Search
Find a vulnerability
Search criteria
6 vulnerabilities by ezautomation
VAR-201909-1004
Vulnerability from variot - Updated: 2024-11-23 22:55An attacker could use a specially crafted project file to corrupt the memory and execute code under the privileges of the EZ PLC Editor Versions 1.8.41 and prior. EZ PLC Editor Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. EZAutomation EZ PLC Editor is a PLC (Programmable Logic Controller) programming software from EZAutomation. A buffer overflow vulnerability exists in EZAutomation EZ PLC Editor 1.8.41 and earlier. An attacker could exploit the vulnerability to damage memory and execute code with the application privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-1004",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ez plc editor",
"scope": "lte",
"trust": 1.0,
"vendor": "ezautomation",
"version": "1.8.41"
},
{
"model": "plc editor",
"scope": "lte",
"trust": 0.8,
"vendor": "ez automation",
"version": "1.8.41"
},
{
"model": "ez plc editor",
"scope": "lte",
"trust": 0.6,
"vendor": "ezautomation",
"version": "\u003c=1.8.41"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ez plc editor",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "0b5908ca-54e0-46c9-9ec7-b4a9ee8ee07f"
},
{
"db": "CNVD",
"id": "CNVD-2019-31237"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008769"
},
{
"db": "NVD",
"id": "CVE-2019-13522"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ezautomation:ez_plc_editor",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008769"
}
]
},
"cve": "CVE-2019-13522",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-13522",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2019-31237",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "0b5908ca-54e0-46c9-9ec7-b4a9ee8ee07f",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-13522",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-13522",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-13522",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-13522",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-31237",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-070",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "0b5908ca-54e0-46c9-9ec7-b4a9ee8ee07f",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "0b5908ca-54e0-46c9-9ec7-b4a9ee8ee07f"
},
{
"db": "CNVD",
"id": "CNVD-2019-31237"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008769"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-070"
},
{
"db": "NVD",
"id": "CVE-2019-13522"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An attacker could use a specially crafted project file to corrupt the memory and execute code under the privileges of the EZ PLC Editor Versions 1.8.41 and prior. EZ PLC Editor Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. EZAutomation EZ PLC Editor is a PLC (Programmable Logic Controller) programming software from EZAutomation. A buffer overflow vulnerability exists in EZAutomation EZ PLC Editor 1.8.41 and earlier. An attacker could exploit the vulnerability to damage memory and execute code with the application privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13522"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008769"
},
{
"db": "CNVD",
"id": "CNVD-2019-31237"
},
{
"db": "IVD",
"id": "0b5908ca-54e0-46c9-9ec7-b4a9ee8ee07f"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-13522",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-19-246-02",
"trust": 3.0
},
{
"db": "AUSCERT",
"id": "ESB-2019.3346",
"trust": 1.2
},
{
"db": "CNVD",
"id": "CNVD-2019-31237",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201909-070",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008769",
"trust": 0.8
},
{
"db": "IVD",
"id": "0B5908CA-54E0-46C9-9EC7-B4A9EE8EE07F",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "0b5908ca-54e0-46c9-9ec7-b4a9ee8ee07f"
},
{
"db": "CNVD",
"id": "CNVD-2019-31237"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008769"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-070"
},
{
"db": "NVD",
"id": "CVE-2019-13522"
}
]
},
"id": "VAR-201909-1004",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "0b5908ca-54e0-46c9-9ec7-b4a9ee8ee07f"
},
{
"db": "CNVD",
"id": "CNVD-2019-31237"
}
],
"trust": 1.55
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "0b5908ca-54e0-46c9-9ec7-b4a9ee8ee07f"
},
{
"db": "CNVD",
"id": "CNVD-2019-31237"
}
]
},
"last_update_date": "2024-11-23T22:55:26.701000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.ezautomation.net/tutorial/index.html"
},
{
"title": "Patch for EZAutomation EZ PLC Editor Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/180205"
},
{
"title": "EZAutomation EZ PLC Editor Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97834"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-31237"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008769"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-070"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
},
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008769"
},
{
"db": "NVD",
"id": "CVE-2019-13522"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-246-02"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13522"
},
{
"trust": 1.2,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3346/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13522"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-31237"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008769"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-070"
},
{
"db": "NVD",
"id": "CVE-2019-13522"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "0b5908ca-54e0-46c9-9ec7-b4a9ee8ee07f"
},
{
"db": "CNVD",
"id": "CNVD-2019-31237"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008769"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-070"
},
{
"db": "NVD",
"id": "CVE-2019-13522"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-12T00:00:00",
"db": "IVD",
"id": "0b5908ca-54e0-46c9-9ec7-b4a9ee8ee07f"
},
{
"date": "2019-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-31237"
},
{
"date": "2019-09-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008769"
},
{
"date": "2019-09-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-070"
},
{
"date": "2019-09-04T15:15:10.933000",
"db": "NVD",
"id": "CVE-2019-13522"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-31237"
},
{
"date": "2019-09-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008769"
},
{
"date": "2020-10-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-070"
},
{
"date": "2024-11-21T04:25:04.093000",
"db": "NVD",
"id": "CVE-2019-13522"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-070"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "EZAutomation EZ PLC Editor Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "0b5908ca-54e0-46c9-9ec7-b4a9ee8ee07f"
},
{
"db": "CNVD",
"id": "CNVD-2019-31237"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "0b5908ca-54e0-46c9-9ec7-b4a9ee8ee07f"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-070"
}
],
"trust": 0.8
}
}
VAR-201909-1003
Vulnerability from variot - Updated: 2024-11-23 21:36An attacker could use a specially crafted project file to overflow the buffer and execute code under the privileges of the EZ Touch Editor Versions 2.1.0 and prior. EZ Touch Editor Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. EZAutomation EZ Touch Editor is a set of HMI (Human Machine Interface) programming software from EZAutomation, USA
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-1003",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ez touch editor",
"scope": "lte",
"trust": 1.0,
"vendor": "ezautomation",
"version": "2.1.0"
},
{
"model": "touch editor",
"scope": "lte",
"trust": 0.8,
"vendor": "ez automation",
"version": "2.1.0"
},
{
"model": "ez touch editor",
"scope": "lte",
"trust": 0.6,
"vendor": "ezautomation",
"version": "\u003c=2.1.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15273"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008873"
},
{
"db": "NVD",
"id": "CVE-2019-13518"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ezautomation:ez_touch_editor",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008873"
}
]
},
"cve": "CVE-2019-13518",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-13518",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-15273",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-13518",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-13518",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-13518",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-15273",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-064",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15273"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008873"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-064"
},
{
"db": "NVD",
"id": "CVE-2019-13518"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An attacker could use a specially crafted project file to overflow the buffer and execute code under the privileges of the EZ Touch Editor Versions 2.1.0 and prior. EZ Touch Editor Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. EZAutomation EZ Touch Editor is a set of HMI (Human Machine Interface) programming software from EZAutomation, USA",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13518"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008873"
},
{
"db": "CNVD",
"id": "CNVD-2020-15273"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-19-246-01",
"trust": 3.0
},
{
"db": "NVD",
"id": "CVE-2019-13518",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008873",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-15273",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3345",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201909-064",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15273"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008873"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-064"
},
{
"db": "NVD",
"id": "CVE-2019-13518"
}
]
},
"id": "VAR-201909-1003",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15273"
}
],
"trust": 1.35
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15273"
}
]
},
"last_update_date": "2024-11-23T21:36:53.128000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.ezautomation.net/index.htm"
},
{
"title": "Patch for EZAutomation EZ Touch Editor Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/206823"
},
{
"title": "EZAutomation EZ Touch Editor Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97828"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15273"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008873"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-064"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
},
{
"problemtype": "CWE-121",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008873"
},
{
"db": "NVD",
"id": "CVE-2019-13518"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-246-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13518"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13518"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3345/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15273"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008873"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-064"
},
{
"db": "NVD",
"id": "CVE-2019-13518"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-15273"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008873"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-064"
},
{
"db": "NVD",
"id": "CVE-2019-13518"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-15273"
},
{
"date": "2019-09-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008873"
},
{
"date": "2019-09-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-064"
},
{
"date": "2019-09-04T15:15:10.853000",
"db": "NVD",
"id": "CVE-2019-13518"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-15273"
},
{
"date": "2019-09-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008873"
},
{
"date": "2019-09-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-064"
},
{
"date": "2024-11-21T04:25:03.540000",
"db": "NVD",
"id": "CVE-2019-13518"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-064"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "EZ Touch Editor Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008873"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-064"
}
],
"trust": 0.6
}
}
CVE-2019-13522 (GCVE-0-2019-13522)
Vulnerability from nvd – Published: 2019-09-04 14:29 – Updated: 2024-08-04 23:57
VLAI
Summary
An attacker could use a specially crafted project file to corrupt the memory and execute code under the privileges of the EZ PLC Editor Versions 1.8.41 and prior.
Severity
No CVSS data available.
CWE
- CWE-119 - IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-19-246-02 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | EZ PLC Editor |
Affected:
Versions 1.8.41 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:57:39.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-246-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EZ PLC Editor",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions 1.8.41 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An attacker could use a specially crafted project file to corrupt the memory and execute code under the privileges of the EZ PLC Editor Versions 1.8.41 and prior."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-04T14:29:00.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-246-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-13522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EZ PLC Editor",
"version": {
"version_data": [
{
"version_value": "Versions 1.8.41 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker could use a specially crafted project file to corrupt the memory and execute code under the privileges of the EZ PLC Editor Versions 1.8.41 and prior."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-246-02",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-246-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-13522",
"datePublished": "2019-09-04T14:29:00.000Z",
"dateReserved": "2019-07-11T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:57:39.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13518 (GCVE-0-2019-13518)
Vulnerability from nvd – Published: 2019-09-04 14:40 – Updated: 2024-08-04 23:57
VLAI
Summary
An attacker could use a specially crafted project file to overflow the buffer and execute code under the privileges of the EZ Touch Editor Versions 2.1.0 and prior.
Severity
No CVSS data available.
CWE
- CWE-121 - STACK-BASED BUFFER OVERFLOW CWE-121
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-19-246-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | EZ Touch Editor |
Affected:
Versions 2.1.0 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:57:39.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-246-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EZ Touch Editor",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions 2.1.0 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An attacker could use a specially crafted project file to overflow the buffer and execute code under the privileges of the EZ Touch Editor Versions 2.1.0 and prior."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "STACK-BASED BUFFER OVERFLOW CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-04T14:40:56.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-246-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-13518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EZ Touch Editor",
"version": {
"version_data": [
{
"version_value": "Versions 2.1.0 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker could use a specially crafted project file to overflow the buffer and execute code under the privileges of the EZ Touch Editor Versions 2.1.0 and prior."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "STACK-BASED BUFFER OVERFLOW CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-246-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-246-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-13518",
"datePublished": "2019-09-04T14:40:56.000Z",
"dateReserved": "2019-07-11T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:57:39.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13518 (GCVE-0-2019-13518)
Vulnerability from cvelistv5 – Published: 2019-09-04 14:40 – Updated: 2024-08-04 23:57
VLAI
Summary
An attacker could use a specially crafted project file to overflow the buffer and execute code under the privileges of the EZ Touch Editor Versions 2.1.0 and prior.
Severity
No CVSS data available.
CWE
- CWE-121 - STACK-BASED BUFFER OVERFLOW CWE-121
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-19-246-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | EZ Touch Editor |
Affected:
Versions 2.1.0 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:57:39.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-246-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EZ Touch Editor",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions 2.1.0 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An attacker could use a specially crafted project file to overflow the buffer and execute code under the privileges of the EZ Touch Editor Versions 2.1.0 and prior."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "STACK-BASED BUFFER OVERFLOW CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-04T14:40:56.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-246-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-13518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EZ Touch Editor",
"version": {
"version_data": [
{
"version_value": "Versions 2.1.0 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker could use a specially crafted project file to overflow the buffer and execute code under the privileges of the EZ Touch Editor Versions 2.1.0 and prior."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "STACK-BASED BUFFER OVERFLOW CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-246-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-246-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-13518",
"datePublished": "2019-09-04T14:40:56.000Z",
"dateReserved": "2019-07-11T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:57:39.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13522 (GCVE-0-2019-13522)
Vulnerability from cvelistv5 – Published: 2019-09-04 14:29 – Updated: 2024-08-04 23:57
VLAI
Summary
An attacker could use a specially crafted project file to corrupt the memory and execute code under the privileges of the EZ PLC Editor Versions 1.8.41 and prior.
Severity
No CVSS data available.
CWE
- CWE-119 - IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-19-246-02 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | EZ PLC Editor |
Affected:
Versions 1.8.41 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:57:39.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-246-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EZ PLC Editor",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions 1.8.41 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An attacker could use a specially crafted project file to corrupt the memory and execute code under the privileges of the EZ PLC Editor Versions 1.8.41 and prior."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-04T14:29:00.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-246-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-13522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EZ PLC Editor",
"version": {
"version_data": [
{
"version_value": "Versions 1.8.41 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker could use a specially crafted project file to corrupt the memory and execute code under the privileges of the EZ PLC Editor Versions 1.8.41 and prior."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-246-02",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-246-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-13522",
"datePublished": "2019-09-04T14:29:00.000Z",
"dateReserved": "2019-07-11T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:57:39.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}