SB2022090138 - Multiple vulnerabilities in Hitachi Energy MSM Product
Published: September 1, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 13 secuirty vulnerabilities.
1) Double Free (CVE-ID: CVE-2016-8618)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.
2) Improper Authentication (CVE-ID: CVE-2014-0138)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015.
3) Heap-based buffer overflow (CVE-ID: CVE-2013-2174)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the "curl_easy_unescape" function. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Out-of-bounds read (CVE-ID: CVE-2014-3707)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the "curl_easy_duphandle" function. A remote attacker can trigger out-of-bounds read error and read contents of memory on the system.
5) Arbitrary code execution (CVE-ID: CVE-2016-7167)
The vulnerability exposes a remote user's possibility to cause arbitrary code execution on the target system.The weakness exists due to integer overflow. Using of specially crafted length parameter value to certain libcurl functions allows attackers to obtain potentially sensitive information and execute arbitrary code.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
6) Out-of-bounds read (CVE-ID: CVE-2016-8621)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.
7) Double Free (CVE-ID: CVE-2016-8619)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.
8) Out-of-bounds write (CVE-ID: CVE-2016-8617)
The vulnerability allows a local authenticated user to execute arbitrary code.
The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.
9) Buffer overflow (CVE-ID: CVE-2016-9586)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.
10) Heap-based buffer overflow (CVE-ID: CVE-2018-16842)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to heap-based buffer over-read in the tool_msgs.c:voutf() function. A remote unauthenticated attacker can specially crafted data, trigger memory corruption to read back out-of-buffer data and cause the service to crash.
11) Stored cross-site scripting (CVE-ID: CVE-2011-4273)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the "group" parameter of addgroup.asp, "url" parameter of addlimit.asp and "adduser.asp" User ID parameter. A remote attacker can inject arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
12) Cross-site scripting (CVE-ID: CVE-2016-7103)
Vulnerability allows a remote attacker to perform XSS attacks.
The vulnerability is caused by an input validation error in jQuery UI before 1.12.0. A remote authenticated attacker can trick the victim to follow a specially specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
13) Cross-site scripting (CVE-ID: CVE-2015-6584)
Vulnerability allows a remote attacker to perform XSS attacks.
The vulnerability is caused by an input validation error in the DataTables plugin for jQuery when processing scripts parameter to media/unit_testing/templates/6776.php. A remote attacker can trick the victim to follow a specially specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.