Sign-up

ID

VAR-201804-0782


CVE

CVE-2017-9634


TITLE

Mitsubishi E-Designer Vulnerable to out-of-bounds writing

Trust: 0.8

sources: JVNDB: JVNDB-2017-013249

DESCRIPTION

Mitsubishi E-Designer, Version 7.52 Build 344 contains two code sections which may be exploited to allow an attacker to overwrite arbitrary memory locations. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash. Mitsubishi E-Designer Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of TxStaticString sections of a mpa (project specification) file. An out-of-bounds value for the column specification will cause a user-supplied string to be written to an arbitrary memory address. An attacker can leverage this vulnerability to execute arbitrary code in the context of the Administrator. E-Designer is an E-series programming software from Mitsubishi Electric Europe B.V. Mitsubishi Electric Europe B.V. Mitsubishi E-Designer is prone to the following vulnerabilities: 1. Multiple stack-based overflow vulnerabilities. 2. Multiple heap-based overflow vulnerabilities. 3. Multiple denial-of-service overflow vulnerabilities. Failed exploit attempts will result in denial-of-service conditions. Mitsubishi E-Designer version 7.52 Build 344 is vulnerable; other versions may also be affected

Trust: 3.96

sources: NVD: CVE-2017-9634 // JVNDB: JVNDB-2017-013249 // ZDI: ZDI-17-507 // ZDI: ZDI-17-506 // CNVD: CNVD-2017-22837 // BID: 100097 // IVD: 3f385bd9-7c1c-4e38-ad57-7db92192b1a5 // VULMON: CVE-2017-9634

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 3f385bd9-7c1c-4e38-ad57-7db92192b1a5 // CNVD: CNVD-2017-22837

AFFECTED PRODUCTS

vendor:mitsubishielectricmodel:e-designerscope:eqversion:7.52

Trust: 1.6

vendor:mitsubishi electricmodel:e-designerscope: - version: -

Trust: 1.4

vendor:mitsubishi electricmodel:e-designerscope:eqversion:7.52 build 344

Trust: 0.8

vendor:mitsubishimodel:electric europe b.v. e-designer buildscope:eqversion:7.52344

Trust: 0.6

vendor:mitsubishimodel:electric e-designer buildscope:eqversion:7.52344

Trust: 0.3

vendor:e designermodel: - scope:eqversion:7.52

Trust: 0.2

sources: IVD: 3f385bd9-7c1c-4e38-ad57-7db92192b1a5 // ZDI: ZDI-17-507 // ZDI: ZDI-17-506 // CNVD: CNVD-2017-22837 // BID: 100097 // JVNDB: JVNDB-2017-013249 // CNNVD: CNNVD-201706-869 // NVD: CVE-2017-9634

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2017-9634
value: HIGH

Trust: 1.4

nvd@nist.gov: CVE-2017-9634
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-9634
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2017-22837
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201706-869
value: CRITICAL

Trust: 0.6

IVD: 3f385bd9-7c1c-4e38-ad57-7db92192b1a5
value: CRITICAL

Trust: 0.2

VULMON: CVE-2017-9634
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-9634
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

ZDI: CVE-2017-9634
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.4

CNVD: CNVD-2017-22837
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 3f385bd9-7c1c-4e38-ad57-7db92192b1a5
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2017-9634
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: 3f385bd9-7c1c-4e38-ad57-7db92192b1a5 // ZDI: ZDI-17-507 // ZDI: ZDI-17-506 // CNVD: CNVD-2017-22837 // VULMON: CVE-2017-9634 // JVNDB: JVNDB-2017-013249 // CNNVD: CNNVD-201706-869 // NVD: CVE-2017-9634

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.8

sources: JVNDB: JVNDB-2017-013249 // NVD: CVE-2017-9634

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-869

TYPE

Buffer error

Trust: 0.8

sources: IVD: 3f385bd9-7c1c-4e38-ad57-7db92192b1a5 // CNNVD: CNNVD-201706-869

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-013249

PATCH
title:Mitsubishi Electric has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01
Trust: 1.4
title:Top Pageurl:http://www.mitsubishielectric.co.jp/fa/
Trust: 0.8
title:Mitsubishi Electric Europe B.V. E-Designer patch for out-of-bounds write vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/100852
Trust: 0.6
sources:
            
            
            ZDI: ZDI-17-507 // 
            
            
            
            ZDI: ZDI-17-506 // 
            
            
            
            CNVD: CNVD-2017-22837 // 
            
            
            
            JVNDB: JVNDB-2017-013249

EXTERNAL IDS
db:NVDid:CVE-2017-9634
Trust: 5.0
db:ICS CERTid:ICSA-17-213-01
Trust: 3.4
db:BIDid:100097
Trust: 2.0
db:CNVDid:CNVD-2017-22837
Trust: 0.8
db:CNNVDid:CNNVD-201706-869
Trust: 0.8
db:JVNDBid:JVNDB-2017-013249
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-3804
Trust: 0.7
db:ZDIid:ZDI-17-507
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-3759
Trust: 0.7
db:ZDIid:ZDI-17-506
Trust: 0.7
db:IVDid:3F385BD9-7C1C-4E38-AD57-7DB92192B1A5
Trust: 0.2
db:VULMONid:CVE-2017-9634
Trust: 0.1
sources:
            
            
            IVD: 3f385bd9-7c1c-4e38-ad57-7db92192b1a5 // 
            
            
            
            ZDI: ZDI-17-507 // 
            
            
            
            ZDI: ZDI-17-506 // 
            
            
            
            CNVD: CNVD-2017-22837 // 
            
            
            
            VULMON: CVE-2017-9634 // 
            
            
            
            BID: 100097 // 
            
            
            
            JVNDB: JVNDB-2017-013249 // 
            
            
            
            CNNVD: CNNVD-201706-869 // 
            
            
            
            NVD: CVE-2017-9634

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-17-213-01
Trust: 4.8
url:http://www.securityfocus.com/bid/100097
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9634
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-9634
Trust: 0.8
url:http://www.mrslim.com/home.asp
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/787.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            ZDI: ZDI-17-507 // 
            
            
            
            ZDI: ZDI-17-506 // 
            
            
            
            CNVD: CNVD-2017-22837 // 
            
            
            
            VULMON: CVE-2017-9634 // 
            
            
            
            BID: 100097 // 
            
            
            
            JVNDB: JVNDB-2017-013249 // 
            
            
            
            CNNVD: CNNVD-201706-869 // 
            
            
            
            NVD: CVE-2017-9634

CREDITS
rgod
Trust: 1.4
sources:
            
            
            ZDI: ZDI-17-507 // 
            
            
            
            ZDI: ZDI-17-506

SOURCES
db:IVDid:3f385bd9-7c1c-4e38-ad57-7db92192b1a5
db:ZDIid:ZDI-17-507
db:ZDIid:ZDI-17-506
db:CNVDid:CNVD-2017-22837
db:VULMONid:CVE-2017-9634
db:BIDid:100097
db:JVNDBid:JVNDB-2017-013249
db:CNNVDid:CNNVD-201706-869
db:NVDid:CVE-2017-9634

LAST UPDATE DATE
2024-11-23T22:00:36.968000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-17-507date:2017-08-01T00:00:00
db:ZDIid:ZDI-17-506date:2017-08-01T00:00:00
db:CNVDid:CNVD-2017-22837date:2017-08-25T00:00:00
db:VULMONid:CVE-2017-9634date:2019-10-09T00:00:00
db:BIDid:100097date:2017-08-01T00:00:00
db:JVNDBid:JVNDB-2017-013249date:2018-06-12T00:00:00
db:CNNVDid:CNNVD-201706-869date:2019-10-17T00:00:00
db:NVDid:CVE-2017-9634date:2024-11-21T03:36:33.573

SOURCES RELEASE DATE
db:IVDid:3f385bd9-7c1c-4e38-ad57-7db92192b1a5date:2017-08-25T00:00:00
db:ZDIid:ZDI-17-507date:2017-08-01T00:00:00
db:ZDIid:ZDI-17-506date:2017-08-01T00:00:00
db:CNVDid:CNVD-2017-22837date:2017-08-25T00:00:00
db:VULMONid:CVE-2017-9634date:2018-04-17T00:00:00
db:BIDid:100097date:2017-08-01T00:00:00
db:JVNDBid:JVNDB-2017-013249date:2018-06-12T00:00:00
db:CNNVDid:CNNVD-201706-869date:2017-06-21T00:00:00
db:NVDid:CVE-2017-9634date:2018-04-17T14:29:00.353