VAR-201607-0382
Vulnerability from variot - Updated: 2023-12-18 12:51Heap-based buffer overflow in elcsoft.exe in Eaton ELCSoft 2.4.01 and earlier allows remote authenticated users to execute arbitrary code via a crafted file. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of EPC files. Parsing a specially crafted EPC file can cause ELCSoft.exe to overwrite a TList object in memory. An attacker can leverage this vulnerability to execute arbitrary code in the context of the process. Eaton ELCSoft Programming Software is a set of software for configuring programmable logic controllers by Eaton, USA.
A heap buffer overflow vulnerability exists in Eaton ELCSoft Programming Software 2.4.01 and earlier. Eaton ELCSoft Programming Software is prone to multiple buffer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. Failed exploits will result in denial-of-service condition. Eaton ELCSoft 2.4.01 and prior versions are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0382",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "elcsoft",
"scope": "lte",
"trust": 1.8,
"vendor": "eaton",
"version": "2.4.01"
},
{
"model": "elcsoft",
"scope": "eq",
"trust": 0.9,
"vendor": "eaton",
"version": "2.4.01"
},
{
"model": "elcsoft",
"scope": null,
"trust": 0.7,
"vendor": "eaton",
"version": null
},
{
"model": "elcsoft programming software",
"scope": "lte",
"trust": 0.6,
"vendor": "eaton",
"version": "\u003c=2.4.01"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-408"
},
{
"db": "CNVD",
"id": "CNVD-2016-04476"
},
{
"db": "BID",
"id": "91524"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003453"
},
{
"db": "NVD",
"id": "CVE-2016-4509"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-672"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:eaton:elcsoft:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.4.01",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4509"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ariele Caltabiano (kimiya)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-408"
}
],
"trust": 0.7
},
"cve": "CVE-2016-4509",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-4509",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2016-4509",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-04476",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"impactScore": 3.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 6.0,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2016-4509",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-4509",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "ZDI",
"id": "CVE-2016-4509",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2016-04476",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201606-672",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-408"
},
{
"db": "CNVD",
"id": "CNVD-2016-04476"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003453"
},
{
"db": "NVD",
"id": "CVE-2016-4509"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-672"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in elcsoft.exe in Eaton ELCSoft 2.4.01 and earlier allows remote authenticated users to execute arbitrary code via a crafted file. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of EPC files. Parsing a specially crafted EPC file can cause ELCSoft.exe to overwrite a TList object in memory. An attacker can leverage this vulnerability to execute arbitrary code in the context of the process. Eaton ELCSoft Programming Software is a set of software for configuring programmable logic controllers by Eaton, USA. \n\nA heap buffer overflow vulnerability exists in Eaton ELCSoft Programming Software 2.4.01 and earlier. Eaton ELCSoft Programming Software is prone to multiple buffer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. Failed exploits will result in denial-of-service condition. \nEaton ELCSoft 2.4.01 and prior versions are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4509"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003453"
},
{
"db": "ZDI",
"id": "ZDI-16-408"
},
{
"db": "CNVD",
"id": "CNVD-2016-04476"
},
{
"db": "BID",
"id": "91524"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4509",
"trust": 4.0
},
{
"db": "ICS CERT",
"id": "ICSA-16-182-01",
"trust": 3.3
},
{
"db": "ZDI",
"id": "ZDI-16-408",
"trust": 2.0
},
{
"db": "BID",
"id": "91524",
"trust": 1.3
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003453",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3675",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-04476",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201606-672",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-16-407",
"trust": 0.3
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-408"
},
{
"db": "CNVD",
"id": "CNVD-2016-04476"
},
{
"db": "BID",
"id": "91524"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003453"
},
{
"db": "NVD",
"id": "CVE-2016-4509"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-672"
}
]
},
"id": "VAR-201607-0382",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.15099715
},
"last_update_date": "2023-12-18T12:51:31.347000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ELCSoft Programming Software",
"trust": 0.8,
"url": "http://www.eaton.in/eaton/productsservices/electrical/productsandservices/automationandcontrol/plcsandhmi-plcs/elcseriesplcs/elcsoftprogrammingsoftware/index.htm"
},
{
"title": "Eaton has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-182-01"
},
{
"title": "Patch for Eaton ELCSoft Programming Software Heap Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/78553"
},
{
"title": "Eaton ELCSoft Programming Software Fixes for heap-based buffer overflow vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62581"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-408"
},
{
"db": "CNVD",
"id": "CNVD-2016-04476"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003453"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-672"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003453"
},
{
"db": "NVD",
"id": "CVE-2016-4509"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-182-01"
},
{
"trust": 1.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-408"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/91524"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4509"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4509"
},
{
"trust": 0.3,
"url": "http://www.eaton.com/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-407"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-408"
},
{
"db": "CNVD",
"id": "CNVD-2016-04476"
},
{
"db": "BID",
"id": "91524"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003453"
},
{
"db": "NVD",
"id": "CVE-2016-4509"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-672"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-16-408"
},
{
"db": "CNVD",
"id": "CNVD-2016-04476"
},
{
"db": "BID",
"id": "91524"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003453"
},
{
"db": "NVD",
"id": "CVE-2016-4509"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-672"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-07T00:00:00",
"db": "ZDI",
"id": "ZDI-16-408"
},
{
"date": "2016-07-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04476"
},
{
"date": "2016-06-30T00:00:00",
"db": "BID",
"id": "91524"
},
{
"date": "2016-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003453"
},
{
"date": "2016-07-03T14:59:06.727000",
"db": "NVD",
"id": "CVE-2016-4509"
},
{
"date": "2016-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-672"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-07T00:00:00",
"db": "ZDI",
"id": "ZDI-16-408"
},
{
"date": "2016-07-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04476"
},
{
"date": "2016-07-08T23:00:00",
"db": "BID",
"id": "91524"
},
{
"date": "2016-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003453"
},
{
"date": "2016-11-28T20:18:29.853000",
"db": "NVD",
"id": "CVE-2016-4509"
},
{
"date": "2016-07-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-672"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-672"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Eaton ELCSoft of elcsoft.exe Heap-based buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003453"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-672"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…