Multiple vulnerabilities in Hitachi Energy MSM Product
| Risk | High |
| Patch available | NO |
| Number of vulnerabilities | 13 |
| CVE-ID | CVE-2016-8618 CVE-2014-0138 CVE-2013-2174 CVE-2014-3707 CVE-2016-7167 CVE-2016-8621 CVE-2016-8619 CVE-2016-8617 CVE-2016-9586 CVE-2018-16842 CVE-2011-4273 CVE-2016-7103 CVE-2015-6584 |
| CWE-ID | CWE-415 CWE-287 CWE-122 CWE-125 CWE-191 CWE-787 CWE-119 CWE-79 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #11 is available. |
| Vulnerable software Subscribe |
Modular Switchgear Monitoring (MSM) Hardware solutions / Other hardware appliances |
| Vendor | Hitachi Energy |
Security Bulletin
This security bulletin contains information about 13 vulnerabilities.
1) Double Free
EUVDB-ID: #VU33017
Risk: High
CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2016-8618
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsModular Switchgear Monitoring (MSM): 2.2
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-22-242-03
http://search.abb.com/library/Download.aspx?DocumentID=8DBD000086
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Authentication
EUVDB-ID: #VU32552
Risk: Medium
CVSSv3.1: 6 [CVSS:3.1/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2014-0138
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsModular Switchgear Monitoring (MSM): 2.2
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-22-242-03
http://search.abb.com/library/Download.aspx?DocumentID=8DBD000086
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Heap-based buffer overflow
EUVDB-ID: #VU66916
Risk: High
CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2013-2174
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the "curl_easy_unescape" function. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsModular Switchgear Monitoring (MSM): 2.2
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-22-242-03
http://search.abb.com/library/Download.aspx?DocumentID=8DBD000086
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU66915
Risk: Medium
CVSSv3.1: 6.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2014-3707
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the "curl_easy_duphandle" function. A remote attacker can trigger out-of-bounds read error and read contents of memory on the system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsModular Switchgear Monitoring (MSM): 2.2
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-22-242-03
http://search.abb.com/library/Download.aspx?DocumentID=8DBD000086
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Arbitrary code execution
EUVDB-ID: #VU655
Risk: High
CVSSv3.1: 9.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2016-7167
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability exposes a remote user's possibility to cause arbitrary code execution on the target system.
The weakness exists due to integer overflow. Using of specially crafted length parameter value to certain libcurl functions allows attackers to obtain potentially sensitive information and execute arbitrary code.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsModular Switchgear Monitoring (MSM): 2.2
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-22-242-03
http://search.abb.com/library/Download.aspx?DocumentID=8DBD000086
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds read
EUVDB-ID: #VU33020
Risk: Medium
CVSSv3.1: 6.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2016-8621
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsModular Switchgear Monitoring (MSM): 2.2
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-22-242-03
http://search.abb.com/library/Download.aspx?DocumentID=8DBD000086
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Double Free
EUVDB-ID: #VU33018
Risk: High
CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2016-8619
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsModular Switchgear Monitoring (MSM): 2.2
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-22-242-03
http://search.abb.com/library/Download.aspx?DocumentID=8DBD000086
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Out-of-bounds write
EUVDB-ID: #VU33012
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2016-8617
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to execute arbitrary code.
The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsModular Switchgear Monitoring (MSM): 2.2
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-22-242-03
http://search.abb.com/library/Download.aspx?DocumentID=8DBD000086
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Buffer overflow
EUVDB-ID: #VU33022
Risk: High
CVSSv3.1: 7.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2016-9586
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsModular Switchgear Monitoring (MSM): 2.2
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-22-242-03
http://search.abb.com/library/Download.aspx?DocumentID=8DBD000086
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Heap-based buffer overflow
EUVDB-ID: #VU15673
Risk: Low
CVSSv3.1: 6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:U/RC:C]
CVE-ID: CVE-2018-16842
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to heap-based buffer over-read in the tool_msgs.c:voutf() function. A remote unauthenticated attacker can specially crafted data, trigger memory corruption to read back out-of-buffer data and cause the service to crash.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsModular Switchgear Monitoring (MSM): 2.2
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-22-242-03
http://search.abb.com/library/Download.aspx?DocumentID=8DBD000086
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Stored cross-site scripting
EUVDB-ID: #VU66914
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:P/RL:U/RC:C]
CVE-ID: CVE-2011-4273
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: Yes
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the "group" parameter of addgroup.asp, "url" parameter of addlimit.asp and "adduser.asp" User ID parameter. A remote attacker can inject arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsModular Switchgear Monitoring (MSM): 2.2
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-22-242-03
http://search.abb.com/library/Download.aspx?DocumentID=8DBD000086
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
12) Cross-site scripting
EUVDB-ID: #VU7277
Risk: Low
CVSSv3.1: 5.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2016-7103
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionVulnerability allows a remote attacker to perform XSS attacks.
The vulnerability is caused by an input validation error in jQuery UI before 1.12.0. A remote authenticated attacker can trick the victim to follow a specially specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsModular Switchgear Monitoring (MSM): 2.2
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-22-242-03
http://search.abb.com/library/Download.aspx?DocumentID=8DBD000086
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Cross-site scripting
EUVDB-ID: #VU8436
Risk: Low
CVSSv3.1: 5.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2015-6584
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionVulnerability allows a remote attacker to perform XSS attacks.
The vulnerability is caused by an input validation error in the DataTables plugin for jQuery when processing scripts parameter to media/unit_testing/templates/6776.php. A remote attacker can trick the victim to follow a specially specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsModular Switchgear Monitoring (MSM): 2.2
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-22-242-03
http://search.abb.com/library/Download.aspx?DocumentID=8DBD000086
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
