscope:eqversion:08-00

Trust: 0.9

vendor:hitachimodel:cobol gui run time system 08-00-/ascope: - version: -

Trust: 0.9

vendor:hitachimodel:cobol gui optionscope:eqversion:(windows)

Trust: 0.8

vendor:hitachimodel:cobol gui optionscope:eqversion:server (windows)

Trust: 0.8

vendor:hitachimodel:cobol gui optionscope:eqversion:server version 7 (windows)

Trust: 0.8

vendor:hitachimodel:cobol gui optionscope:eqversion:version 6 (windows)

Trust: 0.8

vendor:hitachimodel:cobol gui optionscope:eqversion:version 7 (windows)

Trust: 0.8

vendor:nonemodel: - scope: - version: -

Trust: 0.6

vendor:hitachimodel:cobol gui server run time system 08-00-/bscope:neversion: -

Trust: 0.3

vendor:hitachimodel:cobol gui server run time system 07-01-/bscope:neversion: -

Trust: 0.3

vendor:hitachimodel:cobol gui run time system 08-00-/bscope:neversion: -

Trust: 0.3

vendor:hitachimodel:cobol gui run time system 07-01-/bscope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2012-8815 // CNVD: CNVD-2012-2534 // BID: 78127 // BID: 53506 // JVNDB: JVNDB-2012-002377 // CNNVD: CNNVD-201208-179 // NVD: CVE-2012-4274

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-4274
value: HIGH

Trust: 1.0

VENDOR: JVNDB-2012-002377
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2012-8815
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201208-179
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2012-4274
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VENDOR: JVNDB-2012-002377
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2012-8815
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2012-8815 // JVNDB: JVNDB-2012-002377 // CNNVD: CNNVD-201208-179 // NVD: CVE-2012-4274

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2012-4274

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201205-230 // CNNVD: CNNVD-201208-179

TYPE

Failure to Handle Exceptional Conditions

Trust: 0.3

sources: BID: 78127

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-002377

PATCH
title:HS12-013url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-013/index.html
Trust: 0.8
title:Patch for Hitachi COBOL GUI Run Time System Unknown Remote Code Execution Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/36009
Trust: 0.6
title:Patch for Hitachi COBOL GUI Run Time System code execution vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/16955
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2012-8815 // 
            
            
            
            CNVD: CNVD-2012-2534 // 
            
            
            
            JVNDB: JVNDB-2012-002377

EXTERNAL IDS
db:NVDid:CVE-2012-4274
Trust: 2.7
db:SECUNIAid:49158
Trust: 2.4
db:HITACHIid:HS12-013
Trust: 2.3
db:BIDid:53506
Trust: 1.5
db:JVNDBid:JVNDB-2012-002377
Trust: 0.8
db:CNVDid:CNVD-2012-8815
Trust: 0.6
db:CNVDid:CNVD-2012-2534
Trust: 0.6
db:CNNVDid:CNNVD-201205-230
Trust: 0.6
db:CNNVDid:CNNVD-201208-179
Trust: 0.6
db:BIDid:78127
Trust: 0.3
db:PACKETSTORMid:112713
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2012-8815 // 
            
            
            
            CNVD: CNVD-2012-2534 // 
            
            
            
            BID: 78127 // 
            
            
            
            BID: 53506 // 
            
            
            
            JVNDB: JVNDB-2012-002377 // 
            
            
            
            PACKETSTORM: 112713 // 
            
            
            
            CNNVD: CNNVD-201205-230 // 
            
            
            
            CNNVD: CNNVD-201208-179 // 
            
            
            
            NVD: CVE-2012-4274

REFERENCES
url:http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs12-013/index.html
Trust: 2.3
url:http://secunia.com/advisories/49158
Trust: 1.6
url:http://www.securityfocus.com/bid/53506
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4274
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4274
Trust: 0.8
url:http://secunia.com/advisories/49158/
Trust: 0.7
url:http://www.hitachi.com
Trust: 0.3
url:http://secunia.com/psi_30_beta_launch
Trust: 0.1
url:http://secunia.com/vulnerability_intelligence/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/49158/#comments
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=49158
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2012-8815 // 
            
            
            
            CNVD: CNVD-2012-2534 // 
            
            
            
            BID: 78127 // 
            
            
            
            BID: 53506 // 
            
            
            
            JVNDB: JVNDB-2012-002377 // 
            
            
            
            PACKETSTORM: 112713 // 
            
            
            
            CNNVD: CNNVD-201205-230 // 
            
            
            
            CNNVD: CNNVD-201208-179 // 
            
            
            
            NVD: CVE-2012-4274

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 78127

SOURCES
db:CNVDid:CNVD-2012-8815
db:CNVDid:CNVD-2012-2534
db:BIDid:78127
db:BIDid:53506
db:JVNDBid:JVNDB-2012-002377
db:PACKETSTORMid:112713
db:CNNVDid:CNNVD-201205-230
db:CNNVDid:CNNVD-201208-179
db:NVDid:CVE-2012-4274

LAST UPDATE DATE
2025-04-11T23:12:07.367000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2012-8815date:2012-05-16T00:00:00
db:CNVDid:CNVD-2012-2534date:2012-05-16T00:00:00
db:BIDid:78127date:2012-08-13T00:00:00
db:BIDid:53506date:2012-05-14T00:00:00
db:JVNDBid:JVNDB-2012-002377date:2012-05-15T00:00:00
db:CNNVDid:CNNVD-201205-230date:2012-05-16T00:00:00
db:CNNVDid:CNNVD-201208-179date:2012-08-14T00:00:00
db:NVDid:CVE-2012-4274date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CNVDid:CNVD-2012-8815date:2012-05-16T00:00:00
db:CNVDid:CNVD-2012-2534date:2012-05-16T00:00:00
db:BIDid:78127date:2012-08-13T00:00:00
db:BIDid:53506date:2012-05-14T00:00:00
db:JVNDBid:JVNDB-2012-002377date:2012-05-15T00:00:00
db:PACKETSTORMid:112713date:2012-05-14T07:11:25
db:CNNVDid:CNNVD-201205-230date:2012-05-16T00:00:00
db:CNNVDid:CNNVD-201208-179date:2012-08-14T00:00:00
db:NVDid:CVE-2012-4274date:2012-08-13T22:55:01.630