Heap Manipulation Vulnerability in Mitsubishi E-Designer Software
CVE-2017-9636

9.8CRITICAL

Key Information:

Vendor

Mitsubishi Electric Europe B.v.

Status
E-designer
Vendor
CVE Published:
17 April 2018

What is CVE-2017-9636?

Mitsubishi E-Designer, specifically Version 7.52 Build 344, is susceptible to a heap manipulation vulnerability that allows for the potential overwriting of memory. Attackers can exploit this weakness to execute arbitrary code, which compromises data integrity, triggers denial of service incidents, and can lead to system crashes. It is essential for users of this software to apply available security patches and updates to mitigate these risks.

Affected Version(s)

E-Designer Version 7.52 Build 344.

References

https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01
x_refsource_MISC
http://www.securityfocus.com/bid/100097
vdb-entryx_refsource_BID

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2017-9636 : Heap Manipulation Vulnerability in Mitsubishi E-Designer Software