var-201805-1140
Vulnerability from variot

WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length stack buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash. Delta Electronics WPLSoft Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft and Delta Industrial Automation ISPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of dvp files. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of current process. Delta Industrial Automation is the industry automation vendor for power management and cooling solutions worldwide. The length of the data provided by the user was not properly verified. WPLSoft (Delta PLC programming software) is a PLC program programming software used by Delta Electronics in the WINDOWS operating system environment. Delta Electronics WPLSoft has a stack buffer overflow vulnerability. The application uses a fixed-length heap buffer. Execute or cause the application to crash. A stack-based buffer-overflow vulnerability 2. A heap-based buffer-overflow vulnerability 3

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201805-1140",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "wplsoft",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "deltaww",
        "version": "2.45.0"
      },
      {
        "model": "wplsoft",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "delta",
        "version": "2.45.0"
      },
      {
        "model": "wplsoft",
        "scope": null,
        "trust": 0.7,
        "vendor": "delta industrial automation",
        "version": null
      },
      {
        "model": "industrial automation wplsoft",
        "scope": null,
        "trust": 0.6,
        "vendor": "delta",
        "version": null
      },
      {
        "model": "electronics wplsoft",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "delta",
        "version": "\u003c=2.45.0"
      },
      {
        "model": "wplsoft",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "deltaww",
        "version": "2.45.0"
      },
      {
        "model": "industrial automation wplsoft",
        "scope": "eq",
        "trust": 0.4,
        "vendor": "delta",
        "version": "*"
      },
      {
        "model": "electronics inc wplsoft",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "delta",
        "version": "2.45.0"
      },
      {
        "model": "electronics inc wplsoft",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "delta",
        "version": "2.42.11"
      },
      {
        "model": "electronics inc wplsoft",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "delta",
        "version": "2.0"
      },
      {
        "model": "electronics inc wplsoft",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "delta",
        "version": "2.46.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "wplsoft",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e3004f6f-39ab-11e9-b569-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "117014c0-b059-4ede-9515-daf57ae2fdf1"
      },
      {
        "db": "IVD",
        "id": "e2ffb331-39ab-11e9-9c2e-000c29342cb1"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-698"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22817"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-03767"
      },
      {
        "db": "BID",
        "id": "103179"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004570"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7494"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-767"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:deltaww:wplsoft:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.45.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-7494"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "axt",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-17-698"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2018-7494",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2018-7494",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "ZDI",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2018-7494",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 0.7,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-22817",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.7,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2018-03767",
            "impactScore": 9.5,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.7,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "e3004f6f-39ab-11e9-b569-000c29342cb1",
            "impactScore": 9.5,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:C/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "117014c0-b059-4ede-9515-daf57ae2fdf1",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "e2ffb331-39ab-11e9-9c2e-000c29342cb1",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2018-7494",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-7494",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "ZDI",
            "id": "CVE-2018-7494",
            "trust": 0.7,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-22817",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-03767",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201803-767",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "e3004f6f-39ab-11e9-b569-000c29342cb1",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "117014c0-b059-4ede-9515-daf57ae2fdf1",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "e2ffb331-39ab-11e9-9c2e-000c29342cb1",
            "trust": 0.2,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e3004f6f-39ab-11e9-b569-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "117014c0-b059-4ede-9515-daf57ae2fdf1"
      },
      {
        "db": "IVD",
        "id": "e2ffb331-39ab-11e9-9c2e-000c29342cb1"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-698"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22817"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-03767"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004570"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7494"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-767"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length stack buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash. Delta Electronics WPLSoft Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft and Delta Industrial Automation ISPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of dvp files. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of current process. Delta Industrial Automation is the industry automation vendor for power management and cooling solutions worldwide. The length of the data provided by the user was not properly verified. WPLSoft (Delta PLC programming software) is a PLC program programming software used by Delta Electronics in the WINDOWS operating system environment. Delta Electronics WPLSoft has a stack buffer overflow vulnerability. The application uses a fixed-length heap buffer. Execute or cause the application to crash. A stack-based buffer-overflow vulnerability\n2. A heap-based buffer-overflow vulnerability\n3",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-7494"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004570"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-698"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22817"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-03767"
      },
      {
        "db": "BID",
        "id": "103179"
      },
      {
        "db": "IVD",
        "id": "e3004f6f-39ab-11e9-b569-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "117014c0-b059-4ede-9515-daf57ae2fdf1"
      },
      {
        "db": "IVD",
        "id": "e2ffb331-39ab-11e9-9c2e-000c29342cb1"
      }
    ],
    "trust": 4.14
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-7494",
        "trust": 4.2
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-18-058-02",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "103179",
        "trust": 1.9
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-698",
        "trust": 1.3
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22817",
        "trust": 1.0
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-03767",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-767",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004570",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-3917",
        "trust": 0.7
      },
      {
        "db": "IVD",
        "id": "E3004F6F-39AB-11E9-B569-000C29342CB1",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "117014C0-B059-4EDE-9515-DAF57AE2FDF1",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "E2FFB331-39AB-11E9-9C2E-000C29342CB1",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e3004f6f-39ab-11e9-b569-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "117014c0-b059-4ede-9515-daf57ae2fdf1"
      },
      {
        "db": "IVD",
        "id": "e2ffb331-39ab-11e9-9c2e-000c29342cb1"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-698"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22817"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-03767"
      },
      {
        "db": "BID",
        "id": "103179"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004570"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7494"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-767"
      }
    ]
  },
  "id": "VAR-201805-1140",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "e3004f6f-39ab-11e9-b569-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "117014c0-b059-4ede-9515-daf57ae2fdf1"
      },
      {
        "db": "IVD",
        "id": "e2ffb331-39ab-11e9-9c2e-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22817"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-03767"
      }
    ],
    "trust": 2.716666666666667
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e3004f6f-39ab-11e9-b569-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "117014c0-b059-4ede-9515-daf57ae2fdf1"
      },
      {
        "db": "IVD",
        "id": "e2ffb331-39ab-11e9-9c2e-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22817"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-03767"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:56:57.874000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.deltaww.com/"
      },
      {
        "title": "Delta Industrial Automation has issued an update to correct this vulnerability.        This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.02/01/17 - ZDI disclosed reports to ICS-CERT02/07/17 - ICS-CERT provided ZDI with an ICS-VU # ICS-VU-97456803/16/17 - ICS-CERT asked ZDI questions about reproduction03/27/17 - ICS-CERT asked ZDI again some questions about reproduction06/07/17 - ICS-CERT offered ZDI a pre-release patch to test06/07/17 - ZDI replied that we cannot do the testing for the vendor07/20/17 - ZDI sent a mail to ICS-CERT asking the status07/26/17 - ICS-CERT advised that the vendor has a new version they believe addressed the reports (though to ZDI knowledge, no advisory was released)08/02/17 - ZDI advised ICS-CERT that our finder indicated that the vulnerabilities are still present08/11/17 - ZDI wrote ICS-CERT to indicate the intention to move these reports to 0-day on 8/24-- Mitigation:Given the nature of the vulnerability the only salient mitigation strategy is to restrict interaction with the application to trusted files.",
        "trust": 0.7,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-058-02"
      },
      {
        "title": "Delta Industrial Automation WPLSoft Stack Buffer Overflow Vulnerability Patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/143669"
      },
      {
        "title": "Patch for Delta Electronics WPLSoft Stack Buffer Overflow Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/119167"
      },
      {
        "title": "Delta Electronics WPLSoft Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79353"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-17-698"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22817"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-03767"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004570"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-767"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004570"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7494"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 4.0,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-058-02"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/103179"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7494"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7494"
      },
      {
        "trust": 0.6,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-17-698/"
      },
      {
        "trust": 0.3,
        "url": "http://www.deltaww.com/"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-17-698"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22817"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-03767"
      },
      {
        "db": "BID",
        "id": "103179"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004570"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7494"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-767"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "e3004f6f-39ab-11e9-b569-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "117014c0-b059-4ede-9515-daf57ae2fdf1"
      },
      {
        "db": "IVD",
        "id": "e2ffb331-39ab-11e9-9c2e-000c29342cb1"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-698"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22817"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-03767"
      },
      {
        "db": "BID",
        "id": "103179"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004570"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7494"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-767"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-02-28T00:00:00",
        "db": "IVD",
        "id": "e3004f6f-39ab-11e9-b569-000c29342cb1"
      },
      {
        "date": "2017-08-25T00:00:00",
        "db": "IVD",
        "id": "117014c0-b059-4ede-9515-daf57ae2fdf1"
      },
      {
        "date": "2017-08-25T00:00:00",
        "db": "IVD",
        "id": "e2ffb331-39ab-11e9-9c2e-000c29342cb1"
      },
      {
        "date": "2017-08-24T00:00:00",
        "db": "ZDI",
        "id": "ZDI-17-698"
      },
      {
        "date": "2017-08-25T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-22817"
      },
      {
        "date": "2018-02-28T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-03767"
      },
      {
        "date": "2018-02-27T00:00:00",
        "db": "BID",
        "id": "103179"
      },
      {
        "date": "2018-06-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-004570"
      },
      {
        "date": "2018-05-04T19:29:00.237000",
        "db": "NVD",
        "id": "CVE-2018-7494"
      },
      {
        "date": "2018-03-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201803-767"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-03-28T00:00:00",
        "db": "ZDI",
        "id": "ZDI-17-698"
      },
      {
        "date": "2018-11-05T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-22817"
      },
      {
        "date": "2018-11-05T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-03767"
      },
      {
        "date": "2018-02-27T00:00:00",
        "db": "BID",
        "id": "103179"
      },
      {
        "date": "2018-06-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-004570"
      },
      {
        "date": "2019-10-09T23:42:19.160000",
        "db": "NVD",
        "id": "CVE-2018-7494"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201803-767"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-767"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Delta Electronics WPLSoft Buffer error vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004570"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-767"
      }
    ],
    "trust": 1.4
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer error",
    "sources": [
      {
        "db": "IVD",
        "id": "e3004f6f-39ab-11e9-b569-000c29342cb1"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-767"
      }
    ],
    "trust": 0.8
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.