CVE-2018-5452

Опубликовано: 07 мар. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

A Stack-based Buffer Overflow issue was discovered in Emerson Process Management ControlWave Micro Process Automation Controller: ControlWave Micro [ProConOS v.4.01.280] firmware: CWM v.05.78.00 and prior. A stack-based buffer overflow vulnerability caused by sending crafted packets on Port 20547 could force the PLC to change its state into halt mode.

Ссылки

http://www.securityfocus.com/bid/103180
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-058-03
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/103180
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-058-03
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:emerson:controlwave_micro_firmware:*:*:*:*:*:*:*:*

Версия до 05.78.00 (включая)

cpe:2.3:h:emerson:controlwave_micro:-:*:*:*:*:*:*:*

EPSS

Процентиль: 82%

0.01689

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-121

CWE-787

Связанные уязвимости

GHSA-xq5r-4h6f-r3gp