[Japanese]

JVNDB-2019-000020

PowerAct Pro Master Agent for Windows fails to restrict acess permissions

Overview

PowerAct Pro Master Agent for Windows provided by OMRON SOCIAL SOLUTIONS Co.,Ltd. fails to restrict access permissions.

Hosono, Akane reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 3.3 (Low) [IPA Score]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 1.7 (Low) [IPA Score]
  • Access Vector: Local
  • Access Complexity: Low
  • Authentication: Single Instance
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


OMRON SOCIAL SOLUTIONS Co.,Ltd.
  • PowerAct Pro Master Agent for Windows Version 5.13 and earlier

Impact

A user with an Windows general user acccount may alter or edit a file which the user does not have a permission to access.
Solution

[Update the Software]
Update the software to the latest version and then execute the update tool which addressed the vulnerability according to the information provided by the developer.
Vendor Information

OMRON SOCIAL SOLUTIONS Co.,Ltd.
  • OMRON SOCIAL SOLUTIONS Co.,Ltd. : Notification (in Japanese)
  • OMRON SOCIAL SOLUTIONS Co.,Ltd. : Download (in Japanese)
CWE (What is CWE?)

  1. Permissions(CWE-264) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2018-16207
References

  1. JVN : JVN#63981842
  2. National Vulnerability Database (NVD) : CVE-2018-16207
Revision History

  • [2019/03/27]
      Web page was published
  • [2019/09/27]
      References : Content was added