Published:2022/10/18 Last Updated:2022/10/18
JVNVU#99955870
Stack-based buffer overflow vulnerability in Yokogawa Test & Measurement WTViewerE
Overview
WTViewerE provided by Yokogawa Test & Measurement Corporation contains a stack-based buffer overflow vulnerability.
Products Affected
- WTViewerE 761941
- from 1.31 to 1.61
- WTViewerEfree
- from 1.01 to 1.52
Description
WTViewerE provided by Yokogawa Test & Measurement Corporation contains a stack-based buffer overflow vulnerability (CWE-121).
Impact
Processing a long file name may cause the product to crash.
Solution
Update the software
Update the software to the latest version according to the information provided by the developer.
The developer has released the versions below that contain a fix for this vulnerability
- WTViewerE 761941
- 1.62
- WTViewerEfree
- 1.53
Vendor Status
| Vendor | Link |
| Yokogawa Test & Measurement Corporation | KSR-PSIRT-Q005: Vulnerability in YOKOGAWA application software WTViewerE |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
CVSS v3
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Base Score:
5.3
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
Comment
This analysis assumes that the user is led to input a long filename to the affected product.
Credit
Michael Heinzl reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2022-40984 |
| JVN iPedia |
|