Published:2022/10/18  Last Updated:2022/10/18

JVNVU#99955870
Stack-based buffer overflow vulnerability in Yokogawa Test & Measurement WTViewerE

Overview

WTViewerE provided by Yokogawa Test & Measurement Corporation contains a stack-based buffer overflow vulnerability.

Products Affected

  • WTViewerE 761941
    • from 1.31 to 1.61
  • WTViewerEfree
    • from 1.01 to 1.52
For more information, refer to the information provided by the developer.

Description

WTViewerE provided by Yokogawa Test & Measurement Corporation contains a stack-based buffer overflow vulnerability (CWE-121).

Impact

Processing a long file name may cause the product to crash.

Solution

Update the software
Update the software to the latest version according to the information provided by the developer.
The developer has released the versions below that contain a fix for this vulnerability

  • WTViewerE 761941
    • 1.62
  • WTViewerEfree
    • 1.53

Vendor Status

Vendor Link
Yokogawa Test & Measurement Corporation KSR-PSIRT-Q005: Vulnerability in YOKOGAWA application software WTViewerE

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Base Score: 5.3
Attack Vector(AV) Physical (P) Local (L) Adjacent (A) Network (N)
Attack Complexity(AC) High (H) Low (L)
Privileges Required(PR) High (H) Low (L) None (N)
User Interaction(UI) Required (R) None (N)
Scope(S) Unchanged (U) Changed (C)
Confidentiality Impact(C) None (N) Low (L) High (H)
Integrity Impact(I) None (N) Low (L) High (H)
Availability Impact(A) None (N) Low (L) High (H)

Comment

This analysis assumes that the user is led to input a long filename to the affected product.

Credit

Michael Heinzl reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2022-40984
JVN iPedia