JVNVU#92857077
Multiple vulnerabilities in Edgecross Basic Software for Windows

Overview

Edgecross Basic Software for Windows provided by Edgecross Consortium contains multiple vulnerabilities.

Products Affected

• Edgecross Basic Software for Windows ECP-BS1-W versioin 1.00 and earlier
• Edgecross Basic Software for Developers ECP-BS1-W-D version 1.00 and earlier

Description

Edgecross Basic Software for Windows provided by Edgecross Consortium contains multiple vulnerabilities listed below.

• Incorrect default permissions (CWE-276) - CVE-2024-4229
• External control of file name or path (CWE-73) - CVE-2024-4230

Impact

Successful exploitation of these vulnerabilities could allow an attacker to execute a malicious program on the system, which may lead to information disclosure, tampering of information, or a denial-of-service (DoS) condition.

Solution

Apply the Workaround
Applying the following workaround may mitigate the impacts of these vulnerabilities.

• CVE-2024-4229
  • Install the product with the default installation folder or specify a folder which only an administrative user specifiies/changes
• CVE-2024-4230
  • When specifying a program using the program execution feedback settings of the real-time flow designer, specify a trusted file only
• CVE-2024-4229, CVE-2024-4230
  • When connecting the PC that uses the product to the Internet, protect unauthorized access with a firewall or virtual private network (VPN), etc., and only allow remote logins from trusted users
  • Use the PC that uses the product within a LAN, and block remote logins from untrusted networks, hosts, and users
  • Do not open untrusted files (especially project files) nor click untrusted links