CVE-2010-4740

Опубликовано: 16 фев. 2011

Источник: nvd

CVSS2: 9.3

EPSS Средний

Описание

Stack-based buffer overflow in WTclient.dll in SCADA Engine BACnet OPC Client before 1.0.25 allows user-assisted remote attackers to execute arbitrary code via a crafted .csv file, related to a status log message.

Ссылки

http://packetstormsecurity.org/1009-exploits/bacnet-overflow.py.txt
Exploit
http://secunia.com/advisories/41466
Vendor Advisory
http://securityreason.com/securityalert/8083
http://www.kb.cert.org/vuls/id/660688
US Government Resource
http://www.securityfocus.com/bid/43289
Exploit
http://www.us-cert.gov/control_systems/pdf/ICSA-10-264-01.pdf
US Government Resource
http://packetstormsecurity.org/1009-exploits/bacnet-overflow.py.txt
Exploit
http://secunia.com/advisories/41466
Vendor Advisory
http://securityreason.com/securityalert/8083
http://www.kb.cert.org/vuls/id/660688
US Government Resource
http://www.securityfocus.com/bid/43289
Exploit
http://www.us-cert.gov/control_systems/pdf/ICSA-10-264-01.pdf
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:scadaengine:bacnet_opc_client:*:*:*:*:*:*:*:*

Версия до 1.0.24 (включая)

EPSS

Процентиль: 98%

0.58302

Средний

9.3 Critical

CVSS2

Дефекты

CWE-119

Связанные уязвимости

GHSA-vp93-v8xp-q5r9

github

больше 3 лет назад