Details of VAR-201907-1444

ID

VAR-201907-1444

CVE

CVE-2019-10975

TITLE

Fuji Electric Alpha7 PC Loader Buffer Overflow Vulnerability

Trust: 0.8

sources: IVD: f2376594-620a-4edb-9dea-d851708a0067 // CNVD: CNVD-2019-14818

DESCRIPTION

An out-of-bounds read vulnerability has been identified in Fuji Electric Alpha7 PC Loader Versions 1.1 and prior, which may crash the system. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of A7P files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the Administrator. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow. Successfully exploiting this issue allows an attackers to crash the affected application, denying service to legitimate users

Trust: 3.33

sources: NVD: CVE-2019-10975 // JVNDB: JVNDB-2019-006019 // ZDI: ZDI-19-517 // CNVD: CNVD-2019-14818 // BID: 108359 // IVD: f2376594-620a-4edb-9dea-d851708a0067 // VULHUB: VHN-142575

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: f2376594-620a-4edb-9dea-d851708a0067 // CNVD: CNVD-2019-14818

AFFECTED PRODUCTS

vendor:	fujielectric	model:	alpha7 pc loader	scope:	lte	version:	1.1	Trust: 1.0
vendor:	fuji electric	model:	alpha7 pc loader	scope:	lte	version:	1.1	Trust: 0.8
vendor:	fuji electric	model:	alpha7	scope:	-	version:	-	Trust: 0.7
vendor:	fuji	model:	electric alpha7 pc loader	scope:	lte	version:	<=1.1	Trust: 0.6
vendor:	fuji	model:	electric alpha7 pc loader	scope:	eq	version:	1.1	Trust: 0.3
vendor:	fuji	model:	electric alpha7 pc loader	scope:	ne	version:	1.2	Trust: 0.3
vendor:	alpha7 pc loader	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: f2376594-620a-4edb-9dea-d851708a0067 // ZDI: ZDI-19-517 // CNVD: CNVD-2019-14818 // BID: 108359 // JVNDB: JVNDB-2019-006019 // NVD: CVE-2019-10975

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-10975
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-10975
value:	MEDIUM
Trust: 0.8
ZDI:	CVE-2019-10975
value:	LOW
Trust: 0.7
CNVD:	CNVD-2019-14818
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201905-725
value:	MEDIUM
Trust: 0.6
IVD:	f2376594-620a-4edb-9dea-d851708a0067
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-142575
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-10975
severity:	LOW
baseScore:	3.3
vectorString:	AV:L/AC:M/AU:N/C:P/I:N/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-14818
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	f2376594-620a-4edb-9dea-d851708a0067
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-142575
severity:	LOW
baseScore:	3.3
vectorString:	AV:L/AC:M/AU:N/C:P/I:N/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-10975
baseSeverity:	MEDIUM
baseScore:	6.6
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.3
impactScore:	5.2
version:	3.0
Trust: 1.8
ZDI:	CVE-2019-10975
baseSeverity:	LOW
baseScore:	3.3
vectorString:	AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.0
Trust: 0.7

sources: IVD: f2376594-620a-4edb-9dea-d851708a0067 // ZDI: ZDI-19-517 // CNVD: CNVD-2019-14818 // VULHUB: VHN-142575 // JVNDB: JVNDB-2019-006019 // CNNVD: CNNVD-201905-725 // NVD: CVE-2019-10975

PROBLEMTYPE DATA

problemtype:

CWE-125

Trust: 1.9

sources: VULHUB: VHN-142575 // JVNDB: JVNDB-2019-006019 // NVD: CVE-2019-10975

THREAT TYPE

local

Trust: 0.9

sources: BID: 108359 // CNNVD: CNNVD-201905-725

TYPE

Buffer error

Trust: 0.8

sources: IVD: f2376594-620a-4edb-9dea-d851708a0067 // CNNVD: CNNVD-201905-725

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-006019

PATCH

title:	Fe Library (ALPHA7 Loader Softwar ver1_2)	url:	https://felib.fujielectric.co.jp/download/search2.htm?dosearch=1&site=global&lang=en&documentGroup=software	Trust: 0.8
title:	Fuji Electric has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-19-136-02	Trust: 0.7
title:	Patch for Fuji Electric Alpha7 PC Loader Buffer Overflow Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/161745	Trust: 0.6
title:	Fuji Electric Alpha7 PC Loader Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92858	Trust: 0.6

sources: ZDI: ZDI-19-517 // CNVD: CNVD-2019-14818 // JVNDB: JVNDB-2019-006019 // CNNVD: CNNVD-201905-725

EXTERNAL IDS

db:	NVD	id:	CVE-2019-10975	Trust: 4.3
db:	ICS CERT	id:	ICSA-19-136-02	Trust: 3.4
db:	BID	id:	108359	Trust: 2.8
db:	ZDI	id:	ZDI-19-517	Trust: 2.4
db:	CNNVD	id:	CNNVD-201905-725	Trust: 0.9
db:	CNVD	id:	CNVD-2019-14818	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-006019	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-8030	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.1786	Trust: 0.6
db:	IVD	id:	F2376594-620A-4EDB-9DEA-D851708A0067	Trust: 0.2
db:	VULHUB	id:	VHN-142575	Trust: 0.1

sources: IVD: f2376594-620a-4edb-9dea-d851708a0067 // ZDI: ZDI-19-517 // CNVD: CNVD-2019-14818 // VULHUB: VHN-142575 // BID: 108359 // JVNDB: JVNDB-2019-006019 // CNNVD: CNNVD-201905-725 // NVD: CVE-2019-10975

REFERENCES

url:	http://www.securityfocus.com/bid/108359	Trust: 3.1
url:	https://ics-cert.us-cert.gov/advisories/icsa-19-136-02	Trust: 2.2
url:	https://www.zerodayinitiative.com/advisories/zdi-19-517/	Trust: 1.7
url:	https://felib.fujielectric.co.jp/download/search2.htm?dosearch=1&site=global&lang=en&documentgroup=software	Trust: 1.6
url:	https://www.us-cert.gov/ics/advisories/icsa-19-136-02	Trust: 1.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10975	Trust: 1.4
url:	https://www.us-cert.gov/ics/advisories/icsa-19-136-02%2c	Trust: 1.0
url:	https://americas.fujielectric.com/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10975	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/81230	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.1786/	Trust: 0.6
url:	https://felib.fujielectric.co.jp/download/search2.htm?dosearch=1&site=global&lang=en&documentgroup=software	Trust: 0.1
url:	https://www.us-cert.gov/ics/advisories/icsa-19-136-02,	Trust: 0.1

sources: ZDI: ZDI-19-517 // CNVD: CNVD-2019-14818 // VULHUB: VHN-142575 // BID: 108359 // JVNDB: JVNDB-2019-006019 // CNNVD: CNNVD-201905-725 // NVD: CVE-2019-10975

CREDITS

kimiya of 9SG Security Team - kimiya@9sgsec.com

Trust: 0.7

sources: ZDI: ZDI-19-517

SOURCES

db:	IVD	id:	f2376594-620a-4edb-9dea-d851708a0067
db:	ZDI	id:	ZDI-19-517
db:	CNVD	id:	CNVD-2019-14818
db:	VULHUB	id:	VHN-142575
db:	BID	id:	108359
db:	JVNDB	id:	JVNDB-2019-006019
db:	CNNVD	id:	CNNVD-201905-725
db:	NVD	id:	CVE-2019-10975

LAST UPDATE DATE

2024-11-23T22:16:56.635000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-19-517	date:	2019-05-29T00:00:00
db:	CNVD	id:	CNVD-2019-14818	date:	2019-05-21T00:00:00
db:	VULHUB	id:	VHN-142575	date:	2019-10-09T00:00:00
db:	BID	id:	108359	date:	2019-05-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-006019	date:	2019-07-08T00:00:00
db:	CNNVD	id:	CNNVD-201905-725	date:	2019-07-08T00:00:00
db:	NVD	id:	CVE-2019-10975	date:	2024-11-21T04:20:16.723

SOURCES RELEASE DATE

db:	IVD	id:	f2376594-620a-4edb-9dea-d851708a0067	date:	2019-05-21T00:00:00
db:	ZDI	id:	ZDI-19-517	date:	2019-05-29T00:00:00
db:	CNVD	id:	CNVD-2019-14818	date:	2019-05-21T00:00:00
db:	VULHUB	id:	VHN-142575	date:	2019-07-02T00:00:00
db:	BID	id:	108359	date:	2019-05-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-006019	date:	2019-07-08T00:00:00
db:	CNNVD	id:	CNNVD-201905-725	date:	2019-05-16T00:00:00
db:	NVD	id:	CVE-2019-10975	date:	2019-07-02T20:15:11.513