Details of VAR-201906-1021

ID

VAR-201906-1021

CVE

CVE-2019-10971

TITLE

Network Configurator for DeviceNet Safety Vulnerabilities related to untrusted search paths

Trust: 0.8

sources: JVNDB: JVNDB-2019-005472

DESCRIPTION

The application (Network Configurator for DeviceNet Safety 3.41 and prior) searches for resources by means of an untrusted search path that could execute a malicious .dll file not under the application's direct control and outside the intended directories. Network Configurator for DeviceNet Safety Contains an unreliable search path vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Omron Network Configurator for DeviceNet is prone to a local untrusted search path vulnerability. A local attacker can exploit this issue to execute arbitrary code on the targeted system. Network Configurator for DeviceNet Safety 3.41 and prior are vulnerable. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products

Trust: 1.98

sources: NVD: CVE-2019-10971 // JVNDB: JVNDB-2019-005472 // BID: 108349 // VULHUB: VHN-142571

AFFECTED PRODUCTS

vendor:	omron	model:	network configurator for devicenet safety	scope:	lte	version:	3.41	Trust: 1.0
vendor:	omron	model:	network configurator for devicenet safety	scope:	lte	version:	1.12.0	Trust: 0.8
vendor:	omron	model:	network configurator for devicenet safety	scope:	eq	version:	3.41	Trust: 0.3

sources: BID: 108349 // JVNDB: JVNDB-2019-005472 // NVD: CVE-2019-10971

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-10971
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-10971
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201905-618
value:	HIGH
Trust: 0.6
VULHUB:	VHN-142571
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-10971
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-142571
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-10971
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-142571 // JVNDB: JVNDB-2019-005472 // CNNVD: CNNVD-201905-618 // NVD: CVE-2019-10971

PROBLEMTYPE DATA

problemtype:

CWE-426

Trust: 1.9

sources: VULHUB: VHN-142571 // JVNDB: JVNDB-2019-005472 // NVD: CVE-2019-10971

THREAT TYPE

local

Trust: 0.9

sources: BID: 108349 // CNNVD: CNNVD-201905-618

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201905-618

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-005472

PATCH

title:

Network Configurator

url:

https://industrial.omron.eu/en/products/network-configurator

Trust: 0.8

sources: JVNDB: JVNDB-2019-005472

EXTERNAL IDS

db:	NVD	id:	CVE-2019-10971	Trust: 2.8
db:	ICS CERT	id:	ICSA-19-134-01	Trust: 2.8
db:	BID	id:	108349	Trust: 1.0
db:	JVN	id:	JVNVU94145643	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-005472	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-618	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.1717.2	Trust: 0.6
db:	VULHUB	id:	VHN-142571	Trust: 0.1

sources: VULHUB: VHN-142571 // BID: 108349 // JVNDB: JVNDB-2019-005472 // CNNVD: CNNVD-201905-618 // NVD: CVE-2019-10971

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-19-134-01	Trust: 2.8
url:	http://www.securityfocus.com/bid/108349	Trust: 1.2
url:	https://industrial.omron.us/en/home	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10971	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu94145643//	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10971	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2019.1717.2/	Trust: 0.6
url:	https://www.us-cert.gov/ics/advisories/icsa-19-134-01	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/80950	Trust: 0.6

sources: VULHUB: VHN-142571 // BID: 108349 // JVNDB: JVNDB-2019-005472 // CNNVD: CNNVD-201905-618 // NVD: CVE-2019-10971

CREDITS

The researcher with the handle n0b0dy sent information to NCCIC,n0b0dy, leading to the discovery of this vulnerability.

Trust: 0.6

sources: CNNVD: CNNVD-201905-618

SOURCES

db:	VULHUB	id:	VHN-142571
db:	BID	id:	108349
db:	JVNDB	id:	JVNDB-2019-005472
db:	CNNVD	id:	CNNVD-201905-618
db:	NVD	id:	CVE-2019-10971

LAST UPDATE DATE

2024-11-23T22:44:58.158000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-142571	date:	2019-10-09T00:00:00
db:	BID	id:	108349	date:	2019-05-14T00:00:00
db:	JVNDB	id:	JVNDB-2019-005472	date:	2019-11-07T00:00:00
db:	CNNVD	id:	CNNVD-201905-618	date:	2019-11-06T00:00:00
db:	NVD	id:	CVE-2019-10971	date:	2024-11-21T04:20:16.260

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-142571	date:	2019-06-12T00:00:00
db:	BID	id:	108349	date:	2019-05-14T00:00:00
db:	JVNDB	id:	JVNDB-2019-005472	date:	2019-06-20T00:00:00
db:	CNNVD	id:	CNNVD-201905-618	date:	2019-05-14T00:00:00
db:	NVD	id:	CVE-2019-10971	date:	2019-06-12T16:29:00.220