Multiple vulnerabilities in IDEC Operator Interfaces products



Published: 2024-08-30
Risk High
Patch available YES
Number of vulnerabilities 12
CVE-ID CVE-2020-11908
CVE-2020-11914
CVE-2020-11912
CVE-2020-11911
CVE-2020-11910
CVE-2020-11909
CVE-2020-11907
CVE-2020-11906
CVE-2020-11904
CVE-2020-11903
CVE-2020-11901
CVE-2019-12264
CWE-ID CWE-170
CWE-20
CWE-284
CWE-200
CWE-130
CWE-190
CWE-125
CWE-440
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		HG1P
Hardware solutions / Firmware

HG1G
Hardware solutions / Firmware

HG2G-5T
Hardware solutions / Firmware

HG2G-5F
Hardware solutions / Firmware

HG3G
Hardware solutions / Firmware

HG4G
Hardware solutions / Firmware

HG2G-V
Hardware solutions / Firmware

HG3G-V
Hardware solutions / Firmware

HG4G-V
Hardware solutions / Firmware

HG5G-V
Hardware solutions / Firmware

Vendor IDEC Corporation

Security Bulletin

This security bulletin contains information about 12 vulnerabilities.

1) Improper Null Termination

EUVDB-ID: #VU29101

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-11908

CWE-ID: CWE-170 - Improper Null Termination

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to improper null termination in DHCP component. A remote attacker on the local network can send a specially crafted packet and gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

HG1P: 4.85

HG1G: 4.85

HG2G-5T: 4.85

HG2G-5F: 4.85

HG3G: 4.85

HG4G: 4.85

HG2G-V: 4.85

HG3G-V: 4.85

HG4G-V: 4.85

HG5G-V: 4.85

External links

http://jvn.jp/en/vu/JVNVU96242582/index.html
http://us.idec.com/media/24-RD-0300-EN.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU29114

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-11914

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in ARP component. A remote attacker on the local network can send a specially crafted packet, trigger out-of-bounds read and read contents of memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

HG1P: 4.85

HG1G: 4.85

HG2G-5T: 4.85

HG2G-5F: 4.85

HG3G: 4.85

HG4G: 4.85

HG2G-V: 4.85

HG3G-V: 4.85

HG4G-V: 4.85

HG5G-V: 4.85

External links

http://jvn.jp/en/vu/JVNVU96242582/index.html
http://us.idec.com/media/24-RD-0300-EN.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

EUVDB-ID: #VU29106

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-11912

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in TCP component. A remote attacker on the local network can send a specially crafted packet, trigger out-of-bounds read and cause a denial of service condition on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

HG1P: 4.85

HG1G: 4.85

HG2G-5T: 4.85

HG2G-5F: 4.85

HG3G: 4.85

HG4G: 4.85

HG2G-V: 4.85

HG3G-V: 4.85

HG4G-V: 4.85

HG5G-V: 4.85

External links

http://jvn.jp/en/vu/JVNVU96242582/index.html
http://us.idec.com/media/24-RD-0300-EN.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper access control

EUVDB-ID: #VU29104

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-11911

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote attacker can bypass implemented security restrictions and change one specific configuration value.

Mitigation

Install update from vendor's website.

Vulnerable software versions

HG1P: 4.85

HG1G: 4.85

HG2G-5T: 4.85

HG2G-5F: 4.85

HG3G: 4.85

HG4G: 4.85

HG2G-V: 4.85

HG3G-V: 4.85

HG4G-V: 4.85

HG5G-V: 4.85

External links

http://jvn.jp/en/vu/JVNVU96242582/index.html
http://us.idec.com/media/24-RD-0300-EN.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Input validation error

EUVDB-ID: #VU29103

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-11910

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in ICMPv4 component . A remote attacker can send a specially crafted packet, trigger out-of-bounds read and read contents of memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

HG1P: 4.85

HG1G: 4.85

HG2G-5T: 4.85

HG2G-5F: 4.85

HG3G: 4.85

HG4G: 4.85

HG2G-V: 4.85

HG3G-V: 4.85

HG4G-V: 4.85

HG5G-V: 4.85

External links

http://jvn.jp/en/vu/JVNVU96242582/index.html
http://us.idec.com/media/24-RD-0300-EN.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Information disclosure

EUVDB-ID: #VU29102

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-11909

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to improper input validation in IPv4 component. A remote attacker can send a specially crafted packet and gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

HG1P: 4.85

HG1G: 4.85

HG2G-5T: 4.85

HG2G-5F: 4.85

HG3G: 4.85

HG4G: 4.85

HG2G-V: 4.85

HG3G-V: 4.85

HG4G-V: 4.85

HG5G-V: 4.85

External links

http://jvn.jp/en/vu/JVNVU96242582/index.html
http://us.idec.com/media/24-RD-0300-EN.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper Handling of Length Parameter Inconsistency

EUVDB-ID: #VU29100

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-11907

CWE-ID: CWE-130 - Improper Handling of Length Parameter Inconsistency

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to improper handling of length parameter inconsistency in TCP component. A remote attacker on the local network can send a specially crafted packet and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

HG1P: 4.85

HG1G: 4.85

HG2G-5T: 4.85

HG2G-5F: 4.85

HG3G: 4.85

HG4G: 4.85

HG2G-V: 4.85

HG3G-V: 4.85

HG4G-V: 4.85

HG5G-V: 4.85

External links

http://jvn.jp/en/vu/JVNVU96242582/index.html
http://us.idec.com/media/24-RD-0300-EN.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Input validation error

EUVDB-ID: #VU29099

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-11906

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insufficient validation of user-supplied input in ethernet link layer component. A remote attacker on the local network can send a specially crafted packet and execute arbitrary code on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

HG1P: 4.85

HG1G: 4.85

HG2G-5T: 4.85

HG2G-5F: 4.85

HG3G: 4.85

HG4G: 4.85

HG2G-V: 4.85

HG3G-V: 4.85

HG4G-V: 4.85

HG5G-V: 4.85

External links

http://jvn.jp/en/vu/JVNVU96242582/index.html
http://us.idec.com/media/24-RD-0300-EN.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Integer overflow

EUVDB-ID: #VU29097

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-11904

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in memory allocation component. A remote attacker can send a specially crafted packet, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

HG1P: 4.85

HG1G: 4.85

HG2G-5T: 4.85

HG2G-5F: 4.85

HG3G: 4.85

HG4G: 4.85

HG2G-V: 4.85

HG3G-V: 4.85

HG4G-V: 4.85

HG5G-V: 4.85

External links

http://jvn.jp/en/vu/JVNVU96242582/index.html
http://us.idec.com/media/24-RD-0300-EN.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Out-of-bounds read

EUVDB-ID: #VU29096

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-11903

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in DHCP component. A remote attacker on the local network can send a specially crafted packet, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

HG1P: 4.85

HG1G: 4.85

HG2G-5T: 4.85

HG2G-5F: 4.85

HG3G: 4.85

HG4G: 4.85

HG2G-V: 4.85

HG3G-V: 4.85

HG4G-V: 4.85

HG5G-V: 4.85

External links

http://jvn.jp/en/vu/JVNVU96242582/index.html
http://us.idec.com/media/24-RD-0300-EN.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Input validation error

EUVDB-ID: #VU29094

Risk: High

CVSSv3.1: 7.8 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-11901

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to insufficient validation of user-supplied input in DNS resolver component. A remote attacker can send a specially crafted packet and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

HG1P: 4.85

HG1G: 4.85

HG2G-5T: 4.85

HG2G-5F: 4.85

HG3G: 4.85

HG4G: 4.85

HG2G-V: 4.85

HG3G-V: 4.85

HG4G-V: 4.85

HG5G-V: 4.85

External links

http://jvn.jp/en/vu/JVNVU96242582/index.html
http://us.idec.com/media/24-RD-0300-EN.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Expected behavior violation

EUVDB-ID: #VU19585

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-12264

CWE-ID: CWE-440 - Expected Behavior Violation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform denial of service (DoS) attack.

The vulnerability exists due to a logical flaw within the ipdhcpc DHCP client when processing broadcasted IP addresses. A remote attacker with control over DHCP server within the local network segment can assign multicast or broadcast addresses to the victim.

Mitigation

Install update from vendor's website.

Vulnerable software versions

HG1P: 4.85

HG1G: 4.85

HG2G-5T: 4.85

HG2G-5F: 4.85

HG3G: 4.85

HG4G: 4.85

HG2G-V: 4.85

HG3G-V: 4.85

HG4G-V: 4.85

HG5G-V: 4.85

External links

http://jvn.jp/en/vu/JVNVU96242582/index.html
http://us.idec.com/media/24-RD-0300-EN.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###