Information from Edgecross Consortium
Vulnerability ID:JVNVU#92857077
Title:Multiple vulnerabilities in Edgecross Basic Software for Windows
Status:Vulnerable
This is a statement from the vendor itself with no modification by JPCERT/CC.
[[[ Overview ]]]
The following Windows version of the Edgecross basic software contains multiple vulnerabilities.
- Edgecross Basic Software for Windows ECP-BS1-W versioin 1.00 and earlier
[[[ Description ]]]
Edgecross Basic Software for Windows provided by Edgecross Consortium contains multiple vulnerabilities listed below.
- CVE-2022-0778 (OpenSSL)
- CVE-2022-29862、CVE-2022-29864 (OPC UA .NET Standard Stack)
[[[ Impact ]]]
Successful exploitation of these vulnerabilities could allow an attacker to execute a malicious program on the system, which may lead to information disclosure, tampering of information, or a denial-of-service (DoS) condition.
[[[ Solution ]]]
Applying the following workaround may mitigate the impacts of these vulnerabilities.
[CVE-2024-4229]
- Install the product with the default installation folder or specify a folder which only an administrative user specifiies/changes
[CVE-2024-4230]
- When specifying a program using the program execution feedback settings of the real-time flow designer, specify a trusted file only
[CVE-2024-4229, CVE-2024-4230]
- When connecting the PC that uses the product to the Internet, protect unauthorized access with a firewall or virtual private network (VPN), etc., and only allow remote logins from trusted users
- Use the PC that uses the product within a LAN, and block remote logins from untrusted networks, hosts, and users
- Do not open untrusted files (especially project files) nor click untrusted links
