CVE-2019-13520
Fuji Electric Alpha5 WPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple buffer overflow issues have been identified in Alpha5 Smart Loader: All versions prior to 4.2. An attacker could use specially crafted project files to overflow the buffer and execute code under the privileges of the application.
Se han identificado varios problemas de desbordamiento de búfer en Alpha5 Smart Loader: Todas las versiones anteriores a 4.2. Un atacante podría usar archivos de proyecto especialmente diseñados para desbordar el búfer y ejecutar código bajo los privilegios de la aplicación.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Alpha5. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of WPA files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-07-11 CVE Reserved
- 2019-08-20 CVE Published
- 2024-08-04 CVE Updated
- 2024-10-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-121: Stack-based Buffer Overflow
- CWE-787: Out-of-bounds Write
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://www.us-cert.gov/ics/advisories/icsa-19-227-02 | Mitigation | |
https://www.zerodayinitiative.com/advisories/ZDI-19-798 | Third Party Advisory | |
https://www.zerodayinitiative.com/advisories/ZDI-19-820 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Fujielectric Search vendor "Fujielectric" | Alpha5 Smart Loader Firmware Search vendor "Fujielectric" for product "Alpha5 Smart Loader Firmware" | < 4.2 Search vendor "Fujielectric" for product "Alpha5 Smart Loader Firmware" and version " < 4.2" | - |
Affected
| in | Fujielectric Search vendor "Fujielectric" | Alpha5 Smart Loader Search vendor "Fujielectric" for product "Alpha5 Smart Loader" | - | - |
Safe
|