CVE-2018-17929 - In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and prior, multiple stack-based buff

CVE-2018-17929

Summary

In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and prior, multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files lacking user input validation before copying data from project files onto the stack and may allow an attacker to remotely execute arbitrary code.

References

Vulnerable Configurations

cpe:2.3:a:deltaww:tpeditor:1.89:*:*:*:*:*:*:.
cpe:2.3:a:deltaww:tpeditor:1.89:*:*:*:*:*:*:.
cpe:2.3:a:deltaww:tpeditor:1.90:*:*:*:*:*:*:*
cpe:2.3:a:deltaww:tpeditor:1.90:*:*:*:*:*:*:*
cpe:2.3:a:deltaww:tpeditor:1.90:*:*:*:*:*:*:.
cpe:2.3:a:deltaww:tpeditor:1.90:*:*:*:*:*:*:.

CVSS

Base:	6.8 (as of 18-09-2020 - 16:16)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	105682
misc	https://ics-cert.us-cert.gov/advisories/ICSA-18-284-03

Last major update

18-09-2020 - 16:16

Published

11-10-2018 - 22:29

Last modified

18-09-2020 - 16:16