Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-10594

Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1) utilize a fixed-length stack buffer where an unverified length value can be read from the network packets via a specific network port, causing the buffer to be overwritten. This may allow remote code execution, cause the application to crash, or result in a denial-of-service condition in the application server.

Published

2018-06-26T20:29:00.227

Last Modified

2024-11-21T03:41:37.600

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

6.4

Weaknesses
  • Type: Secondary
    CWE-121
  • Type: Primary
    CWE-119
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application deltaww commgr ≤ 1.08 Yes
Hardware deltaww dvpsimulator_ahsim_5x0 - No
Hardware deltaww dvpsimulator_ahsim_5x1 - No
Hardware deltaww dvpsimulator_eh2 - No
Hardware deltaww dvpsimulator_es2 - No
Hardware deltaww dvpsimulator_h3 - No
Hardware deltaww dvpsimulator_se - No
Hardware deltaww dvpsimulator_ss2 - No
References