9.8
CVE-2018-10594
- EPSS 78.24%
- Veröffentlicht 26.06.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 03:41:37
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginDelta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1) utilize a fixed-length stack buffer where an unverified length value can be read from the network packets via a specific network port, causing the buffer to be overwritten. This may allow remote code execution, cause the application to crash, or result in a denial-of-service condition in the application server.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Deltaww ≫ Commgr Version <= 1.08
Deltaww ≫ Dvpsimulator Ahsim 5x0 Version-
Deltaww ≫ Dvpsimulator Ahsim 5x1 Version-
Deltaww ≫ Dvpsimulator Eh2 Version-
Deltaww ≫ Dvpsimulator Es2 Version-
Deltaww ≫ Dvpsimulator H3 Version-
Deltaww ≫ Dvpsimulator Se Version-
Deltaww ≫ Dvpsimulator Ss2 Version-
Deltaww ≫ Dvpsimulator Ahsim 5x1 Version-
Deltaww ≫ Dvpsimulator Eh2 Version-
Deltaww ≫ Dvpsimulator Es2 Version-
Deltaww ≫ Dvpsimulator H3 Version-
Deltaww ≫ Dvpsimulator Se Version-
Deltaww ≫ Dvpsimulator Ss2 Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 78.24% | 0.99 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-121 Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).