FKIE_CVE-2018-10594

Vulnerability from fkie_nvd - Published: 2018-06-26 20:29 - Updated: 2024-11-21 03:41
Severity ?
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1) utilize a fixed-length stack buffer where an unverified length value can be read from the network packets via a specific network port, causing the buffer to be overwritten. This may allow remote code execution, cause the application to crash, or result in a denial-of-service condition in the application server.
References
ics-cert@hq.dhs.govhttp://www.securityfocus.com/bid/104529Third Party Advisory, VDB Entry
ics-cert@hq.dhs.govhttps://ics-cert.us-cert.gov/advisories/ICSA-18-172-01Third Party Advisory, US Government Resource
ics-cert@hq.dhs.govhttps://www.exploit-db.com/exploits/44965/Exploit, Third Party Advisory, VDB Entry
ics-cert@hq.dhs.govhttps://www.exploit-db.com/exploits/45574/Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/104529Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://ics-cert.us-cert.gov/advisories/ICSA-18-172-01Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/44965/Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/45574/Exploit, Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
deltaww commgr *
deltaww dvpsimulator_ahsim_5x0 -
deltaww dvpsimulator_ahsim_5x1 -
deltaww dvpsimulator_eh2 -
deltaww dvpsimulator_es2 -
deltaww dvpsimulator_h3 -
deltaww dvpsimulator_se -
deltaww dvpsimulator_ss2 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:deltaww:commgr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "24F6AC59-770C-4AE3-B010-531E6C19ECD4",
              "versionEndIncluding": "1.08",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:deltaww:dvpsimulator_ahsim_5x0:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "61167A94-F65E-4179-B860-80A7E9A89117",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:deltaww:dvpsimulator_ahsim_5x1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D8A5379-465C-4BFA-8C8A-3BD2EDC4463C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:deltaww:dvpsimulator_eh2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C584385C-E9B7-470A-A19A-246EC4A7B41C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:deltaww:dvpsimulator_es2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8824D80A-7D15-4AD0-8AEF-DDE985669292",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:deltaww:dvpsimulator_h3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "37CD6D94-226D-42D0-8EB7-33C7FC47F312",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:deltaww:dvpsimulator_se:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9D4DF3F-F869-4708-8738-7F4ABE317F4D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:deltaww:dvpsimulator_ss2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B78281E-2ED8-463C-B717-4E01C4E0678B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1) utilize a fixed-length stack buffer where an unverified length value can be read from the network packets via a specific network port, causing the buffer to be overwritten. This may allow remote code execution, cause the application to crash, or result in a denial-of-service condition in the application server."
    },
    {
      "lang": "es",
      "value": "Delta Industrial Automation COMMGR de Delta Electronics en versiones 1.08 y anteriores con sus simuladores PLC (DVPSimulator EH2, EH3, ES2, SE, SS2 y AHSIM_5x0, AHSIM_5x1) utiliza un b\u00fafer de pila de longitud fija en el que se puede leer un valor de longitud no verificado desde los paquetes de red mediante un puerto de red espec\u00edfico, provocando la sobrescritura del b\u00fafer. Esto puede permitir la ejecuci\u00f3n remota de c\u00f3digo, provocando el cierre inesperado de la aplicaci\u00f3n o resultando en una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en el servidor de la aplicaci\u00f3n."
    }
  ],
  "id": "CVE-2018-10594",
  "lastModified": "2024-11-21T03:41:37.600",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-06-26T20:29:00.227",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104529"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-172-01"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/44965/"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/45574/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104529"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-172-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/44965/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/45574/"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-121"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.