VAR-201803-0130
Vulnerability from variot - Updated: 2023-12-18 12:19An Out-of-bounds Write issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. Specially crafted .dpb files may cause the system to write outside the intended buffer area. An attacker could exploit this vulnerability to execute arbitrary code (over boundary writes) with a specially crafted .dpb file. Multiple stack-based buffer-overflow vulnerabilities 2. Multiple denial-of-service vulnerabilities 3
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-0130",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "delta industrial automation screen editor",
"scope": "lte",
"trust": 1.0,
"vendor": "deltaww",
"version": "2.00.23.00"
},
{
"model": "industrial automation screen editor",
"scope": "lte",
"trust": 0.8,
"vendor": "delta",
"version": "2.00.23.00"
},
{
"model": "electronics delta industrial automation screen editor",
"scope": "lte",
"trust": 0.6,
"vendor": "delta",
"version": "\u003c=2.00.23.00"
},
{
"model": "delta industrial automation screen editor",
"scope": "eq",
"trust": 0.6,
"vendor": "deltaww",
"version": "2.00.23.00"
},
{
"model": "electronics inc delta industrial automation screen editor",
"scope": "eq",
"trust": 0.3,
"vendor": "delta",
"version": "2.00.23.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "delta industrial automation screen editor",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e300c49f-39ab-11e9-ba92-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-00879"
},
{
"db": "BID",
"id": "102426"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012941"
},
{
"db": "NVD",
"id": "CVE-2017-16747"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-248"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:deltaww:delta_industrial_automation_screen_editor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.00.23.00",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16747"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Steven Seeley.",
"sources": [
{
"db": "BID",
"id": "102426"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-248"
}
],
"trust": 0.9
},
"cve": "CVE-2017-16747",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-16747",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-00879",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "e300c49f-39ab-11e9-ba92-000c29342cb1",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-16747",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-16747",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-00879",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201801-248",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e300c49f-39ab-11e9-ba92-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e300c49f-39ab-11e9-ba92-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-00879"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012941"
},
{
"db": "NVD",
"id": "CVE-2017-16747"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-248"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Out-of-bounds Write issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. Specially crafted .dpb files may cause the system to write outside the intended buffer area. An attacker could exploit this vulnerability to execute arbitrary code (over boundary writes) with a specially crafted .dpb file. Multiple stack-based buffer-overflow vulnerabilities\n2. Multiple denial-of-service vulnerabilities\n3",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16747"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012941"
},
{
"db": "CNVD",
"id": "CNVD-2018-00879"
},
{
"db": "BID",
"id": "102426"
},
{
"db": "IVD",
"id": "e300c49f-39ab-11e9-ba92-000c29342cb1"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-16747",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-18-004-01",
"trust": 3.3
},
{
"db": "BID",
"id": "102426",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2018-00879",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201801-248",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012941",
"trust": 0.8
},
{
"db": "IVD",
"id": "E300C49F-39AB-11E9-BA92-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e300c49f-39ab-11e9-ba92-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-00879"
},
{
"db": "BID",
"id": "102426"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012941"
},
{
"db": "NVD",
"id": "CVE-2017-16747"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-248"
}
]
},
"id": "VAR-201803-0130",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e300c49f-39ab-11e9-ba92-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-00879"
}
],
"trust": 1.7000000000000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e300c49f-39ab-11e9-ba92-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-00879"
}
]
},
"last_update_date": "2023-12-18T12:19:05.041000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.deltaww.com/"
},
{
"title": "Delta Industrial Automation Screen Editor patch for arbitrary code execution vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/113353"
},
{
"title": "Delta Industrial Automation Screen Editor Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77559"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00879"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012941"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-248"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012941"
},
{
"db": "NVD",
"id": "CVE-2017-16747"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-004-01"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/102426"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16747"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16747"
},
{
"trust": 0.3,
"url": "http://www.deltaww.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00879"
},
{
"db": "BID",
"id": "102426"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012941"
},
{
"db": "NVD",
"id": "CVE-2017-16747"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-248"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e300c49f-39ab-11e9-ba92-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-00879"
},
{
"db": "BID",
"id": "102426"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012941"
},
{
"db": "NVD",
"id": "CVE-2017-16747"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-248"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-15T00:00:00",
"db": "IVD",
"id": "e300c49f-39ab-11e9-ba92-000c29342cb1"
},
{
"date": "2018-01-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-00879"
},
{
"date": "2018-01-04T00:00:00",
"db": "BID",
"id": "102426"
},
{
"date": "2018-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012941"
},
{
"date": "2018-03-15T23:29:00.313000",
"db": "NVD",
"id": "CVE-2017-16747"
},
{
"date": "2018-01-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-248"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-00879"
},
{
"date": "2018-01-04T00:00:00",
"db": "BID",
"id": "102426"
},
{
"date": "2018-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012941"
},
{
"date": "2019-10-09T23:25:17.020000",
"db": "NVD",
"id": "CVE-2017-16747"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-248"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-248"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta Industrial Automation Screen Editor Arbitrary code execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "e300c49f-39ab-11e9-ba92-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-00879"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "e300c49f-39ab-11e9-ba92-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-248"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…