VAR-201803-2206
Vulnerability from variot - Updated: 2023-12-18 13:13In Eaton ELCSoft versions 2.04.02 and prior, there are multiple cases where specially crafted files could cause a buffer overflow which, in turn, may allow remote execution of arbitrary code. Eaton ELCSoft Contains buffer error vulnerabilities and input validation vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Eaton ELCSoft is a programmable logic control software that runs on a PC to help configure the ELC controller. There are arbitrary code execution vulnerabilities in Eaton ELCSoft 2.04.02 and earlier. Eaton ELCSoft Programming Software is prone to multiple buffer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. Failed exploits will result in denial-of-service condition. Eaton ELCSoft Versions 2.04.02 and prior are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-2206",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "elcsoft",
"scope": "lt",
"trust": 1.0,
"vendor": "eaton",
"version": "2.04.02"
},
{
"model": "elcsoft",
"scope": "eq",
"trust": 0.9,
"vendor": "eaton",
"version": "2.4.01"
},
{
"model": "elcsoft",
"scope": "lte",
"trust": 0.8,
"vendor": "eaton",
"version": "\u003c=2.04.02"
},
{
"model": "elcsoft",
"scope": "lte",
"trust": 0.8,
"vendor": "eaton",
"version": "2.04.02"
},
{
"model": "elcsoft",
"scope": "eq",
"trust": 0.3,
"vendor": "eaton",
"version": "2.4.2"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e54d61-39ab-11e9-86d3-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-04779"
},
{
"db": "BID",
"id": "103301"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003319"
},
{
"db": "NVD",
"id": "CVE-2018-7511"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-709"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:eaton:elcsoft:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.04.02",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7511"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ariele Caltabiano (kimiya) and axt working with Trend Micro\u0027s Zero Day Initiative",
"sources": [
{
"db": "BID",
"id": "103301"
}
],
"trust": 0.3
},
"cve": "CVE-2018-7511",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-7511",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-04779",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e2e54d61-39ab-11e9-86d3-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-7511",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-7511",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-04779",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-709",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2e54d61-39ab-11e9-86d3-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e54d61-39ab-11e9-86d3-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-04779"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003319"
},
{
"db": "NVD",
"id": "CVE-2018-7511"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-709"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Eaton ELCSoft versions 2.04.02 and prior, there are multiple cases where specially crafted files could cause a buffer overflow which, in turn, may allow remote execution of arbitrary code. Eaton ELCSoft Contains buffer error vulnerabilities and input validation vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Eaton ELCSoft is a programmable logic control software that runs on a PC to help configure the ELC controller. There are arbitrary code execution vulnerabilities in Eaton ELCSoft 2.04.02 and earlier. Eaton ELCSoft Programming Software is prone to multiple buffer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. Failed exploits will result in denial-of-service condition. \nEaton ELCSoft Versions 2.04.02 and prior are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7511"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003319"
},
{
"db": "CNVD",
"id": "CNVD-2018-04779"
},
{
"db": "BID",
"id": "103301"
},
{
"db": "IVD",
"id": "e2e54d61-39ab-11e9-86d3-000c29342cb1"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7511",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-18-065-03",
"trust": 3.3
},
{
"db": "BID",
"id": "103301",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2018-04779",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-709",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003319",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2E54D61-39AB-11E9-86D3-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2e54d61-39ab-11e9-86d3-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-04779"
},
{
"db": "BID",
"id": "103301"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003319"
},
{
"db": "NVD",
"id": "CVE-2018-7511"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-709"
}
]
},
"id": "VAR-201803-2206",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e54d61-39ab-11e9-86d3-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-04779"
}
],
"trust": 0.9509971500000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2e54d61-39ab-11e9-86d3-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-04779"
}
]
},
"last_update_date": "2023-12-18T13:13:55.942000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Update for ELCSoft Programming Software",
"trust": 0.8,
"url": "http://www.eaton.com/ecm/idcplg?idcservice=get_file\u0026allowinterrupt=1\u0026revisionselectionmethod=latestreleased\u0026nosaveas=0\u0026rendition=primary\u0026ddocname=pct_3313148"
},
{
"title": "Patch of Eaton ELCSoft arbitrary code execution vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/120823"
},
{
"title": "Eaton ELCSoft Enter the fix for the verification vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79310"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04779"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003319"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-709"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
},
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003319"
},
{
"db": "NVD",
"id": "CVE-2018-7511"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-065-03"
},
{
"trust": 1.6,
"url": "http://www.eaton.com/ecm/idcplg?idcservice=get_file\u0026allowinterrupt=1\u0026revisionselectionmethod=latestreleased\u0026nosaveas=0\u0026rendition=primary\u0026ddocname=pct_3313148"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/103301"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7511"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7511"
},
{
"trust": 0.3,
"url": "http://www.eaton.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04779"
},
{
"db": "BID",
"id": "103301"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003319"
},
{
"db": "NVD",
"id": "CVE-2018-7511"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-709"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e54d61-39ab-11e9-86d3-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-04779"
},
{
"db": "BID",
"id": "103301"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003319"
},
{
"db": "NVD",
"id": "CVE-2018-7511"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-709"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-09T00:00:00",
"db": "IVD",
"id": "e2e54d61-39ab-11e9-86d3-000c29342cb1"
},
{
"date": "2018-03-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-04779"
},
{
"date": "2018-03-06T00:00:00",
"db": "BID",
"id": "103301"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003319"
},
{
"date": "2018-03-20T16:29:00.483000",
"db": "NVD",
"id": "CVE-2018-7511"
},
{
"date": "2018-03-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-709"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-04779"
},
{
"date": "2018-03-06T00:00:00",
"db": "BID",
"id": "103301"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003319"
},
{
"date": "2019-10-09T23:42:21.160000",
"db": "NVD",
"id": "CVE-2018-7511"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-709"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-709"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Eaton ELCSoft Arbitrary code execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2e54d61-39ab-11e9-86d3-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-04779"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation error",
"sources": [
{
"db": "IVD",
"id": "e2e54d61-39ab-11e9-86d3-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-709"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…