Lucene search

IcscertCVELIST:CVE-2020-16232

HistoryMar 18, 2022 - 6:00 p.m.

CVE-2020-16232 Yokogawa WideField3 Buffer Copy Without Checking Size of Input

2022-03-1818:00:29

CWE-120

icscert

www.cve.org

yokogawa widefield3

buffer overflow

security vulnerability

CVSS3

2.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

AI Score

9.7

Confidence

High

EPSS

0.002

Percentile

59.5%

JSON

In Yokogawa WideField3 R1.01 - R4.03, a buffer overflow could be caused when a user loads a maliciously crafted project file.

CNA Affected

[
  {
    "product": "WideField3",
    "vendor": "Yokogawa",
    "versions": [
      {
        "lessThanOrEqual": "R4.03",
        "status": "affected",
        "version": "R1.01",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/uscert/ics/advisories/icsa-20-273-02

www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/

CVSS3

2.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

AI Score

9.7

Confidence

High

EPSS

0.002

Percentile

59.5%

JSON

Related for CVELIST:CVE-2020-16232