CyberSec.Space Logo
Back to CVE Browser

CVE-2018-10594

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0560%
EPSS Percentile0.79th
PublishedJun 26, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1) utilize a fixed-length stack buffer where an unverified length value can be read from the network packets via a specific network port, causing the buffer to be overwritten. This may allow remote code execution, cause the application to crash, or result in a denial-of-service condition in the application server.

Affected Platforms (CPE)

πŸ“¦
Deltaww

Commgr

<= 1.08

References & Advisories

πŸ”— http://www.securityfocus.com/bid/104529
πŸ”— https://ics-cert.us-cert.gov/advisories/ICSA-18-172-01
πŸ”— https://www.exploit-db.com/exploits/44965/
πŸ”— https://www.exploit-db.com/exploits/45574/
πŸ”— http://www.securityfocus.com/bid/104529
πŸ”— https://ics-cert.us-cert.gov/advisories/ICSA-18-172-01
πŸ”— https://www.exploit-db.com/exploits/44965/
πŸ”— https://www.exploit-db.com/exploits/45574/

Related Vulnerabilities

CVE-2021-274809.8

Delta Industrial Automation COMMGR Versions 1.12 and prior are vulnerable to a stack-based buffer overflow, which may allow an att...

CVE-2018-403110.0

An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the w...

CVE-2018-2126810.0

The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host parameter. Thi...

CVE-2018-261110.0

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Core Service...