CWE-822
Untrusted Pointer Dereference
The product obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.
CVE-2017-12719 (GCVE-0-2017-12719)
Vulnerability from cvelistv5
Published
2017-11-06 22:00
Modified
2024-08-05 18:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A remote attacker is able to execute code to dereference a pointer within the program causing the application to become unavailable.
References
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Advantech WebAccess |
Version: Advantech WebAccess |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:43:56.468Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "101685", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101685" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-306-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Advantech WebAccess" } ] } ], "datePublic": "2017-11-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A remote attacker is able to execute code to dereference a pointer within the program causing the application to become unavailable." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-822", "description": "CWE-822", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-08T10:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "name": "101685", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101685" }, { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-306-02" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2017-12719", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess", "version": { "version_data": [ { "version_value": "Advantech WebAccess" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A remote attacker is able to execute code to dereference a pointer within the program causing the application to become unavailable." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-822" } ] } ] }, "references": { "reference_data": [ { "name": "101685", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101685" }, { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-306-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-306-02" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-12719", "datePublished": "2017-11-06T22:00:00", "dateReserved": "2017-08-09T00:00:00", "dateUpdated": "2024-08-05T18:43:56.468Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2017-16728 (GCVE-0-2017-16728)
Vulnerability from cvelistv5
Published
2018-01-05 08:00
Modified
2024-08-05 20:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash.
References
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Advantech WebAccess |
Version: Advantech WebAccess |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T20:35:20.278Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "102424", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102424" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Advantech WebAccess" } ] } ], "datePublic": "2018-01-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-822", "description": "CWE-822", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-06T10:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "name": "102424", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102424" }, { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2017-16728", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess", "version": { "version_data": [ { "version_value": "Advantech WebAccess" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-822" } ] } ] }, "references": { "reference_data": [ { "name": "102424", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102424" }, { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-16728", "datePublished": "2018-01-05T08:00:00", "dateReserved": "2017-11-09T00:00:00", "dateUpdated": "2024-08-05T20:35:20.278Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2018-12548 (GCVE-0-2018-12548)
Vulnerability from cvelistv5
Published
2019-01-31 20:00
Modified
2024-08-05 08:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-822 - Untrusted Pointer Dereference
Summary
In OpenJDK + Eclipse OpenJ9 version 0.11.0 builds, the public jdk.crypto.jniprovider.NativeCrypto class contains public static natives which accept pointer values that are dereferenced in the native code.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
The Eclipse Foundation | Eclipse OpenJ9 |
Version: 0.11.0 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T08:38:06.287Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=543792" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Eclipse OpenJ9", "vendor": "The Eclipse Foundation", "versions": [ { "status": "affected", "version": "0.11.0" } ] } ], "datePublic": "2019-01-31T00:00:00", "descriptions": [ { "lang": "en", "value": "In OpenJDK + Eclipse OpenJ9 version 0.11.0 builds, the public jdk.crypto.jniprovider.NativeCrypto class contains public static natives which accept pointer values that are dereferenced in the native code." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-822", "description": "CWE-822: Untrusted Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-01-31T19:57:01", "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "shortName": "eclipse" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=543792" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@eclipse.org", "ID": "CVE-2018-12548", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Eclipse OpenJ9", "version": { "version_data": [ { "version_affected": "=", "version_value": "0.11.0" } ] } } ] }, "vendor_name": "The Eclipse Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In OpenJDK + Eclipse OpenJ9 version 0.11.0 builds, the public jdk.crypto.jniprovider.NativeCrypto class contains public static natives which accept pointer values that are dereferenced in the native code." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-822: Untrusted Pointer Dereference" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=543792", "refsource": "CONFIRM", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=543792" } ] } } } }, "cveMetadata": { "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "assignerShortName": "eclipse", "cveId": "CVE-2018-12548", "datePublished": "2019-01-31T20:00:00", "dateReserved": "2018-06-18T00:00:00", "dateUpdated": "2024-08-05T08:38:06.287Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2018-14811 (GCVE-0-2018-14811)
Vulnerability from cvelistv5
Published
2018-09-26 20:00
Modified
2024-09-16 20:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-822 - UNTRUSTED POINTER DEREFERENCE
Summary
Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution.
References
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Fuji Electric | V-Server |
Version: 4.0.3.0 and prior |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T09:38:13.982Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01" }, { "name": "105341", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105341" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "V-Server", "vendor": "Fuji Electric", "versions": [ { "status": "affected", "version": "4.0.3.0 and prior" } ] } ], "datePublic": "2018-09-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-822", "description": "UNTRUSTED POINTER DEREFERENCE CWE-822", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-09-27T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01" }, { "name": "105341", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105341" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2018-09-11T00:00:00", "ID": "CVE-2018-14811", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "V-Server", "version": { "version_data": [ { "version_value": "4.0.3.0 and prior" } ] } } ] }, "vendor_name": "Fuji Electric" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "UNTRUSTED POINTER DEREFERENCE CWE-822" } ] } ] }, "references": { "reference_data": [ { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01" }, { "name": "105341", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105341" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-14811", "datePublished": "2018-09-26T20:00:00Z", "dateReserved": "2018-08-01T00:00:00", "dateUpdated": "2024-09-16T20:41:49.709Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2018-17893 (GCVE-0-2018-17893)
Vulnerability from cvelistv5
Published
2018-10-17 02:00
Modified
2024-09-17 03:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-822 - UNTRUSTED POINTER DEREFERENCE
Summary
LAquis SCADA Versions 4.1.0.3870 and prior has an untrusted pointer dereference vulnerability, which may allow remote code execution.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
LCDS - Leão Consultoria e Desenvolvimento de Sistemas LTDA ME | LAquis SCADA |
Version: 4.1.0.3870 and prior |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T11:01:14.614Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://laquisscada.com/instale1.php" }, { "name": "105719", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105719" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-289-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "LAquis SCADA", "vendor": "LCDS - Le\u00e3o Consultoria e Desenvolvimento de Sistemas LTDA ME", "versions": [ { "status": "affected", "version": "4.1.0.3870 and prior" } ] } ], "datePublic": "2018-10-16T00:00:00", "descriptions": [ { "lang": "en", "value": "LAquis SCADA Versions 4.1.0.3870 and prior has an untrusted pointer dereference vulnerability, which may allow remote code execution." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-822", "description": "UNTRUSTED POINTER DEREFERENCE CWE-822", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-25T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://laquisscada.com/instale1.php" }, { "name": "105719", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105719" }, { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-289-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2018-10-16T00:00:00", "ID": "CVE-2018-17893", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "LAquis SCADA", "version": { "version_data": [ { "version_value": "4.1.0.3870 and prior" } ] } } ] }, "vendor_name": "LCDS - Le\u00e3o Consultoria e Desenvolvimento de Sistemas LTDA ME" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "LAquis SCADA Versions 4.1.0.3870 and prior has an untrusted pointer dereference vulnerability, which may allow remote code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "UNTRUSTED POINTER DEREFERENCE CWE-822" } ] } ] }, "references": { "reference_data": [ { "name": "http://laquisscada.com/instale1.php", "refsource": "MISC", "url": "http://laquisscada.com/instale1.php" }, { "name": "105719", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105719" }, { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-289-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-289-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-17893", "datePublished": "2018-10-17T02:00:00Z", "dateReserved": "2018-10-02T00:00:00", "dateUpdated": "2024-09-17T03:13:47.712Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2018-19029 (GCVE-0-2018-19029)
Vulnerability from cvelistv5
Published
2019-02-05 18:00
Modified
2024-09-16 22:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-822 - UNTRUSTED POINTER DEREFERENCE
Summary
LCDS Laquis SCADA prior to version 4.1.0.4150 allows an attacker using a specially crafted project file to supply a pointer for a controlled memory address, which may allow remote code execution, data exfiltration, or cause a system crash.
References
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
LCDS | LCDS Laquis SCADA |
Version: All versions prior to version 4.1.0.4150 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T11:23:08.951Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01" }, { "name": "106634", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/106634" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "LCDS Laquis SCADA", "vendor": "LCDS", "versions": [ { "status": "affected", "version": "All versions prior to version 4.1.0.4150" } ] } ], "datePublic": "2019-01-15T00:00:00", "descriptions": [ { "lang": "en", "value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows an attacker using a specially crafted project file to supply a pointer for a controlled memory address, which may allow remote code execution, data exfiltration, or cause a system crash." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-822", "description": "UNTRUSTED POINTER DEREFERENCE CWE-822", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-02-06T10:57:02", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01" }, { "name": "106634", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/106634" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2019-01-15T00:00:00", "ID": "CVE-2018-19029", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "LCDS Laquis SCADA", "version": { "version_data": [ { "version_value": "All versions prior to version 4.1.0.4150" } ] } } ] }, "vendor_name": "LCDS" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows an attacker using a specially crafted project file to supply a pointer for a controlled memory address, which may allow remote code execution, data exfiltration, or cause a system crash." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "UNTRUSTED POINTER DEREFERENCE CWE-822" } ] } ] }, "references": { "reference_data": [ { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01" }, { "name": "106634", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106634" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-19029", "datePublished": "2019-02-05T18:00:00Z", "dateReserved": "2018-11-06T00:00:00", "dateUpdated": "2024-09-16T22:25:18.489Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2018-7497 (GCVE-0-2018-7497)
Vulnerability from cvelistv5
Published
2018-05-15 22:00
Modified
2024-09-17 01:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-822 - UNTRUSTED POINTER DEREFERENCE
Summary
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer dereference vulnerabilities have been identified, which may allow an attacker to execute arbitrary code.
References
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:31:03.819Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "104190", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/104190" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "WebAccess", "vendor": "Advantech", "versions": [ { "status": "affected", "version": "WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, WebAccess/NMS 2.0.3 and prior." } ] } ], "datePublic": "2018-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer dereference vulnerabilities have been identified, which may allow an attacker to execute arbitrary code." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-822", "description": "UNTRUSTED POINTER DEREFERENCE CWE-822", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-17T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "name": "104190", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/104190" }, { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2018-05-15T00:00:00", "ID": "CVE-2018-7497", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "WebAccess", "version": { "version_data": [ { "version_value": "WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, WebAccess/NMS 2.0.3 and prior." } ] } } ] }, "vendor_name": "Advantech" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer dereference vulnerabilities have been identified, which may allow an attacker to execute arbitrary code." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "UNTRUSTED POINTER DEREFERENCE CWE-822" } ] } ] }, "references": { "reference_data": [ { "name": "104190", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104190" }, { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-7497", "datePublished": "2018-05-15T22:00:00Z", "dateReserved": "2018-02-26T00:00:00", "dateUpdated": "2024-09-17T01:51:04.478Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2018-7502 (GCVE-0-2018-7502)
Vulnerability from cvelistv5
Published
2018-03-23 17:00
Modified
2024-09-16 17:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-822 - Untrusted Pointer Dereference
Summary
Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges.
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
ICS-CERT | Beckhoff TwinCAT PLC products |
Version: TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, TwinCAT 3.1 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:31:04.349Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://srcincite.io/advisories/src-2018-0007/" }, { "name": "103487", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103487" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-081-02" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Beckhoff TwinCAT PLC products", "vendor": "ICS-CERT", "versions": [ { "status": "affected", "version": "TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, TwinCAT 3.1" } ] } ], "datePublic": "2018-03-22T00:00:00", "descriptions": [ { "lang": "en", "value": "Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-822", "description": "Untrusted Pointer Dereference CWE-822", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-22T19:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://srcincite.io/advisories/src-2018-0007/" }, { "name": "103487", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103487" }, { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-081-02" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2018-03-22T00:00:00", "ID": "CVE-2018-7502", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Beckhoff TwinCAT PLC products", "version": { "version_data": [ { "version_value": "TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, TwinCAT 3.1" } ] } } ] }, "vendor_name": "ICS-CERT" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Untrusted Pointer Dereference CWE-822" } ] } ] }, "references": { "reference_data": [ { "name": "https://srcincite.io/advisories/src-2018-0007/", "refsource": "MISC", "url": "https://srcincite.io/advisories/src-2018-0007/" }, { "name": "103487", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103487" }, { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-081-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-081-02" }, { "name": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdf", "refsource": "CONFIRM", "url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-7502", "datePublished": "2018-03-23T17:00:00Z", "dateReserved": "2018-02-26T00:00:00", "dateUpdated": "2024-09-16T17:14:23.452Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2018-7525 (GCVE-0-2018-7525)
Vulnerability from cvelistv5
Published
2018-03-21 20:00
Modified
2024-09-16 20:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-822 - UNTRUSTED POINTER DEREFERENCE
Summary
In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed packet by a certain executable may cause an untrusted pointer dereference vulnerability.
References
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
ICS-CERT | Omron CX-Supervisor |
Version: Version 3.30 and prior |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:31:04.350Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "103394", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103394" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Omron CX-Supervisor", "vendor": "ICS-CERT", "versions": [ { "status": "affected", "version": "Version 3.30 and prior" } ] } ], "datePublic": "2018-03-13T00:00:00", "descriptions": [ { "lang": "en", "value": "In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed packet by a certain executable may cause an untrusted pointer dereference vulnerability." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-822", "description": "UNTRUSTED POINTER DEREFERENCE CWE-822", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-02T20:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "name": "103394", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103394" }, { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2018-03-13T00:00:00", "ID": "CVE-2018-7525", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Omron CX-Supervisor", "version": { "version_data": [ { "version_value": "Version 3.30 and prior" } ] } } ] }, "vendor_name": "ICS-CERT" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed packet by a certain executable may cause an untrusted pointer dereference vulnerability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "UNTRUSTED POINTER DEREFERENCE CWE-822" } ] } ] }, "references": { "reference_data": [ { "name": "103394", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103394" }, { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-7525", "datePublished": "2018-03-21T20:00:00Z", "dateReserved": "2018-02-26T00:00:00", "dateUpdated": "2024-09-16T20:21:41.541Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2019-13334 (GCVE-0-2019-13334)
Vulnerability from cvelistv5
Published
2020-02-07 23:35
Modified
2024-08-04 23:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-822 - Untrusted Pointer Dereference
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DXF files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8774.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Foxit | PhantomPDF |
Version: 9.5.0.20723 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T23:49:24.679Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-859/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "PhantomPDF", "vendor": "Foxit", "versions": [ { "status": "affected", "version": "9.5.0.20723" } ] } ], "credits": [ { "lang": "en", "value": "Mat Powell of Trend Micro Zero Day Initiative" } ], "descriptions": [ { "lang": "en", "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DXF files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8774." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-822", "description": "CWE-822: Untrusted Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-02-07T23:35:16", "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-859/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "zdi-disclosures@trendmicro.com", "ID": "CVE-2019-13334", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "PhantomPDF", "version": { "version_data": [ { "version_value": "9.5.0.20723" } ] } } ] }, "vendor_name": "Foxit" } ] } }, "credit": "Mat Powell of Trend Micro Zero Day Initiative", "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DXF files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8774." } ] }, "impact": { "cvss": { "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-822: Untrusted Pointer Dereference" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-859/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-859/" } ] } } } }, "cveMetadata": { "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "assignerShortName": "zdi", "cveId": "CVE-2019-13334", "datePublished": "2020-02-07T23:35:16", "dateReserved": "2019-07-05T00:00:00", "dateUpdated": "2024-08-04T23:49:24.679Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
No mitigation information available for this CWE.
CAPEC-129: Pointer Manipulation
This attack pattern involves an adversary manipulating a pointer within a target application resulting in the application accessing an unintended memory location. This can result in the crashing of the application or, for certain pointer values, access to data that would not normally be possible or the execution of arbitrary code. Since pointers are simply integer variables, Integer Attacks may often be used in Pointer Attacks.