Sign-up

ID

VAR-202009-1644


CVE

CVE-2020-16232


TITLE

Made by Yokogawa Electric WideField3 Buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-008822

DESCRIPTION

In Yokogawa WideField3 R1.01 - R4.03, a buffer overflow could be caused when a user loads a maliciously crafted project file. Provided by Yokogawa Electric Corporation FA-M3 Program development tool WideField3 Buffer overflow vulnerability (CWE-120) Exists.By rewriting the project file by a third party who can access the product, the application may be terminated illegally. Yokogawa WideField3 is a PLC programming software developed by Yokogawa Corporation of Japan. The software contains rich and practical programming tools, including powerful input macros, sampling display, synchronous logic analysis and other functions, and is perfectly compatible with F3SP71-4S and F3SP76-7S sequential CPU modules. There is a buffer error vulnerability in WideField3 R1.01 to R4.03. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

Trust: 1.71

sources: NVD: CVE-2020-16232 // JVNDB: JVNDB-2020-008822 // VULHUB: VHN-169290

AFFECTED PRODUCTS

vendor:yokogawamodel:widefield3scope:lteversion:4.03

Trust: 1.0

vendor:yokogawamodel:widefield3scope:gteversion:1.01

Trust: 1.0

vendor:yokogawa electricmodel:widefield3scope:eqversion:r1.01 から r4.03

Trust: 0.8

sources: JVNDB: JVNDB-2020-008822 // NVD: CVE-2020-16232

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-16232
value: CRITICAL

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2020-16232
value: LOW

Trust: 1.0

NVD: JVNDB-2020-008822
value: LOW

Trust: 0.8

CNNVD: CNNVD-202009-1663
value: CRITICAL

Trust: 0.6

VULHUB: VHN-169290
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-16232
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-169290
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-16232
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2020-16232
baseSeverity: LOW
baseScore: 2.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 1.3
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD score: JVNDB-2020-008822
baseSeverity: LOW
baseScore: 2.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-169290 // JVNDB: JVNDB-2020-008822 // CNNVD: CNNVD-202009-1663 // NVD: CVE-2020-16232 // NVD: CVE-2020-16232

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.9

sources: VULHUB: VHN-169290 // JVNDB: JVNDB-2020-008822 // NVD: CVE-2020-16232

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202009-1663

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202009-1663

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-008822

PATCH
title:YSAR-20-0002: WideField3の脆弱性url:https://web-material3.yokogawa.com/19/30026/files/YSAR-20-0002-J.pdf?_ga=2.268365448.766806365.1601271050-1167442571.1601271050
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-008822

EXTERNAL IDS
db:NVDid:CVE-2020-16232
Trust: 2.5
db:ICS CERTid:ICSA-20-273-02
Trust: 2.5
db:JVNid:JVNVU96842058
Trust: 0.8
db:JVNDBid:JVNDB-2020-008822
Trust: 0.8
db:CNNVDid:CNNVD-202009-1663
Trust: 0.7
db:VULHUBid:VHN-169290
Trust: 0.1
sources:
            
            
            VULHUB: VHN-169290 // 
            
            
            
            JVNDB: JVNDB-2020-008822 // 
            
            
            
            CNNVD: CNNVD-202009-1663 // 
            
            
            
            NVD: CVE-2020-16232

REFERENCES
url:https://www.cisa.gov/uscert/ics/advisories/icsa-20-273-02
Trust: 1.7
url:https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/
Trust: 1.7
url:https://us-cert.cisa.gov/ics/advisories/icsa-20-273-02
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16232
Trust: 0.8
url:https://jvn.jp/vu/jvnvu96842058
Trust: 0.8
url:https://cxsecurity.com/cveshow/cve-2020-16232/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-169290 // 
            
            
            
            JVNDB: JVNDB-2020-008822 // 
            
            
            
            CNNVD: CNNVD-202009-1663 // 
            
            
            
            NVD: CVE-2020-16232

SOURCES
db:VULHUBid:VHN-169290
db:JVNDBid:JVNDB-2020-008822
db:CNNVDid:CNNVD-202009-1663
db:NVDid:CVE-2020-16232

LAST UPDATE DATE
2024-08-14T14:38:19.020000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-169290date:2022-03-28T00:00:00
db:JVNDBid:JVNDB-2020-008822date:2020-09-30T00:00:00
db:CNNVDid:CNNVD-202009-1663date:2022-03-29T00:00:00
db:NVDid:CVE-2020-16232date:2022-03-28T16:26:14.483

SOURCES RELEASE DATE
db:VULHUBid:VHN-169290date:2022-03-18T00:00:00
db:JVNDBid:JVNDB-2020-008822date:2020-09-28T00:00:00
db:CNNVDid:CNNVD-202009-1663date:2020-09-29T00:00:00
db:NVDid:CVE-2020-16232date:2022-03-18T18:15:08.997