CVE-2018-10594

Опубликовано: 26 июн. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Высокий

Описание

Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1) utilize a fixed-length stack buffer where an unverified length value can be read from the network packets via a specific network port, causing the buffer to be overwritten. This may allow remote code execution, cause the application to crash, or result in a denial-of-service condition in the application server.

Ссылки

http://www.securityfocus.com/bid/104529
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-172-01
Third Party Advisory
US Government Resource
https://www.exploit-db.com/exploits/44965/
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/45574/
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/104529
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-172-01
Third Party Advisory
US Government Resource
https://www.exploit-db.com/exploits/44965/
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/45574/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:deltaww:commgr:*:*:*:*:*:*:*:*

Версия до 1.08 (включая)

Одно из

cpe:2.3:h:deltaww:dvpsimulator_ahsim_5x0:-:*:*:*:*:*:*:*

cpe:2.3:h:deltaww:dvpsimulator_ahsim_5x1:-:*:*:*:*:*:*:*

cpe:2.3:h:deltaww:dvpsimulator_eh2:-:*:*:*:*:*:*:*

cpe:2.3:h:deltaww:dvpsimulator_es2:-:*:*:*:*:*:*:*

cpe:2.3:h:deltaww:dvpsimulator_h3:-:*:*:*:*:*:*:*

cpe:2.3:h:deltaww:dvpsimulator_se:-:*:*:*:*:*:*:*

cpe:2.3:h:deltaww:dvpsimulator_ss2:-:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.78242

Высокий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-121

CWE-119

Связанные уязвимости

GHSA-55m9-57p9-8j6r