Описание
A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A function reads a packet to indicate the next packet length. The next packet length is not verified, allowing a buffer overwrite that could lead to an arbitrary remote code execution.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 9.0 (включая)
cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\/scada_cimplicity:*:*:*:*:*:*:*:*
EPSS
Процентиль: 48%
0.00248
Низкий
6.8 Medium
CVSS3
4.9 Medium
CVSS2
Дефекты
CWE-121
CWE-119
Связанные уязвимости
CVSS3: 6.8
github
больше 3 лет назад
A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A function reads a packet to indicate the next packet length. The next packet length is not verified, allowing a buffer overwrite that could lead to an arbitrary remote code execution.
EPSS
Процентиль: 48%
0.00248
Низкий
6.8 Medium
CVSS3
4.9 Medium
CVSS2
Дефекты
CWE-121
CWE-119