var-201702-0423
Vulnerability from variot
An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to2.10.10. There are multiple instances of heap-based buffer overflows that may allow malicious files to cause the execution of arbitrary code or a denial of service. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of data from a LAD file. A crafted length element can trigger an overflow of a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Delta Electronics WPLSoft and others are software control platforms used by Delta Electronics to edit the Delta DVP series of programmable logic controllers (PLCs). A heap buffer overflow vulnerability exists in several Delta Electronics products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0423",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wplsoft",
"scope": null,
"trust": 6.3,
"vendor": "delta industrial automation",
"version": null
},
{
"model": "ispsoft",
"scope": null,
"trust": 2.1,
"vendor": "delta industrial automation",
"version": null
},
{
"model": "ispsoft",
"scope": "eq",
"trust": 1.6,
"vendor": "delta",
"version": null
},
{
"model": "pmsoft",
"scope": "eq",
"trust": 1.6,
"vendor": "delta",
"version": null
},
{
"model": "wplsoft",
"scope": "eq",
"trust": 1.6,
"vendor": "delta",
"version": null
},
{
"model": "electronics inc ispsoft",
"scope": "eq",
"trust": 0.9,
"vendor": "delta",
"version": "3.0"
},
{
"model": "electronics inc pmsoft",
"scope": "eq",
"trust": 0.9,
"vendor": "delta",
"version": "2.0"
},
{
"model": "electronics inc wplsoft",
"scope": "eq",
"trust": 0.9,
"vendor": "delta",
"version": "2.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "ispsoft",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "pmsoft",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wplsoft",
"version": null
},
{
"model": "electronics inc wplsoft",
"scope": "ne",
"trust": 0.3,
"vendor": "delta",
"version": "2.42.11"
},
{
"model": "electronics inc pmsoft",
"scope": "ne",
"trust": 0.3,
"vendor": "delta",
"version": "2.10.10"
},
{
"model": "electronics inc ispsoft",
"scope": "ne",
"trust": 0.3,
"vendor": "delta",
"version": "3.02.11"
}
],
"sources": [
{
"db": "IVD",
"id": "c1b2c178-9e7c-41ad-b334-53f292b6a7f0"
},
{
"db": "IVD",
"id": "e300285f-39ab-11e9-9115-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-16-661"
},
{
"db": "ZDI",
"id": "ZDI-16-648"
},
{
"db": "ZDI",
"id": "ZDI-16-653"
},
{
"db": "ZDI",
"id": "ZDI-16-659"
},
{
"db": "ZDI",
"id": "ZDI-16-649"
},
{
"db": "ZDI",
"id": "ZDI-16-651"
},
{
"db": "ZDI",
"id": "ZDI-16-656"
},
{
"db": "ZDI",
"id": "ZDI-16-650"
},
{
"db": "ZDI",
"id": "ZDI-16-654"
},
{
"db": "ZDI",
"id": "ZDI-16-658"
},
{
"db": "ZDI",
"id": "ZDI-16-662"
},
{
"db": "ZDI",
"id": "ZDI-16-657"
},
{
"db": "CNVD",
"id": "CNVD-2016-12683"
},
{
"db": "BID",
"id": "94887"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-509"
},
{
"db": "NVD",
"id": "CVE-2016-5805"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:delta_electronics:pmsoft:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:delta_electronics:ispsoft:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:delta_electronics:wplsoft:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5805"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "axt",
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-661"
},
{
"db": "ZDI",
"id": "ZDI-16-648"
},
{
"db": "ZDI",
"id": "ZDI-16-653"
},
{
"db": "ZDI",
"id": "ZDI-16-659"
},
{
"db": "ZDI",
"id": "ZDI-16-649"
},
{
"db": "ZDI",
"id": "ZDI-16-651"
},
{
"db": "ZDI",
"id": "ZDI-16-656"
},
{
"db": "ZDI",
"id": "ZDI-16-650"
},
{
"db": "ZDI",
"id": "ZDI-16-654"
},
{
"db": "ZDI",
"id": "ZDI-16-658"
},
{
"db": "ZDI",
"id": "ZDI-16-662"
},
{
"db": "ZDI",
"id": "ZDI-16-657"
}
],
"trust": 8.4
},
"cve": "CVE-2016-5805",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2016-5805",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 7.0,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-5805",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CVE-2016-5805",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-12683",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "c1b2c178-9e7c-41ad-b334-53f292b6a7f0",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e300285f-39ab-11e9-9115-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-94624",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2016-5805",
"trust": 7.7,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-5805",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2016-5805",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-12683",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201612-509",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "c1b2c178-9e7c-41ad-b334-53f292b6a7f0",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e300285f-39ab-11e9-9115-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-94624",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "c1b2c178-9e7c-41ad-b334-53f292b6a7f0"
},
{
"db": "IVD",
"id": "e300285f-39ab-11e9-9115-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-16-661"
},
{
"db": "ZDI",
"id": "ZDI-16-648"
},
{
"db": "ZDI",
"id": "ZDI-16-653"
},
{
"db": "ZDI",
"id": "ZDI-16-659"
},
{
"db": "ZDI",
"id": "ZDI-16-649"
},
{
"db": "ZDI",
"id": "ZDI-16-651"
},
{
"db": "ZDI",
"id": "ZDI-16-656"
},
{
"db": "ZDI",
"id": "ZDI-16-650"
},
{
"db": "ZDI",
"id": "ZDI-16-654"
},
{
"db": "ZDI",
"id": "ZDI-16-658"
},
{
"db": "ZDI",
"id": "ZDI-16-662"
},
{
"db": "ZDI",
"id": "ZDI-16-657"
},
{
"db": "CNVD",
"id": "CNVD-2016-12683"
},
{
"db": "VULHUB",
"id": "VHN-94624"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-509"
},
{
"db": "NVD",
"id": "CVE-2016-5805"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to2.10.10. There are multiple instances of heap-based buffer overflows that may allow malicious files to cause the execution of arbitrary code or a denial of service. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of data from a LAD file. A crafted length element can trigger an overflow of a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Delta Electronics WPLSoft and others are software control platforms used by Delta Electronics to edit the Delta DVP series of programmable logic controllers (PLCs). A heap buffer overflow vulnerability exists in several Delta Electronics products",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5805"
},
{
"db": "ZDI",
"id": "ZDI-16-651"
},
{
"db": "ZDI",
"id": "ZDI-16-657"
},
{
"db": "ZDI",
"id": "ZDI-16-662"
},
{
"db": "ZDI",
"id": "ZDI-16-658"
},
{
"db": "ZDI",
"id": "ZDI-16-654"
},
{
"db": "ZDI",
"id": "ZDI-16-656"
},
{
"db": "ZDI",
"id": "ZDI-16-650"
},
{
"db": "ZDI",
"id": "ZDI-16-649"
},
{
"db": "ZDI",
"id": "ZDI-16-659"
},
{
"db": "ZDI",
"id": "ZDI-16-653"
},
{
"db": "ZDI",
"id": "ZDI-16-648"
},
{
"db": "ZDI",
"id": "ZDI-16-661"
},
{
"db": "CNVD",
"id": "CNVD-2016-12683"
},
{
"db": "BID",
"id": "94887"
},
{
"db": "IVD",
"id": "e300285f-39ab-11e9-9115-000c29342cb1"
},
{
"db": "IVD",
"id": "c1b2c178-9e7c-41ad-b334-53f292b6a7f0"
},
{
"db": "VULHUB",
"id": "VHN-94624"
}
],
"trust": 9.72
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5805",
"trust": 11.4
},
{
"db": "BID",
"id": "94887",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-16-348-03",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201612-509",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2016-12683",
"trust": 1.0
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3915",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-16-661",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3865",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-16-648",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3930",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-16-653",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3916",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-16-659",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3859",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-16-649",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3909",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-16-651",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3911",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-16-656",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3860",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-16-650",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3931",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-16-654",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3913",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-16-658",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-4016",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-16-662",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3912",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-16-657",
"trust": 0.7
},
{
"db": "IVD",
"id": "C1B2C178-9E7C-41AD-B334-53F292B6A7F0",
"trust": 0.2
},
{
"db": "IVD",
"id": "E300285F-39AB-11E9-9115-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-94624",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "c1b2c178-9e7c-41ad-b334-53f292b6a7f0"
},
{
"db": "IVD",
"id": "e300285f-39ab-11e9-9115-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-16-661"
},
{
"db": "ZDI",
"id": "ZDI-16-648"
},
{
"db": "ZDI",
"id": "ZDI-16-653"
},
{
"db": "ZDI",
"id": "ZDI-16-659"
},
{
"db": "ZDI",
"id": "ZDI-16-649"
},
{
"db": "ZDI",
"id": "ZDI-16-651"
},
{
"db": "ZDI",
"id": "ZDI-16-656"
},
{
"db": "ZDI",
"id": "ZDI-16-650"
},
{
"db": "ZDI",
"id": "ZDI-16-654"
},
{
"db": "ZDI",
"id": "ZDI-16-658"
},
{
"db": "ZDI",
"id": "ZDI-16-662"
},
{
"db": "ZDI",
"id": "ZDI-16-657"
},
{
"db": "CNVD",
"id": "CNVD-2016-12683"
},
{
"db": "VULHUB",
"id": "VHN-94624"
},
{
"db": "BID",
"id": "94887"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-509"
},
{
"db": "NVD",
"id": "CVE-2016-5805"
}
]
},
"id": "VAR-201702-0423",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "c1b2c178-9e7c-41ad-b334-53f292b6a7f0"
},
{
"db": "IVD",
"id": "e300285f-39ab-11e9-9115-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2016-12683"
},
{
"db": "VULHUB",
"id": "VHN-94624"
}
],
"trust": 1.7291666650000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "c1b2c178-9e7c-41ad-b334-53f292b6a7f0"
},
{
"db": "IVD",
"id": "e300285f-39ab-11e9-9115-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2016-12683"
}
]
},
"last_update_date": "2024-07-23T22:40:53.160000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Delta Industrial Automation has issued an update to correct this vulnerability.",
"trust": 8.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-348-03"
},
{
"title": "Patches for Multiple Delta Electronics Product Heap Buffer Overflow Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/86302"
},
{
"title": "Multiple Delta Electronics Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=66543"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-661"
},
{
"db": "ZDI",
"id": "ZDI-16-648"
},
{
"db": "ZDI",
"id": "ZDI-16-653"
},
{
"db": "ZDI",
"id": "ZDI-16-659"
},
{
"db": "ZDI",
"id": "ZDI-16-649"
},
{
"db": "ZDI",
"id": "ZDI-16-651"
},
{
"db": "ZDI",
"id": "ZDI-16-656"
},
{
"db": "ZDI",
"id": "ZDI-16-650"
},
{
"db": "ZDI",
"id": "ZDI-16-654"
},
{
"db": "ZDI",
"id": "ZDI-16-658"
},
{
"db": "ZDI",
"id": "ZDI-16-662"
},
{
"db": "ZDI",
"id": "ZDI-16-657"
},
{
"db": "CNVD",
"id": "CNVD-2016-12683"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-509"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94624"
},
{
"db": "NVD",
"id": "CVE-2016-5805"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 10.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-348-03"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/94887"
},
{
"trust": 0.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-348-03#footnotea_6tkr584"
},
{
"trust": 0.3,
"url": "http://www.deltaww.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-661"
},
{
"db": "ZDI",
"id": "ZDI-16-648"
},
{
"db": "ZDI",
"id": "ZDI-16-653"
},
{
"db": "ZDI",
"id": "ZDI-16-659"
},
{
"db": "ZDI",
"id": "ZDI-16-649"
},
{
"db": "ZDI",
"id": "ZDI-16-651"
},
{
"db": "ZDI",
"id": "ZDI-16-656"
},
{
"db": "ZDI",
"id": "ZDI-16-650"
},
{
"db": "ZDI",
"id": "ZDI-16-654"
},
{
"db": "ZDI",
"id": "ZDI-16-658"
},
{
"db": "ZDI",
"id": "ZDI-16-662"
},
{
"db": "ZDI",
"id": "ZDI-16-657"
},
{
"db": "CNVD",
"id": "CNVD-2016-12683"
},
{
"db": "VULHUB",
"id": "VHN-94624"
},
{
"db": "BID",
"id": "94887"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-509"
},
{
"db": "NVD",
"id": "CVE-2016-5805"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "c1b2c178-9e7c-41ad-b334-53f292b6a7f0"
},
{
"db": "IVD",
"id": "e300285f-39ab-11e9-9115-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-16-661"
},
{
"db": "ZDI",
"id": "ZDI-16-648"
},
{
"db": "ZDI",
"id": "ZDI-16-653"
},
{
"db": "ZDI",
"id": "ZDI-16-659"
},
{
"db": "ZDI",
"id": "ZDI-16-649"
},
{
"db": "ZDI",
"id": "ZDI-16-651"
},
{
"db": "ZDI",
"id": "ZDI-16-656"
},
{
"db": "ZDI",
"id": "ZDI-16-650"
},
{
"db": "ZDI",
"id": "ZDI-16-654"
},
{
"db": "ZDI",
"id": "ZDI-16-658"
},
{
"db": "ZDI",
"id": "ZDI-16-662"
},
{
"db": "ZDI",
"id": "ZDI-16-657"
},
{
"db": "CNVD",
"id": "CNVD-2016-12683"
},
{
"db": "VULHUB",
"id": "VHN-94624"
},
{
"db": "BID",
"id": "94887"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-509"
},
{
"db": "NVD",
"id": "CVE-2016-5805"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-21T00:00:00",
"db": "IVD",
"id": "c1b2c178-9e7c-41ad-b334-53f292b6a7f0"
},
{
"date": "2016-12-21T00:00:00",
"db": "IVD",
"id": "e300285f-39ab-11e9-9115-000c29342cb1"
},
{
"date": "2016-12-15T00:00:00",
"db": "ZDI",
"id": "ZDI-16-661"
},
{
"date": "2016-12-15T00:00:00",
"db": "ZDI",
"id": "ZDI-16-648"
},
{
"date": "2016-12-15T00:00:00",
"db": "ZDI",
"id": "ZDI-16-653"
},
{
"date": "2016-12-15T00:00:00",
"db": "ZDI",
"id": "ZDI-16-659"
},
{
"date": "2016-12-15T00:00:00",
"db": "ZDI",
"id": "ZDI-16-649"
},
{
"date": "2016-12-15T00:00:00",
"db": "ZDI",
"id": "ZDI-16-651"
},
{
"date": "2016-12-15T00:00:00",
"db": "ZDI",
"id": "ZDI-16-656"
},
{
"date": "2016-12-15T00:00:00",
"db": "ZDI",
"id": "ZDI-16-650"
},
{
"date": "2016-12-15T00:00:00",
"db": "ZDI",
"id": "ZDI-16-654"
},
{
"date": "2016-12-15T00:00:00",
"db": "ZDI",
"id": "ZDI-16-658"
},
{
"date": "2016-12-15T00:00:00",
"db": "ZDI",
"id": "ZDI-16-662"
},
{
"date": "2016-12-15T00:00:00",
"db": "ZDI",
"id": "ZDI-16-657"
},
{
"date": "2016-12-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-12683"
},
{
"date": "2017-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-94624"
},
{
"date": "2016-12-14T00:00:00",
"db": "BID",
"id": "94887"
},
{
"date": "2016-12-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-509"
},
{
"date": "2017-02-13T21:59:00.393000",
"db": "NVD",
"id": "CVE-2016-5805"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-15T00:00:00",
"db": "ZDI",
"id": "ZDI-16-661"
},
{
"date": "2016-12-15T00:00:00",
"db": "ZDI",
"id": "ZDI-16-648"
},
{
"date": "2016-12-15T00:00:00",
"db": "ZDI",
"id": "ZDI-16-653"
},
{
"date": "2016-12-15T00:00:00",
"db": "ZDI",
"id": "ZDI-16-659"
},
{
"date": "2016-12-15T00:00:00",
"db": "ZDI",
"id": "ZDI-16-649"
},
{
"date": "2016-12-15T00:00:00",
"db": "ZDI",
"id": "ZDI-16-651"
},
{
"date": "2016-12-15T00:00:00",
"db": "ZDI",
"id": "ZDI-16-656"
},
{
"date": "2016-12-15T00:00:00",
"db": "ZDI",
"id": "ZDI-16-650"
},
{
"date": "2016-12-15T00:00:00",
"db": "ZDI",
"id": "ZDI-16-654"
},
{
"date": "2016-12-15T00:00:00",
"db": "ZDI",
"id": "ZDI-16-658"
},
{
"date": "2016-12-15T00:00:00",
"db": "ZDI",
"id": "ZDI-16-662"
},
{
"date": "2016-12-15T00:00:00",
"db": "ZDI",
"id": "ZDI-16-657"
},
{
"date": "2018-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-12683"
},
{
"date": "2017-03-14T00:00:00",
"db": "VULHUB",
"id": "VHN-94624"
},
{
"date": "2016-12-20T01:09:00",
"db": "BID",
"id": "94887"
},
{
"date": "2016-12-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-509"
},
{
"date": "2017-03-14T19:01:27.053000",
"db": "NVD",
"id": "CVE-2016-5805"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-509"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta Industrial Automation WPLSoft DVP File Parsing Heap-Based Buffer Overflow Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-648"
},
{
"db": "ZDI",
"id": "ZDI-16-656"
},
{
"db": "ZDI",
"id": "ZDI-16-657"
}
],
"trust": 2.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "c1b2c178-9e7c-41ad-b334-53f292b6a7f0"
},
{
"db": "IVD",
"id": "e300285f-39ab-11e9-9115-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-509"
}
],
"trust": 1.0
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.