CVE-2018-0651
high-risk
Published 2019-01-09
Buffer overflow in the license management function of YOKOGAWA products (iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earlier) allows remote attackers to stop the license management function or execute an arbitrary program via unspecified vectors.
Do I need to act?
~
3.4% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (5)
Idefine For Prosafe-Rs Firmware
Stardom Versatile Data Server Firmware
Stardom Fcn\/Fcj Simulator Firmware
Astplanner
Trifellows
Affected Vendors
References (6)
Third Party Advisory
http://www.securityfocus.com/bid/105124
Third Party Advisory
https://jvn.jp/vu/JVNVU93845358/
Vendor Advisory
https://web-material3.yokogawa.com/YSAR-18-0006-E.pdf
Third Party Advisory
http://www.securityfocus.com/bid/105124
Third Party Advisory
https://jvn.jp/vu/JVNVU93845358/
Vendor Advisory
https://web-material3.yokogawa.com/YSAR-18-0006-E.pdf
51
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
7/34 · Low
Exposure
12/34 · Low