HTTP: Mitsubishi Electric E-Designer BEComliSlave Buffer Overflow
A stack-based buffer overflow vulnerability exists in Mitsubishi's Electric E-Designer. A remote attacker can exploit this vulnerability by enticing a user to visit a maliciously crafted website. This can lead to arbitrary code execution in the context of the affected user.
Extended Description
Mitsubishi E-Designer, Version 7.52 Build 344 contains six code sections which may be exploited to overwrite the stack. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash.
Affected Products
Mitsubishielectric e-designer
Short Name
HTTP:STC:MITSUBISHI-E-DESIGN-BO
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
BEComliSlave Buffer CVE-2017-9638 E-Designer Electric Mitsubishi Overflow
Release Date
08/31/2017
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Mitsubishielectric
CVSS Score
10.0