Information from Edgecross Consortium
Vulnerability ID:JVNVU#98954443
Title:Multiple vulnerabilities in Edgecross Basic Software for Windows
Status:Vulnerable
This is a statement from the vendor itself with no modification by JPCERT/CC.
[[[ Overview ]]]
The following Windows version of the Edgecross basic software contains multiple vulnerabilities.
[CVE-2023-0286]
- Edgecross Basic Software for Windows ECP-BS1-W versions from 1.10 to 1.28
[CVE-2022-4304]
- Edgecross Basic Software for Windows ECP-BS1-W versions from 1.00 to 1.28
[CVE-2018-25032]
- Edgecross Basic Software for Windows ECP-BS1-W versions from 1.20 to 1.28
[[[ Description ]]]
Edgecross Basic Software for Windows provided by Edgecross Consortium contains third-party components.
Edgecross Basic Software for Windows is affected by the vulnerabilities existed in the components listed below.
- CVE-2023-0286、CVE-2022-4304 (OpenSSL)
- CVE-2018-25032 (zlib)
[[[ Impact ]]]
Exporting specially crafted configuration files or sending specially crafted packets may lead to a denial-of-service
(DoS) condition or information disclosure.
[[[ Solution ]]]
A version that fixes this vulnerability has been released, so please update to the latest version.
For inquiries regarding the updated version, please contact Mitsubishi Electric Corporation's technical support desk at the following address.
- <Support Desk (E-mail Address)> iQ-Edgecross-Nagoya@pd.MitsubishiElectric.co.jp
