Multiple vulnerabilities in TeamViewer bundled with Omron CX-Supervisor
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2010-3128 CVE-2018-14333 CVE-2019-11769 CVE-2018-16550 |
| CWE-ID | CWE-426 CWE-200 CWE-522 CWE-799 CWE-477 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #3 is available. |
| Vulnerable software Subscribe |
CX-Supervisor Server applications / Frameworks for developing and running applications |
| Vendor | Omron |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Untrusted search path
EUVDB-ID: #VU22570
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2010-3128
CWE-ID:
CWE-426 - Untrusted Search Path
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to execute arbitrary code on the target system.
The vulnerability exists due to executed malicious .dll file passed via untrusted search path. A local attacker, and possibly remote attacker can execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .tvs or .tvc file.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCX-Supervisor: 3.2.0 - 3.5.0
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-19-309-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Information disclosure
EUVDB-ID: #VU14011
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-14333
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists due to storing of a password in Unicode format within TeamViewer.exe process memory between "[00 88] and "[00 00 00]" delimiters. A remote attacker can leverage an unattended workstation on which TeamViewer has disconnected but remains running and access arbitrary data.
MitigationInstall update from vendor's website.
Vulnerable software versionsCX-Supervisor: 3.2.0 - 3.5.0
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-19-309-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Insufficiently protected credentials
EUVDB-ID: #VU22560
Risk: Low
CVSSv3.1: 7.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-11769
CWE-ID:
CWE-522 - Insufficiently Protected Credentials
Exploit availability: No
Description
Mitigation
Install updates from vendor's website.
Vulnerable software versionsCX-Supervisor: 3.2.0 - 3.5.0
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-19-309-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Improper control of interaction frequency
EUVDB-ID: #VU22562
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-16550
CWE-ID:
CWE-799 - Improper Control of Interaction Frequency
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a brute-force attack on the target system.
The vulnerability exists due to the application does not implement sufficient measures to prevent multiple failed authentication attempts. A remote attacker can bypass the brute-force authentication protection mechanism by skipping the "Cancel" step, which makes it easier to determine the correct value of the default 4-digit PIN.
Note: This vulnerability affects TeamViewer versions 10.x through 13.x. Install updates from vendor's website.
Vulnerable software versionsCX-Supervisor: 3.2.0 - 3.5.0
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-19-309-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use of Obsolete Function
EUVDB-ID: #VU22571
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-477 - Use of Obsolete Function
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the code uses deprecated or obsolete functions, which suggests that the code has not been actively reviewed or maintained. A remote attacker can execute arbitrary code on the target system.
Successful exploitation of this vulnerability could result in information disclosure, total compromise of the system, and system unavailability.
Install updates from vendor's website.
Vulnerable software versionsCX-Supervisor: 3.2.0 - 3.5.0
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-19-309-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
