Vulnerabilites related to deltaww - wplsoft
var-201805-1148
Vulnerability from variot
WPLSoft in Delta Electronics versions 2.45.0 and prior writes data from a file outside the bounds of the intended buffer space, which could cause memory corruption or may allow remote code execution. Delta Electronics WPLSoft Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of .dvp files. Crafted data in a .dvp file can trigger an overflow of a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. Delta Industrial Automation is the industry automation vendor for power management and cooling solutions worldwide. WPLSoft and PMSoft are Delta's PLC programming software. Delta Electronics WPLSoft is prone to the following security vulnerabilities: 1. A stack-based buffer-overflow vulnerability 2. A heap-based buffer-overflow vulnerability 3. Delta Industrial WPLSoft Version 2.45.0 and prior versions are vulnerable
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "wplsoft",
"scope": null,
"trust": 2.1,
"vendor": "delta industrial automation",
"version": null
},
{
"_id": null,
"model": "industrial automation wplsoft",
"scope": null,
"trust": 1.8,
"vendor": "delta",
"version": null
},
{
"_id": null,
"model": "industrial automation wplsoft",
"scope": "eq",
"trust": 1.2,
"vendor": "delta",
"version": "*"
},
{
"_id": null,
"model": "wplsoft",
"scope": "lte",
"trust": 1.0,
"vendor": "deltaww",
"version": "2.45.0"
},
{
"_id": null,
"model": "wplsoft",
"scope": "lte",
"trust": 0.8,
"vendor": "delta",
"version": "2.45.0"
},
{
"_id": null,
"model": "electronics wplsoft",
"scope": "lte",
"trust": 0.6,
"vendor": "delta",
"version": "\u003c=2.45.0"
},
{
"_id": null,
"model": "wplsoft",
"scope": "eq",
"trust": 0.6,
"vendor": "deltaww",
"version": "2.45.0"
},
{
"_id": null,
"model": "electronics inc wplsoft",
"scope": "eq",
"trust": 0.3,
"vendor": "delta",
"version": "2.45.0"
},
{
"_id": null,
"model": "electronics inc wplsoft",
"scope": "eq",
"trust": 0.3,
"vendor": "delta",
"version": "2.42.11"
},
{
"_id": null,
"model": "electronics inc wplsoft",
"scope": "eq",
"trust": 0.3,
"vendor": "delta",
"version": "2.0"
},
{
"_id": null,
"model": "electronics inc wplsoft",
"scope": "ne",
"trust": 0.3,
"vendor": "delta",
"version": "2.46.0"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wplsoft",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2ff16f1-39ab-11e9-9e8d-000c29342cb1"
},
{
"db": "IVD",
"id": "bd88bef6-a734-4ab3-b708-493e5939c42c"
},
{
"db": "IVD",
"id": "9b0290fd-5208-4c4d-be64-9b123c16f26e"
},
{
"db": "IVD",
"id": "c3d16b7a-9f9a-4e2c-b16b-7a6bbe22e631"
},
{
"db": "IVD",
"id": "e300014f-39ab-11e9-ae3c-000c29342cb1"
},
{
"db": "IVD",
"id": "e2ff8c23-39ab-11e9-a10f-000c29342cb1"
},
{
"db": "IVD",
"id": "e2ffda40-39ab-11e9-aced-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-17-701"
},
{
"db": "ZDI",
"id": "ZDI-17-700"
},
{
"db": "ZDI",
"id": "ZDI-17-697"
},
{
"db": "CNVD",
"id": "CNVD-2017-22819"
},
{
"db": "CNVD",
"id": "CNVD-2017-22816"
},
{
"db": "CNVD",
"id": "CNVD-2018-03766"
},
{
"db": "CNVD",
"id": "CNVD-2017-22820"
},
{
"db": "BID",
"id": "103179"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004572"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-769"
},
{
"db": "NVD",
"id": "CVE-2018-7509"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:delta_electronics:wplsoft",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004572"
}
]
},
"credits": {
"_id": null,
"data": "axt",
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-701"
},
{
"db": "ZDI",
"id": "ZDI-17-700"
},
{
"db": "ZDI",
"id": "ZDI-17-697"
}
],
"trust": 2.1
},
"cve": "CVE-2018-7509",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7509",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 2.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-7509",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-22819",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-22816",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.7,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-03766",
"impactScore": 9.5,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-22820",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.7,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e2ff16f1-39ab-11e9-9e8d-000c29342cb1",
"impactScore": 9.5,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "bd88bef6-a734-4ab3-b708-493e5939c42c",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "9b0290fd-5208-4c4d-be64-9b123c16f26e",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "c3d16b7a-9f9a-4e2c-b16b-7a6bbe22e631",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e300014f-39ab-11e9-ae3c-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e2ff8c23-39ab-11e9-a10f-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e2ffda40-39ab-11e9-aced-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2018-7509",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2018-7509",
"trust": 2.1,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7509",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-7509",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-22819",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-22816",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-03766",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-22820",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-769",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2ff16f1-39ab-11e9-9e8d-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "bd88bef6-a734-4ab3-b708-493e5939c42c",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "9b0290fd-5208-4c4d-be64-9b123c16f26e",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "c3d16b7a-9f9a-4e2c-b16b-7a6bbe22e631",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e300014f-39ab-11e9-ae3c-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2ff8c23-39ab-11e9-a10f-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2ffda40-39ab-11e9-aced-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2ff16f1-39ab-11e9-9e8d-000c29342cb1"
},
{
"db": "IVD",
"id": "bd88bef6-a734-4ab3-b708-493e5939c42c"
},
{
"db": "IVD",
"id": "9b0290fd-5208-4c4d-be64-9b123c16f26e"
},
{
"db": "IVD",
"id": "c3d16b7a-9f9a-4e2c-b16b-7a6bbe22e631"
},
{
"db": "IVD",
"id": "e300014f-39ab-11e9-ae3c-000c29342cb1"
},
{
"db": "IVD",
"id": "e2ff8c23-39ab-11e9-a10f-000c29342cb1"
},
{
"db": "IVD",
"id": "e2ffda40-39ab-11e9-aced-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-17-701"
},
{
"db": "ZDI",
"id": "ZDI-17-700"
},
{
"db": "ZDI",
"id": "ZDI-17-697"
},
{
"db": "CNVD",
"id": "CNVD-2017-22819"
},
{
"db": "CNVD",
"id": "CNVD-2017-22816"
},
{
"db": "CNVD",
"id": "CNVD-2018-03766"
},
{
"db": "CNVD",
"id": "CNVD-2017-22820"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004572"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-769"
},
{
"db": "NVD",
"id": "CVE-2018-7509"
}
]
},
"description": {
"_id": null,
"data": "WPLSoft in Delta Electronics versions 2.45.0 and prior writes data from a file outside the bounds of the intended buffer space, which could cause memory corruption or may allow remote code execution. Delta Electronics WPLSoft Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of .dvp files. Crafted data in a .dvp file can trigger an overflow of a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. Delta Industrial Automation is the industry automation vendor for power management and cooling solutions worldwide. WPLSoft and PMSoft are Delta\u0027s PLC programming software. Delta Electronics WPLSoft is prone to the following security vulnerabilities:\n1. A stack-based buffer-overflow vulnerability\n2. A heap-based buffer-overflow vulnerability\n3. \nDelta Industrial WPLSoft Version 2.45.0 and prior versions are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7509"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004572"
},
{
"db": "ZDI",
"id": "ZDI-17-701"
},
{
"db": "ZDI",
"id": "ZDI-17-697"
},
{
"db": "ZDI",
"id": "ZDI-17-700"
},
{
"db": "CNVD",
"id": "CNVD-2017-22819"
},
{
"db": "CNVD",
"id": "CNVD-2017-22816"
},
{
"db": "CNVD",
"id": "CNVD-2018-03766"
},
{
"db": "CNVD",
"id": "CNVD-2017-22820"
},
{
"db": "BID",
"id": "103179"
},
{
"db": "IVD",
"id": "e2ff8c23-39ab-11e9-a10f-000c29342cb1"
},
{
"db": "IVD",
"id": "e2ffda40-39ab-11e9-aced-000c29342cb1"
},
{
"db": "IVD",
"id": "e300014f-39ab-11e9-ae3c-000c29342cb1"
},
{
"db": "IVD",
"id": "bd88bef6-a734-4ab3-b708-493e5939c42c"
},
{
"db": "IVD",
"id": "c3d16b7a-9f9a-4e2c-b16b-7a6bbe22e631"
},
{
"db": "IVD",
"id": "9b0290fd-5208-4c4d-be64-9b123c16f26e"
},
{
"db": "IVD",
"id": "e2ff16f1-39ab-11e9-9e8d-000c29342cb1"
}
],
"trust": 7.2
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2018-7509",
"trust": 5.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-058-02",
"trust": 3.3
},
{
"db": "BID",
"id": "103179",
"trust": 1.9
},
{
"db": "ZDI",
"id": "ZDI-17-701",
"trust": 1.3
},
{
"db": "ZDI",
"id": "ZDI-17-700",
"trust": 1.3
},
{
"db": "ZDI",
"id": "ZDI-17-697",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2017-22819",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2017-22820",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2017-22816",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2018-03766",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-769",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004572",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-4435",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-4428",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-4438",
"trust": 0.7
},
{
"db": "IVD",
"id": "E2FF16F1-39AB-11E9-9E8D-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "BD88BEF6-A734-4AB3-B708-493E5939C42C",
"trust": 0.2
},
{
"db": "IVD",
"id": "9B0290FD-5208-4C4D-BE64-9B123C16F26E",
"trust": 0.2
},
{
"db": "IVD",
"id": "C3D16B7A-9F9A-4E2C-B16B-7A6BBE22E631",
"trust": 0.2
},
{
"db": "IVD",
"id": "E300014F-39AB-11E9-AE3C-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "E2FF8C23-39AB-11E9-A10F-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "E2FFDA40-39AB-11E9-ACED-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2ff16f1-39ab-11e9-9e8d-000c29342cb1"
},
{
"db": "IVD",
"id": "bd88bef6-a734-4ab3-b708-493e5939c42c"
},
{
"db": "IVD",
"id": "9b0290fd-5208-4c4d-be64-9b123c16f26e"
},
{
"db": "IVD",
"id": "c3d16b7a-9f9a-4e2c-b16b-7a6bbe22e631"
},
{
"db": "IVD",
"id": "e300014f-39ab-11e9-ae3c-000c29342cb1"
},
{
"db": "IVD",
"id": "e2ff8c23-39ab-11e9-a10f-000c29342cb1"
},
{
"db": "IVD",
"id": "e2ffda40-39ab-11e9-aced-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-17-701"
},
{
"db": "ZDI",
"id": "ZDI-17-700"
},
{
"db": "ZDI",
"id": "ZDI-17-697"
},
{
"db": "CNVD",
"id": "CNVD-2017-22819"
},
{
"db": "CNVD",
"id": "CNVD-2017-22816"
},
{
"db": "CNVD",
"id": "CNVD-2018-03766"
},
{
"db": "CNVD",
"id": "CNVD-2017-22820"
},
{
"db": "BID",
"id": "103179"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004572"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-769"
},
{
"db": "NVD",
"id": "CVE-2018-7509"
}
]
},
"id": "VAR-201805-1148",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2ff16f1-39ab-11e9-9e8d-000c29342cb1"
},
{
"db": "IVD",
"id": "bd88bef6-a734-4ab3-b708-493e5939c42c"
},
{
"db": "IVD",
"id": "9b0290fd-5208-4c4d-be64-9b123c16f26e"
},
{
"db": "IVD",
"id": "c3d16b7a-9f9a-4e2c-b16b-7a6bbe22e631"
},
{
"db": "IVD",
"id": "e300014f-39ab-11e9-ae3c-000c29342cb1"
},
{
"db": "IVD",
"id": "e2ff8c23-39ab-11e9-a10f-000c29342cb1"
},
{
"db": "IVD",
"id": "e2ffda40-39ab-11e9-aced-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-22819"
},
{
"db": "CNVD",
"id": "CNVD-2017-22816"
},
{
"db": "CNVD",
"id": "CNVD-2018-03766"
},
{
"db": "CNVD",
"id": "CNVD-2017-22820"
}
],
"trust": 4.716666666666667
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 3.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2ff16f1-39ab-11e9-9e8d-000c29342cb1"
},
{
"db": "IVD",
"id": "bd88bef6-a734-4ab3-b708-493e5939c42c"
},
{
"db": "IVD",
"id": "9b0290fd-5208-4c4d-be64-9b123c16f26e"
},
{
"db": "IVD",
"id": "c3d16b7a-9f9a-4e2c-b16b-7a6bbe22e631"
},
{
"db": "IVD",
"id": "e300014f-39ab-11e9-ae3c-000c29342cb1"
},
{
"db": "IVD",
"id": "e2ff8c23-39ab-11e9-a10f-000c29342cb1"
},
{
"db": "IVD",
"id": "e2ffda40-39ab-11e9-aced-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-22819"
},
{
"db": "CNVD",
"id": "CNVD-2017-22816"
},
{
"db": "CNVD",
"id": "CNVD-2018-03766"
},
{
"db": "CNVD",
"id": "CNVD-2017-22820"
}
]
},
"last_update_date": "2024-11-23T21:53:07.271000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Delta Industrial Automation has issued an update to correct this vulnerability. This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.02/01/17 - ZDI disclosed reports to ICS-CERT02/07/17 - ICS-CERT provided ZDI with an ICS-VU # ICS-VU-97456803/16/17 - ICS-CERT asked ZDI questions about reproduction03/27/17 - ICS-CERT asked ZDI again some questions about reproduction06/07/17 - ICS-CERT offered ZDI a pre-release patch to test06/07/17 - ZDI replied that we cannot do the testing for the vendor07/20/17 - ZDI sent a mail to ICS-CERT asking the status07/26/17 - ICS-CERT advised that the vendor has a new version they believe addressed the reports (though to ZDI knowledge, no advisory was released)08/02/17 - ZDI advised ICS-CERT that our finder indicated that the vulnerabilities are still present08/11/17 - ZDI wrote ICS-CERT to indicate the intention to move these reports to 0-day on 8/24-- Mitigation:Given the nature of the vulnerability the only salient mitigation strategy is to restrict interaction with the application to trusted files.",
"trust": 2.1,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-02"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.deltaww.com/"
},
{
"title": "Delta Industrial Automation WPLSoft dvp file border write vulnerability (CNVD-2017-228198) patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/143673"
},
{
"title": "Patch for Delta Industrial Automation WPLSoft dvp File Buffer Buffer Overflow Vulnerability (CNVD-2017-228165)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/143667"
},
{
"title": "Delta Electronics WPLSoft cross-border write vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/119163"
},
{
"title": "Delta Industrial Automation WPLSoft dvp file cross-boundary write vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/143675"
},
{
"title": "Delta Electronics WPLSoft Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79355"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-701"
},
{
"db": "ZDI",
"id": "ZDI-17-700"
},
{
"db": "ZDI",
"id": "ZDI-17-697"
},
{
"db": "CNVD",
"id": "CNVD-2017-22819"
},
{
"db": "CNVD",
"id": "CNVD-2017-22816"
},
{
"db": "CNVD",
"id": "CNVD-2018-03766"
},
{
"db": "CNVD",
"id": "CNVD-2017-22820"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004572"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-769"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-787",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004572"
},
{
"db": "NVD",
"id": "CVE-2018-7509"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 5.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-058-02"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/103179"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7509"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7509"
},
{
"trust": 0.6,
"url": "http://www.zerodayinitiative.com/advisories/zdi-17-700/"
},
{
"trust": 0.6,
"url": "http://www.zerodayinitiative.com/advisories/zdi-17-697/"
},
{
"trust": 0.6,
"url": "http://www.zerodayinitiative.com/advisories/zdi-17-701/"
},
{
"trust": 0.3,
"url": "http://www.deltaww.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-701"
},
{
"db": "ZDI",
"id": "ZDI-17-700"
},
{
"db": "ZDI",
"id": "ZDI-17-697"
},
{
"db": "CNVD",
"id": "CNVD-2017-22819"
},
{
"db": "CNVD",
"id": "CNVD-2017-22816"
},
{
"db": "CNVD",
"id": "CNVD-2018-03766"
},
{
"db": "CNVD",
"id": "CNVD-2017-22820"
},
{
"db": "BID",
"id": "103179"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004572"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-769"
},
{
"db": "NVD",
"id": "CVE-2018-7509"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "e2ff16f1-39ab-11e9-9e8d-000c29342cb1",
"ident": null
},
{
"db": "IVD",
"id": "bd88bef6-a734-4ab3-b708-493e5939c42c",
"ident": null
},
{
"db": "IVD",
"id": "9b0290fd-5208-4c4d-be64-9b123c16f26e",
"ident": null
},
{
"db": "IVD",
"id": "c3d16b7a-9f9a-4e2c-b16b-7a6bbe22e631",
"ident": null
},
{
"db": "IVD",
"id": "e300014f-39ab-11e9-ae3c-000c29342cb1",
"ident": null
},
{
"db": "IVD",
"id": "e2ff8c23-39ab-11e9-a10f-000c29342cb1",
"ident": null
},
{
"db": "IVD",
"id": "e2ffda40-39ab-11e9-aced-000c29342cb1",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-17-701",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-17-700",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-17-697",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2017-22819",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2017-22816",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2018-03766",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2017-22820",
"ident": null
},
{
"db": "BID",
"id": "103179",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004572",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201803-769",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2018-7509",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2018-02-28T00:00:00",
"db": "IVD",
"id": "e2ff16f1-39ab-11e9-9e8d-000c29342cb1",
"ident": null
},
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "bd88bef6-a734-4ab3-b708-493e5939c42c",
"ident": null
},
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "9b0290fd-5208-4c4d-be64-9b123c16f26e",
"ident": null
},
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "c3d16b7a-9f9a-4e2c-b16b-7a6bbe22e631",
"ident": null
},
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "e300014f-39ab-11e9-ae3c-000c29342cb1",
"ident": null
},
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "e2ff8c23-39ab-11e9-a10f-000c29342cb1",
"ident": null
},
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "e2ffda40-39ab-11e9-aced-000c29342cb1",
"ident": null
},
{
"date": "2017-08-24T00:00:00",
"db": "ZDI",
"id": "ZDI-17-701",
"ident": null
},
{
"date": "2017-08-24T00:00:00",
"db": "ZDI",
"id": "ZDI-17-700",
"ident": null
},
{
"date": "2017-08-24T00:00:00",
"db": "ZDI",
"id": "ZDI-17-697",
"ident": null
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22819",
"ident": null
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22816",
"ident": null
},
{
"date": "2018-02-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-03766",
"ident": null
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22820",
"ident": null
},
{
"date": "2018-02-27T00:00:00",
"db": "BID",
"id": "103179",
"ident": null
},
{
"date": "2018-06-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004572",
"ident": null
},
{
"date": "2018-03-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-769",
"ident": null
},
{
"date": "2018-05-04T19:29:00.360000",
"db": "NVD",
"id": "CVE-2018-7509",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2018-03-28T00:00:00",
"db": "ZDI",
"id": "ZDI-17-701",
"ident": null
},
{
"date": "2018-03-28T00:00:00",
"db": "ZDI",
"id": "ZDI-17-700",
"ident": null
},
{
"date": "2018-03-28T00:00:00",
"db": "ZDI",
"id": "ZDI-17-697",
"ident": null
},
{
"date": "2018-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22819",
"ident": null
},
{
"date": "2018-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22816",
"ident": null
},
{
"date": "2018-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-03766",
"ident": null
},
{
"date": "2018-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22820",
"ident": null
},
{
"date": "2018-02-27T00:00:00",
"db": "BID",
"id": "103179",
"ident": null
},
{
"date": "2018-06-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004572",
"ident": null
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-769",
"ident": null
},
{
"date": "2024-11-21T04:12:16.097000",
"db": "NVD",
"id": "CVE-2018-7509",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-769"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "(0Day) Delta Industrial Automation WPLSoft dvp File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-701"
},
{
"db": "ZDI",
"id": "ZDI-17-700"
}
],
"trust": 1.4
},
"type": {
"_id": null,
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "e2ff16f1-39ab-11e9-9e8d-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-769"
}
],
"trust": 0.8
}
}
var-201805-1140
Vulnerability from variot
WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length stack buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash. Delta Electronics WPLSoft Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft and Delta Industrial Automation ISPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of dvp files. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of current process. Delta Industrial Automation is the industry automation vendor for power management and cooling solutions worldwide. The length of the data provided by the user was not properly verified. WPLSoft (Delta PLC programming software) is a PLC program programming software used by Delta Electronics in the WINDOWS operating system environment. Delta Electronics WPLSoft has a stack buffer overflow vulnerability. The application uses a fixed-length heap buffer. Execute or cause the application to crash. A stack-based buffer-overflow vulnerability 2. A heap-based buffer-overflow vulnerability 3
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-1140",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wplsoft",
"scope": "lte",
"trust": 1.0,
"vendor": "deltaww",
"version": "2.45.0"
},
{
"model": "wplsoft",
"scope": "lte",
"trust": 0.8,
"vendor": "delta",
"version": "2.45.0"
},
{
"model": "wplsoft",
"scope": null,
"trust": 0.7,
"vendor": "delta industrial automation",
"version": null
},
{
"model": "industrial automation wplsoft",
"scope": null,
"trust": 0.6,
"vendor": "delta",
"version": null
},
{
"model": "electronics wplsoft",
"scope": "lte",
"trust": 0.6,
"vendor": "delta",
"version": "\u003c=2.45.0"
},
{
"model": "wplsoft",
"scope": "eq",
"trust": 0.6,
"vendor": "deltaww",
"version": "2.45.0"
},
{
"model": "industrial automation wplsoft",
"scope": "eq",
"trust": 0.4,
"vendor": "delta",
"version": "*"
},
{
"model": "electronics inc wplsoft",
"scope": "eq",
"trust": 0.3,
"vendor": "delta",
"version": "2.45.0"
},
{
"model": "electronics inc wplsoft",
"scope": "eq",
"trust": 0.3,
"vendor": "delta",
"version": "2.42.11"
},
{
"model": "electronics inc wplsoft",
"scope": "eq",
"trust": 0.3,
"vendor": "delta",
"version": "2.0"
},
{
"model": "electronics inc wplsoft",
"scope": "ne",
"trust": 0.3,
"vendor": "delta",
"version": "2.46.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wplsoft",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e3004f6f-39ab-11e9-b569-000c29342cb1"
},
{
"db": "IVD",
"id": "117014c0-b059-4ede-9515-daf57ae2fdf1"
},
{
"db": "IVD",
"id": "e2ffb331-39ab-11e9-9c2e-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-17-698"
},
{
"db": "CNVD",
"id": "CNVD-2017-22817"
},
{
"db": "CNVD",
"id": "CNVD-2018-03767"
},
{
"db": "BID",
"id": "103179"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004570"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-767"
},
{
"db": "NVD",
"id": "CVE-2018-7494"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:delta_electronics:wplsoft",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004570"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "axt",
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-698"
}
],
"trust": 0.7
},
"cve": "CVE-2018-7494",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-7494",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7494",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-22817",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.7,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-03767",
"impactScore": 9.5,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.7,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e3004f6f-39ab-11e9-b569-000c29342cb1",
"impactScore": 9.5,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "117014c0-b059-4ede-9515-daf57ae2fdf1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e2ffb331-39ab-11e9-9c2e-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2018-7494",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7494",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-7494",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2018-7494",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-22817",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-03767",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-767",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e3004f6f-39ab-11e9-b569-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "117014c0-b059-4ede-9515-daf57ae2fdf1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2ffb331-39ab-11e9-9c2e-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e3004f6f-39ab-11e9-b569-000c29342cb1"
},
{
"db": "IVD",
"id": "117014c0-b059-4ede-9515-daf57ae2fdf1"
},
{
"db": "IVD",
"id": "e2ffb331-39ab-11e9-9c2e-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-17-698"
},
{
"db": "CNVD",
"id": "CNVD-2017-22817"
},
{
"db": "CNVD",
"id": "CNVD-2018-03767"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004570"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-767"
},
{
"db": "NVD",
"id": "CVE-2018-7494"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length stack buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash. Delta Electronics WPLSoft Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft and Delta Industrial Automation ISPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of dvp files. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of current process. Delta Industrial Automation is the industry automation vendor for power management and cooling solutions worldwide. The length of the data provided by the user was not properly verified. WPLSoft (Delta PLC programming software) is a PLC program programming software used by Delta Electronics in the WINDOWS operating system environment. Delta Electronics WPLSoft has a stack buffer overflow vulnerability. The application uses a fixed-length heap buffer. Execute or cause the application to crash. A stack-based buffer-overflow vulnerability\n2. A heap-based buffer-overflow vulnerability\n3",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7494"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004570"
},
{
"db": "ZDI",
"id": "ZDI-17-698"
},
{
"db": "CNVD",
"id": "CNVD-2017-22817"
},
{
"db": "CNVD",
"id": "CNVD-2018-03767"
},
{
"db": "BID",
"id": "103179"
},
{
"db": "IVD",
"id": "e3004f6f-39ab-11e9-b569-000c29342cb1"
},
{
"db": "IVD",
"id": "117014c0-b059-4ede-9515-daf57ae2fdf1"
},
{
"db": "IVD",
"id": "e2ffb331-39ab-11e9-9c2e-000c29342cb1"
}
],
"trust": 4.14
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7494",
"trust": 4.2
},
{
"db": "ICS CERT",
"id": "ICSA-18-058-02",
"trust": 3.3
},
{
"db": "BID",
"id": "103179",
"trust": 1.9
},
{
"db": "ZDI",
"id": "ZDI-17-698",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2017-22817",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2018-03767",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-767",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004570",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3917",
"trust": 0.7
},
{
"db": "IVD",
"id": "E3004F6F-39AB-11E9-B569-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "117014C0-B059-4EDE-9515-DAF57AE2FDF1",
"trust": 0.2
},
{
"db": "IVD",
"id": "E2FFB331-39AB-11E9-9C2E-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e3004f6f-39ab-11e9-b569-000c29342cb1"
},
{
"db": "IVD",
"id": "117014c0-b059-4ede-9515-daf57ae2fdf1"
},
{
"db": "IVD",
"id": "e2ffb331-39ab-11e9-9c2e-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-17-698"
},
{
"db": "CNVD",
"id": "CNVD-2017-22817"
},
{
"db": "CNVD",
"id": "CNVD-2018-03767"
},
{
"db": "BID",
"id": "103179"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004570"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-767"
},
{
"db": "NVD",
"id": "CVE-2018-7494"
}
]
},
"id": "VAR-201805-1140",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e3004f6f-39ab-11e9-b569-000c29342cb1"
},
{
"db": "IVD",
"id": "117014c0-b059-4ede-9515-daf57ae2fdf1"
},
{
"db": "IVD",
"id": "e2ffb331-39ab-11e9-9c2e-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-22817"
},
{
"db": "CNVD",
"id": "CNVD-2018-03767"
}
],
"trust": 2.716666666666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.8
}
],
"sources": [
{
"db": "IVD",
"id": "e3004f6f-39ab-11e9-b569-000c29342cb1"
},
{
"db": "IVD",
"id": "117014c0-b059-4ede-9515-daf57ae2fdf1"
},
{
"db": "IVD",
"id": "e2ffb331-39ab-11e9-9c2e-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-22817"
},
{
"db": "CNVD",
"id": "CNVD-2018-03767"
}
]
},
"last_update_date": "2024-11-23T21:53:07.116000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.deltaww.com/"
},
{
"title": "Delta Industrial Automation has issued an update to correct this vulnerability. This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.02/01/17 - ZDI disclosed reports to ICS-CERT02/07/17 - ICS-CERT provided ZDI with an ICS-VU # ICS-VU-97456803/16/17 - ICS-CERT asked ZDI questions about reproduction03/27/17 - ICS-CERT asked ZDI again some questions about reproduction06/07/17 - ICS-CERT offered ZDI a pre-release patch to test06/07/17 - ZDI replied that we cannot do the testing for the vendor07/20/17 - ZDI sent a mail to ICS-CERT asking the status07/26/17 - ICS-CERT advised that the vendor has a new version they believe addressed the reports (though to ZDI knowledge, no advisory was released)08/02/17 - ZDI advised ICS-CERT that our finder indicated that the vulnerabilities are still present08/11/17 - ZDI wrote ICS-CERT to indicate the intention to move these reports to 0-day on 8/24-- Mitigation:Given the nature of the vulnerability the only salient mitigation strategy is to restrict interaction with the application to trusted files.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-02"
},
{
"title": "Delta Industrial Automation WPLSoft Stack Buffer Overflow Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/143669"
},
{
"title": "Patch for Delta Electronics WPLSoft Stack Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/119167"
},
{
"title": "Delta Electronics WPLSoft Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79353"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-698"
},
{
"db": "CNVD",
"id": "CNVD-2017-22817"
},
{
"db": "CNVD",
"id": "CNVD-2018-03767"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004570"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-767"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
},
{
"problemtype": "CWE-121",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004570"
},
{
"db": "NVD",
"id": "CVE-2018-7494"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-058-02"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/103179"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7494"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7494"
},
{
"trust": 0.6,
"url": "http://www.zerodayinitiative.com/advisories/zdi-17-698/"
},
{
"trust": 0.3,
"url": "http://www.deltaww.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-698"
},
{
"db": "CNVD",
"id": "CNVD-2017-22817"
},
{
"db": "CNVD",
"id": "CNVD-2018-03767"
},
{
"db": "BID",
"id": "103179"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004570"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-767"
},
{
"db": "NVD",
"id": "CVE-2018-7494"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e3004f6f-39ab-11e9-b569-000c29342cb1"
},
{
"db": "IVD",
"id": "117014c0-b059-4ede-9515-daf57ae2fdf1"
},
{
"db": "IVD",
"id": "e2ffb331-39ab-11e9-9c2e-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-17-698"
},
{
"db": "CNVD",
"id": "CNVD-2017-22817"
},
{
"db": "CNVD",
"id": "CNVD-2018-03767"
},
{
"db": "BID",
"id": "103179"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004570"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-767"
},
{
"db": "NVD",
"id": "CVE-2018-7494"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-28T00:00:00",
"db": "IVD",
"id": "e3004f6f-39ab-11e9-b569-000c29342cb1"
},
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "117014c0-b059-4ede-9515-daf57ae2fdf1"
},
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "e2ffb331-39ab-11e9-9c2e-000c29342cb1"
},
{
"date": "2017-08-24T00:00:00",
"db": "ZDI",
"id": "ZDI-17-698"
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22817"
},
{
"date": "2018-02-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-03767"
},
{
"date": "2018-02-27T00:00:00",
"db": "BID",
"id": "103179"
},
{
"date": "2018-06-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004570"
},
{
"date": "2018-03-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-767"
},
{
"date": "2018-05-04T19:29:00.237000",
"db": "NVD",
"id": "CVE-2018-7494"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-28T00:00:00",
"db": "ZDI",
"id": "ZDI-17-698"
},
{
"date": "2018-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22817"
},
{
"date": "2018-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-03767"
},
{
"date": "2018-02-27T00:00:00",
"db": "BID",
"id": "103179"
},
{
"date": "2018-06-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004570"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-767"
},
{
"date": "2024-11-21T04:12:14.513000",
"db": "NVD",
"id": "CVE-2018-7494"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-767"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta Electronics WPLSoft Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004570"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-767"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "e3004f6f-39ab-11e9-b569-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-767"
}
],
"trust": 0.8
}
}
var-201805-1147
Vulnerability from variot
WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length heap buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash. Delta Electronics WPLSoft Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of dvp files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. Delta Industrial Automation is the industry automation vendor for power management and cooling solutions worldwide. The length of the data provided by the user is not verified. WPLSoft (Delta PLC programming software) is a PLC program programming software used by Delta Electronics in the WINDOWS operating system environment. Delta Electronics WPLSoft has a heap buffer overflow vulnerability. Execute or cause the application to crash. A stack-based buffer-overflow vulnerability 2. A heap-based buffer-overflow vulnerability 3. Delta Industrial WPLSoft Version 2.45.0 and prior versions are vulnerable
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "wplsoft",
"scope": null,
"trust": 3.5,
"vendor": "delta industrial automation",
"version": null
},
{
"_id": null,
"model": "industrial automation wplsoft",
"scope": null,
"trust": 1.2,
"vendor": "delta",
"version": null
},
{
"_id": null,
"model": "wplsoft",
"scope": "lte",
"trust": 1.0,
"vendor": "deltaww",
"version": "2.45.0"
},
{
"_id": null,
"model": "electronics wplsoft",
"scope": "lte",
"trust": 0.8,
"vendor": "delta",
"version": "\u003c=2.45.0"
},
{
"_id": null,
"model": "industrial automation wplsoft",
"scope": "eq",
"trust": 0.8,
"vendor": "delta",
"version": "*"
},
{
"_id": null,
"model": "wplsoft",
"scope": "lte",
"trust": 0.8,
"vendor": "delta",
"version": "2.45.0"
},
{
"_id": null,
"model": "wplsoft",
"scope": "eq",
"trust": 0.6,
"vendor": "deltaww",
"version": "2.45.0"
},
{
"_id": null,
"model": "electronics inc wplsoft",
"scope": "eq",
"trust": 0.3,
"vendor": "delta",
"version": "2.45.0"
},
{
"_id": null,
"model": "electronics inc wplsoft",
"scope": "eq",
"trust": 0.3,
"vendor": "delta",
"version": "2.42.11"
},
{
"_id": null,
"model": "electronics inc wplsoft",
"scope": "eq",
"trust": 0.3,
"vendor": "delta",
"version": "2.0"
},
{
"_id": null,
"model": "electronics inc wplsoft",
"scope": "ne",
"trust": 0.3,
"vendor": "delta",
"version": "2.46.0"
}
],
"sources": [
{
"db": "IVD",
"id": "e3004f6e-39ab-11e9-a5a2-000c29342cb1"
},
{
"db": "IVD",
"id": "e3000150-39ab-11e9-9ca4-000c29342cb1"
},
{
"db": "IVD",
"id": "e4e1f909-5d49-466d-ac98-cdbbb329c50d"
},
{
"db": "IVD",
"id": "e8dd53be-8850-484e-ab8a-bc308c7f1c64"
},
{
"db": "IVD",
"id": "e300285e-39ab-11e9-83a1-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-17-705"
},
{
"db": "ZDI",
"id": "ZDI-17-703"
},
{
"db": "ZDI",
"id": "ZDI-17-704"
},
{
"db": "ZDI",
"id": "ZDI-17-699"
},
{
"db": "ZDI",
"id": "ZDI-17-702"
},
{
"db": "CNVD",
"id": "CNVD-2017-22821"
},
{
"db": "CNVD",
"id": "CNVD-2017-22824"
},
{
"db": "CNVD",
"id": "CNVD-2018-03768"
},
{
"db": "BID",
"id": "103179"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004571"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-768"
},
{
"db": "NVD",
"id": "CVE-2018-7507"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:delta_electronics:wplsoft",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004571"
}
]
},
"credits": {
"_id": null,
"data": "axt",
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-705"
},
{
"db": "ZDI",
"id": "ZDI-17-703"
},
{
"db": "ZDI",
"id": "ZDI-17-704"
},
{
"db": "ZDI",
"id": "ZDI-17-699"
},
{
"db": "ZDI",
"id": "ZDI-17-702"
}
],
"trust": 3.5
},
"cve": "CVE-2018-7507",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-7507",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 3.3,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7507",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 1.4,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CVE-2018-7507",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-22821",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-22824",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.7,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-03768",
"impactScore": 9.5,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.7,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e3004f6e-39ab-11e9-a5a2-000c29342cb1",
"impactScore": 9.5,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e3000150-39ab-11e9-9ca4-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e4e1f909-5d49-466d-ac98-cdbbb329c50d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "e8dd53be-8850-484e-ab8a-bc308c7f1c64",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "e300285e-39ab-11e9-83a1-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2018-7507",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2018-7507",
"trust": 2.1,
"value": "MEDIUM"
},
{
"author": "ZDI",
"id": "CVE-2018-7507",
"trust": 1.4,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7507",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-7507",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-22821",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-22824",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-03768",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-768",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e3004f6e-39ab-11e9-a5a2-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e3000150-39ab-11e9-9ca4-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e4e1f909-5d49-466d-ac98-cdbbb329c50d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e8dd53be-8850-484e-ab8a-bc308c7f1c64",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e300285e-39ab-11e9-83a1-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-7507",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e3004f6e-39ab-11e9-a5a2-000c29342cb1"
},
{
"db": "IVD",
"id": "e3000150-39ab-11e9-9ca4-000c29342cb1"
},
{
"db": "IVD",
"id": "e4e1f909-5d49-466d-ac98-cdbbb329c50d"
},
{
"db": "IVD",
"id": "e8dd53be-8850-484e-ab8a-bc308c7f1c64"
},
{
"db": "IVD",
"id": "e300285e-39ab-11e9-83a1-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-17-705"
},
{
"db": "ZDI",
"id": "ZDI-17-703"
},
{
"db": "ZDI",
"id": "ZDI-17-704"
},
{
"db": "ZDI",
"id": "ZDI-17-699"
},
{
"db": "ZDI",
"id": "ZDI-17-702"
},
{
"db": "CNVD",
"id": "CNVD-2017-22821"
},
{
"db": "CNVD",
"id": "CNVD-2017-22824"
},
{
"db": "CNVD",
"id": "CNVD-2018-03768"
},
{
"db": "VULMON",
"id": "CVE-2018-7507"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004571"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-768"
},
{
"db": "NVD",
"id": "CVE-2018-7507"
}
]
},
"description": {
"_id": null,
"data": "WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length heap buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash. Delta Electronics WPLSoft Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of dvp files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. Delta Industrial Automation is the industry automation vendor for power management and cooling solutions worldwide. The length of the data provided by the user is not verified. WPLSoft (Delta PLC programming software) is a PLC program programming software used by Delta Electronics in the WINDOWS operating system environment. Delta Electronics WPLSoft has a heap buffer overflow vulnerability. Execute or cause the application to crash. A stack-based buffer-overflow vulnerability\n2. A heap-based buffer-overflow vulnerability\n3. \nDelta Industrial WPLSoft Version 2.45.0 and prior versions are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7507"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004571"
},
{
"db": "ZDI",
"id": "ZDI-17-703"
},
{
"db": "ZDI",
"id": "ZDI-17-702"
},
{
"db": "ZDI",
"id": "ZDI-17-704"
},
{
"db": "ZDI",
"id": "ZDI-17-699"
},
{
"db": "ZDI",
"id": "ZDI-17-705"
},
{
"db": "CNVD",
"id": "CNVD-2017-22821"
},
{
"db": "CNVD",
"id": "CNVD-2017-22824"
},
{
"db": "CNVD",
"id": "CNVD-2018-03768"
},
{
"db": "BID",
"id": "103179"
},
{
"db": "IVD",
"id": "e300285e-39ab-11e9-83a1-000c29342cb1"
},
{
"db": "IVD",
"id": "e3000150-39ab-11e9-9ca4-000c29342cb1"
},
{
"db": "IVD",
"id": "e8dd53be-8850-484e-ab8a-bc308c7f1c64"
},
{
"db": "IVD",
"id": "e4e1f909-5d49-466d-ac98-cdbbb329c50d"
},
{
"db": "IVD",
"id": "e3004f6e-39ab-11e9-a5a2-000c29342cb1"
},
{
"db": "VULMON",
"id": "CVE-2018-7507"
}
],
"trust": 7.65
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2018-7507",
"trust": 7.1
},
{
"db": "ICS CERT",
"id": "ICSA-18-058-02",
"trust": 3.4
},
{
"db": "BID",
"id": "103179",
"trust": 2.0
},
{
"db": "ZDI",
"id": "ZDI-17-705",
"trust": 1.3
},
{
"db": "ZDI",
"id": "ZDI-17-702",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2017-22821",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2017-22824",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2018-03768",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-768",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004571",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-4442",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-4436",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-703",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-4441",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-704",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-4439",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-699",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-4440",
"trust": 0.7
},
{
"db": "IVD",
"id": "E3004F6E-39AB-11E9-A5A2-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "E3000150-39AB-11E9-9CA4-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "E4E1F909-5D49-466D-AC98-CDBBB329C50D",
"trust": 0.2
},
{
"db": "IVD",
"id": "E8DD53BE-8850-484E-AB8A-BC308C7F1C64",
"trust": 0.2
},
{
"db": "IVD",
"id": "E300285E-39AB-11E9-83A1-000C29342CB1",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2018-7507",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e3004f6e-39ab-11e9-a5a2-000c29342cb1"
},
{
"db": "IVD",
"id": "e3000150-39ab-11e9-9ca4-000c29342cb1"
},
{
"db": "IVD",
"id": "e4e1f909-5d49-466d-ac98-cdbbb329c50d"
},
{
"db": "IVD",
"id": "e8dd53be-8850-484e-ab8a-bc308c7f1c64"
},
{
"db": "IVD",
"id": "e300285e-39ab-11e9-83a1-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-17-705"
},
{
"db": "ZDI",
"id": "ZDI-17-703"
},
{
"db": "ZDI",
"id": "ZDI-17-704"
},
{
"db": "ZDI",
"id": "ZDI-17-699"
},
{
"db": "ZDI",
"id": "ZDI-17-702"
},
{
"db": "CNVD",
"id": "CNVD-2017-22821"
},
{
"db": "CNVD",
"id": "CNVD-2017-22824"
},
{
"db": "CNVD",
"id": "CNVD-2018-03768"
},
{
"db": "VULMON",
"id": "CVE-2018-7507"
},
{
"db": "BID",
"id": "103179"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004571"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-768"
},
{
"db": "NVD",
"id": "CVE-2018-7507"
}
]
},
"id": "VAR-201805-1147",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "e3004f6e-39ab-11e9-a5a2-000c29342cb1"
},
{
"db": "IVD",
"id": "e3000150-39ab-11e9-9ca4-000c29342cb1"
},
{
"db": "IVD",
"id": "e4e1f909-5d49-466d-ac98-cdbbb329c50d"
},
{
"db": "IVD",
"id": "e8dd53be-8850-484e-ab8a-bc308c7f1c64"
},
{
"db": "IVD",
"id": "e300285e-39ab-11e9-83a1-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-22821"
},
{
"db": "CNVD",
"id": "CNVD-2017-22824"
},
{
"db": "CNVD",
"id": "CNVD-2018-03768"
}
],
"trust": 3.7166666666666663
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 2.8
}
],
"sources": [
{
"db": "IVD",
"id": "e3004f6e-39ab-11e9-a5a2-000c29342cb1"
},
{
"db": "IVD",
"id": "e3000150-39ab-11e9-9ca4-000c29342cb1"
},
{
"db": "IVD",
"id": "e4e1f909-5d49-466d-ac98-cdbbb329c50d"
},
{
"db": "IVD",
"id": "e8dd53be-8850-484e-ab8a-bc308c7f1c64"
},
{
"db": "IVD",
"id": "e300285e-39ab-11e9-83a1-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-22821"
},
{
"db": "CNVD",
"id": "CNVD-2017-22824"
},
{
"db": "CNVD",
"id": "CNVD-2018-03768"
}
]
},
"last_update_date": "2024-11-29T22:41:28.661000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Delta Industrial Automation has issued an update to correct this vulnerability. This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.02/01/17 - ZDI disclosed reports to ICS-CERT02/07/17 - ICS-CERT provided ZDI with an ICS-VU # ICS-VU-97456803/16/17 - ICS-CERT asked ZDI questions about reproduction03/27/17 - ICS-CERT asked ZDI again some questions about reproduction06/07/17 - ICS-CERT offered ZDI a pre-release patch to test06/07/17 - ZDI replied that we cannot do the testing for the vendor07/20/17 - ZDI sent a mail to ICS-CERT asking the status07/26/17 - ICS-CERT advised that the vendor has a new version they believe addressed the reports (though to ZDI knowledge, no advisory was released)08/02/17 - ZDI advised ICS-CERT that our finder indicated that the vulnerabilities are still present08/11/17 - ZDI wrote ICS-CERT to indicate the intention to move these reports to 0-day on 8/24-- Mitigation:Given the nature of the vulnerability the only salient mitigation strategy is to restrict interaction with the application to trusted files.",
"trust": 3.5,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-02"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.deltaww.com/"
},
{
"title": "Patch for Delta Industrial Automation WPLSoft dvp File Buffer Buffer Overflow Vulnerability (CNVD-2017-228214)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/143677"
},
{
"title": "Delta Industrial Automation WPLSoft dvp file heap buffer overflow vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/143683"
},
{
"title": "Patch for Delta Electronics WPLSoft Heap Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/119165"
},
{
"title": "Delta Electronics WPLSoft Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79354"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-705"
},
{
"db": "ZDI",
"id": "ZDI-17-703"
},
{
"db": "ZDI",
"id": "ZDI-17-704"
},
{
"db": "ZDI",
"id": "ZDI-17-699"
},
{
"db": "ZDI",
"id": "ZDI-17-702"
},
{
"db": "CNVD",
"id": "CNVD-2017-22821"
},
{
"db": "CNVD",
"id": "CNVD-2017-22824"
},
{
"db": "CNVD",
"id": "CNVD-2018-03768"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004571"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-768"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
},
{
"problemtype": "CWE-122",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004571"
},
{
"db": "NVD",
"id": "CVE-2018-7507"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 7.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-058-02"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/103179"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7507"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7507"
},
{
"trust": 0.6,
"url": "http://www.zerodayinitiative.com/advisories/zdi-17-702/"
},
{
"trust": 0.6,
"url": "http://www.zerodayinitiative.com/advisories/zdi-17-705/"
},
{
"trust": 0.3,
"url": "http://www.deltaww.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-705"
},
{
"db": "ZDI",
"id": "ZDI-17-703"
},
{
"db": "ZDI",
"id": "ZDI-17-704"
},
{
"db": "ZDI",
"id": "ZDI-17-699"
},
{
"db": "ZDI",
"id": "ZDI-17-702"
},
{
"db": "CNVD",
"id": "CNVD-2017-22821"
},
{
"db": "CNVD",
"id": "CNVD-2017-22824"
},
{
"db": "CNVD",
"id": "CNVD-2018-03768"
},
{
"db": "VULMON",
"id": "CVE-2018-7507"
},
{
"db": "BID",
"id": "103179"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004571"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-768"
},
{
"db": "NVD",
"id": "CVE-2018-7507"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "e3004f6e-39ab-11e9-a5a2-000c29342cb1",
"ident": null
},
{
"db": "IVD",
"id": "e3000150-39ab-11e9-9ca4-000c29342cb1",
"ident": null
},
{
"db": "IVD",
"id": "e4e1f909-5d49-466d-ac98-cdbbb329c50d",
"ident": null
},
{
"db": "IVD",
"id": "e8dd53be-8850-484e-ab8a-bc308c7f1c64",
"ident": null
},
{
"db": "IVD",
"id": "e300285e-39ab-11e9-83a1-000c29342cb1",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-17-705",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-17-703",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-17-704",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-17-699",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-17-702",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2017-22821",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2017-22824",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2018-03768",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2018-7507",
"ident": null
},
{
"db": "BID",
"id": "103179",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004571",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201803-768",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2018-7507",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2018-02-28T00:00:00",
"db": "IVD",
"id": "e3004f6e-39ab-11e9-a5a2-000c29342cb1",
"ident": null
},
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "e3000150-39ab-11e9-9ca4-000c29342cb1",
"ident": null
},
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "e4e1f909-5d49-466d-ac98-cdbbb329c50d",
"ident": null
},
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "e8dd53be-8850-484e-ab8a-bc308c7f1c64",
"ident": null
},
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "e300285e-39ab-11e9-83a1-000c29342cb1",
"ident": null
},
{
"date": "2017-08-24T00:00:00",
"db": "ZDI",
"id": "ZDI-17-705",
"ident": null
},
{
"date": "2017-08-24T00:00:00",
"db": "ZDI",
"id": "ZDI-17-703",
"ident": null
},
{
"date": "2017-08-24T00:00:00",
"db": "ZDI",
"id": "ZDI-17-704",
"ident": null
},
{
"date": "2017-08-24T00:00:00",
"db": "ZDI",
"id": "ZDI-17-699",
"ident": null
},
{
"date": "2017-08-24T00:00:00",
"db": "ZDI",
"id": "ZDI-17-702",
"ident": null
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22821",
"ident": null
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22824",
"ident": null
},
{
"date": "2018-02-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-03768",
"ident": null
},
{
"date": "2018-05-04T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7507",
"ident": null
},
{
"date": "2018-02-27T00:00:00",
"db": "BID",
"id": "103179",
"ident": null
},
{
"date": "2018-06-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004571",
"ident": null
},
{
"date": "2018-03-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-768",
"ident": null
},
{
"date": "2018-05-04T19:29:00.313000",
"db": "NVD",
"id": "CVE-2018-7507",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2018-03-28T00:00:00",
"db": "ZDI",
"id": "ZDI-17-705",
"ident": null
},
{
"date": "2018-03-28T00:00:00",
"db": "ZDI",
"id": "ZDI-17-703",
"ident": null
},
{
"date": "2018-03-28T00:00:00",
"db": "ZDI",
"id": "ZDI-17-704",
"ident": null
},
{
"date": "2018-03-28T00:00:00",
"db": "ZDI",
"id": "ZDI-17-699",
"ident": null
},
{
"date": "2018-03-28T00:00:00",
"db": "ZDI",
"id": "ZDI-17-702",
"ident": null
},
{
"date": "2018-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22821",
"ident": null
},
{
"date": "2018-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22824",
"ident": null
},
{
"date": "2018-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-03768",
"ident": null
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7507",
"ident": null
},
{
"date": "2018-02-27T00:00:00",
"db": "BID",
"id": "103179",
"ident": null
},
{
"date": "2018-06-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004571",
"ident": null
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-768",
"ident": null
},
{
"date": "2024-11-21T04:12:15.890000",
"db": "NVD",
"id": "CVE-2018-7507",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-768"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "(0Day) Delta Industrial Automation WPLSoft dvp File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-705"
},
{
"db": "ZDI",
"id": "ZDI-17-703"
},
{
"db": "ZDI",
"id": "ZDI-17-704"
},
{
"db": "ZDI",
"id": "ZDI-17-702"
}
],
"trust": 2.8
},
"type": {
"_id": null,
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "e3004f6e-39ab-11e9-a5a2-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-768"
}
],
"trust": 0.8
}
}
CVE-2018-7507 (GCVE-0-2018-7507)
Vulnerability from cvelistv5
Published
2018-05-04 19:00
Modified
2024-09-16 17:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - HEAP-BASED BUFFER OVERFLOW
Summary
WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length heap buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/103179 | vdb-entry, x_refsource_BID | |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-058-02 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ICS-CERT | Delta Electronics WPLSoft |
Version: WPLSoft, Versions 2.45.0 and prior. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:04.137Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103179",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103179"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Delta Electronics WPLSoft",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "WPLSoft, Versions 2.45.0 and prior."
}
]
}
],
"datePublic": "2018-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length heap buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "HEAP-BASED BUFFER OVERFLOW CWE-122",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-05T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "103179",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103179"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-02-27T00:00:00",
"ID": "CVE-2018-7507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Delta Electronics WPLSoft",
"version": {
"version_data": [
{
"version_value": "WPLSoft, Versions 2.45.0 and prior."
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length heap buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HEAP-BASED BUFFER OVERFLOW CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103179",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103179"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-7507",
"datePublished": "2018-05-04T19:00:00Z",
"dateReserved": "2018-02-26T00:00:00",
"dateUpdated": "2024-09-16T17:43:16.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7509 (GCVE-0-2018-7509)
Vulnerability from cvelistv5
Published
2018-05-04 19:00
Modified
2024-09-16 18:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - OUT-OF-BOUNDS WRITE
Summary
WPLSoft in Delta Electronics versions 2.45.0 and prior writes data from a file outside the bounds of the intended buffer space, which could cause memory corruption or may allow remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/103179 | vdb-entry, x_refsource_BID | |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-058-02 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ICS-CERT | Delta Electronics WPLSoft |
Version: WPLSoft, Versions 2.45.0 and prior. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:04.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103179",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103179"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Delta Electronics WPLSoft",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "WPLSoft, Versions 2.45.0 and prior."
}
]
}
],
"datePublic": "2018-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WPLSoft in Delta Electronics versions 2.45.0 and prior writes data from a file outside the bounds of the intended buffer space, which could cause memory corruption or may allow remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "OUT-OF-BOUNDS WRITE CWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-05T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "103179",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103179"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-02-27T00:00:00",
"ID": "CVE-2018-7509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Delta Electronics WPLSoft",
"version": {
"version_data": [
{
"version_value": "WPLSoft, Versions 2.45.0 and prior."
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WPLSoft in Delta Electronics versions 2.45.0 and prior writes data from a file outside the bounds of the intended buffer space, which could cause memory corruption or may allow remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OUT-OF-BOUNDS WRITE CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103179",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103179"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-7509",
"datePublished": "2018-05-04T19:00:00Z",
"dateReserved": "2018-02-26T00:00:00",
"dateUpdated": "2024-09-16T18:23:50.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5460 (GCVE-0-2023-5460)
Vulnerability from cvelistv5
Published
2023-10-09 19:00
Modified
2024-08-02 07:59
Severity ?
3.5 (Low) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3.5 (Low) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3.5 (Low) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
A vulnerability was found in Delta Electronics WPLSoft up to 2.51 and classified as problematic. This issue affects some unknown processing of the component Modbus Data Packet Handler. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241583. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.241583 | vdb-entry | |
| https://vuldb.com/?ctiid.241583 | signature, permissions-required | |
| https://drive.google.com/drive/folders/1oYxs_KxK4Ftd7OsexGk6upkxhJ3-m8M3 | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Delta Electronics | WPLSoft |
Version: 2.0 Version: 2.1 Version: 2.2 Version: 2.3 Version: 2.4 Version: 2.5 Version: 2.6 Version: 2.7 Version: 2.8 Version: 2.9 Version: 2.10 Version: 2.11 Version: 2.12 Version: 2.13 Version: 2.14 Version: 2.15 Version: 2.16 Version: 2.17 Version: 2.18 Version: 2.19 Version: 2.20 Version: 2.21 Version: 2.22 Version: 2.23 Version: 2.24 Version: 2.25 Version: 2.26 Version: 2.27 Version: 2.28 Version: 2.29 Version: 2.30 Version: 2.31 Version: 2.32 Version: 2.33 Version: 2.34 Version: 2.35 Version: 2.36 Version: 2.37 Version: 2.38 Version: 2.39 Version: 2.40 Version: 2.41 Version: 2.42 Version: 2.43 Version: 2.44 Version: 2.45 Version: 2.46 Version: 2.47 Version: 2.48 Version: 2.49 Version: 2.50 Version: 2.51 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.241583"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.241583"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://drive.google.com/drive/folders/1oYxs_KxK4Ftd7OsexGk6upkxhJ3-m8M3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Modbus Data Packet Handler"
],
"product": "WPLSoft",
"vendor": "Delta Electronics",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
},
{
"status": "affected",
"version": "2.3"
},
{
"status": "affected",
"version": "2.4"
},
{
"status": "affected",
"version": "2.5"
},
{
"status": "affected",
"version": "2.6"
},
{
"status": "affected",
"version": "2.7"
},
{
"status": "affected",
"version": "2.8"
},
{
"status": "affected",
"version": "2.9"
},
{
"status": "affected",
"version": "2.10"
},
{
"status": "affected",
"version": "2.11"
},
{
"status": "affected",
"version": "2.12"
},
{
"status": "affected",
"version": "2.13"
},
{
"status": "affected",
"version": "2.14"
},
{
"status": "affected",
"version": "2.15"
},
{
"status": "affected",
"version": "2.16"
},
{
"status": "affected",
"version": "2.17"
},
{
"status": "affected",
"version": "2.18"
},
{
"status": "affected",
"version": "2.19"
},
{
"status": "affected",
"version": "2.20"
},
{
"status": "affected",
"version": "2.21"
},
{
"status": "affected",
"version": "2.22"
},
{
"status": "affected",
"version": "2.23"
},
{
"status": "affected",
"version": "2.24"
},
{
"status": "affected",
"version": "2.25"
},
{
"status": "affected",
"version": "2.26"
},
{
"status": "affected",
"version": "2.27"
},
{
"status": "affected",
"version": "2.28"
},
{
"status": "affected",
"version": "2.29"
},
{
"status": "affected",
"version": "2.30"
},
{
"status": "affected",
"version": "2.31"
},
{
"status": "affected",
"version": "2.32"
},
{
"status": "affected",
"version": "2.33"
},
{
"status": "affected",
"version": "2.34"
},
{
"status": "affected",
"version": "2.35"
},
{
"status": "affected",
"version": "2.36"
},
{
"status": "affected",
"version": "2.37"
},
{
"status": "affected",
"version": "2.38"
},
{
"status": "affected",
"version": "2.39"
},
{
"status": "affected",
"version": "2.40"
},
{
"status": "affected",
"version": "2.41"
},
{
"status": "affected",
"version": "2.42"
},
{
"status": "affected",
"version": "2.43"
},
{
"status": "affected",
"version": "2.44"
},
{
"status": "affected",
"version": "2.45"
},
{
"status": "affected",
"version": "2.46"
},
{
"status": "affected",
"version": "2.47"
},
{
"status": "affected",
"version": "2.48"
},
{
"status": "affected",
"version": "2.49"
},
{
"status": "affected",
"version": "2.50"
},
{
"status": "affected",
"version": "2.51"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Delta Electronics WPLSoft up to 2.51 and classified as problematic. This issue affects some unknown processing of the component Modbus Data Packet Handler. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241583. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in Delta Electronics WPLSoft bis 2.51 gefunden. Betroffen davon ist ein unbekannter Prozess der Komponente Modbus Data Packet Handler. Dank Manipulation mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.7,
"vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-09T19:00:07.910Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.241583"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.241583"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/drive/folders/1oYxs_KxK4Ftd7OsexGk6upkxhJ3-m8M3"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-10-09T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-10-09T15:51:41.000Z",
"value": "VulDB last update"
}
],
"title": "Delta Electronics WPLSoft Modbus Data Packet heap-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-5460",
"datePublished": "2023-10-09T19:00:07.910Z",
"dateReserved": "2023-10-09T13:46:25.782Z",
"dateUpdated": "2024-08-02T07:59:44.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5461 (GCVE-0-2023-5461)
Vulnerability from cvelistv5
Published
2023-10-09 20:00
Modified
2024-09-19 18:33
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.7 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.7 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Summary
A vulnerability was found in Delta Electronics WPLSoft 2.51. It has been classified as problematic. Affected is an unknown function of the component Modbus Handler. The manipulation leads to cleartext transmission of sensitive information. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241584. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.241584 | vdb-entry | |
| https://vuldb.com/?ctiid.241584 | signature, permissions-required | |
| https://drive.google.com/drive/folders/17nBJt3tejqipE_L-lMEhYXeGhG0eii-_ | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Delta Electronics | WPLSoft |
Version: 2.51 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.750Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.241584"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.241584"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://drive.google.com/drive/folders/17nBJt3tejqipE_L-lMEhYXeGhG0eii-_"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5461",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T18:33:13.312818Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T18:33:57.954Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Modbus Handler"
],
"product": "WPLSoft",
"vendor": "Delta Electronics",
"versions": [
{
"status": "affected",
"version": "2.51"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Delta Electronics WPLSoft 2.51. It has been classified as problematic. Affected is an unknown function of the component Modbus Handler. The manipulation leads to cleartext transmission of sensitive information. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241584. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in Delta Electronics WPLSoft 2.51 ausgemacht. Betroffen hiervon ist ein unbekannter Ablauf der Komponente Modbus Handler. Mit der Manipulation mit unbekannten Daten kann eine cleartext transmission of sensitive information-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-09T20:00:06.688Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.241584"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.241584"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/drive/folders/17nBJt3tejqipE_L-lMEhYXeGhG0eii-_"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-10-09T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-10-09T15:51:43.000Z",
"value": "VulDB last update"
}
],
"title": "Delta Electronics WPLSoft Modbus cleartext transmission"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-5461",
"datePublished": "2023-10-09T20:00:06.688Z",
"dateReserved": "2023-10-09T13:46:31.730Z",
"dateUpdated": "2024-09-19T18:33:57.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5130 (GCVE-0-2023-5130)
Vulnerability from cvelistv5
Published
2024-01-18 21:14
Modified
2024-11-13 19:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Summary
A buffer overflow vulnerability exists in Delta Electronics WPLSoft. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DVP file to achieve code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.exodusintel.com/2024/01/18/delta-electronics-wplsoft-buffer-overflow/ | third-party-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Delta Electronics | WPLSoft |
Version: 2.42.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.806Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://blog.exodusintel.com/2024/01/18/delta-electronics-wplsoft-buffer-overflow/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5130",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T19:17:33.322269Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T19:17:54.553Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "WPLSoft",
"vendor": "Delta Electronics",
"versions": [
{
"status": "affected",
"version": "2.42.11"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Exodus Intelligence"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(245, 245, 245);\"\u003eA buffer overflow vulnerability exists in Delta Electronics WPLSoft. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DVP file to achieve code execution.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A buffer overflow vulnerability exists in Delta Electronics WPLSoft. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DVP file to achieve code execution.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV2_0": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:P/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-18T21:14:26.662Z",
"orgId": "902ff664-2e36-43e3-a1aa-3210c82d1b67",
"shortName": "XI"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://blog.exodusintel.com/2024/01/18/delta-electronics-wplsoft-buffer-overflow/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Delta Electronics WPLSoft Buffer-Overflow",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "902ff664-2e36-43e3-a1aa-3210c82d1b67",
"assignerShortName": "XI",
"cveId": "CVE-2023-5130",
"datePublished": "2024-01-18T21:14:26.662Z",
"dateReserved": "2023-09-22T16:18:18.191Z",
"dateUpdated": "2024-11-13T19:17:54.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7494 (GCVE-0-2018-7494)
Vulnerability from cvelistv5
Published
2018-05-04 19:00
Modified
2024-09-16 19:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - STACK-BASED BUFFER OVERFLOW
Summary
WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length stack buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/103179 | vdb-entry, x_refsource_BID | |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-058-02 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ICS-CERT | Delta Electronics WPLSoft |
Version: WPLSoft, Versions 2.45.0 and prior. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:03.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103179",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103179"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Delta Electronics WPLSoft",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "WPLSoft, Versions 2.45.0 and prior."
}
]
}
],
"datePublic": "2018-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length stack buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "STACK-BASED BUFFER OVERFLOW CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-05T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "103179",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103179"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-02-27T00:00:00",
"ID": "CVE-2018-7494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Delta Electronics WPLSoft",
"version": {
"version_data": [
{
"version_value": "WPLSoft, Versions 2.45.0 and prior."
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length stack buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "STACK-BASED BUFFER OVERFLOW CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103179",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103179"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-7494",
"datePublished": "2018-05-04T19:00:00Z",
"dateReserved": "2018-02-26T00:00:00",
"dateUpdated": "2024-09-16T19:46:54.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2023-10-09 19:15
Modified
2024-11-21 08:41
Severity ?
3.5 (Low) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
5.7 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.7 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability was found in Delta Electronics WPLSoft up to 2.51 and classified as problematic. This issue affects some unknown processing of the component Modbus Data Packet Handler. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241583. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://drive.google.com/drive/folders/1oYxs_KxK4Ftd7OsexGk6upkxhJ3-m8M3 | Permissions Required | |
| cna@vuldb.com | https://vuldb.com/?ctiid.241583 | Permissions Required, Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.241583 | Permissions Required, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://drive.google.com/drive/folders/1oYxs_KxK4Ftd7OsexGk6upkxhJ3-m8M3 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.241583 | Permissions Required, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.241583 | Permissions Required, Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:deltaww:wplsoft:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A302AEC1-BDED-480D-81F3-9BC06D78F70B",
"versionEndIncluding": "2.51",
"versionStartIncluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Delta Electronics WPLSoft up to 2.51 and classified as problematic. This issue affects some unknown processing of the component Modbus Data Packet Handler. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241583. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Delta Electronics WPLSoft hasta 2.51 y clasificada como problem\u00e1tica. Este problema afecta a un procesamiento desconocido del componente Modbus Data Packet Handler. La manipulaci\u00f3n conduce a un desbordamiento del b\u00fafer. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-241583. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"id": "CVE-2023-5460",
"lastModified": "2024-11-21T08:41:48.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.7,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.1,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-09T19:15:10.543",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
],
"url": "https://drive.google.com/drive/folders/1oYxs_KxK4Ftd7OsexGk6upkxhJ3-m8M3"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.241583"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.241583"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://drive.google.com/drive/folders/1oYxs_KxK4Ftd7OsexGk6upkxhJ3-m8M3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.241583"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.241583"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-18 22:15
Modified
2024-11-21 08:41
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A buffer overflow vulnerability exists in Delta Electronics WPLSoft. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DVP file to achieve code execution.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:deltaww:wplsoft:2.42.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A94E1A35-B372-48FB-AAC4-FCDEFFED8F10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability exists in Delta Electronics WPLSoft. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DVP file to achieve code execution.\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en Delta Electronics WPLSoft. Un atacante an\u00f3nimo puede aprovechar esta vulnerabilidad incitando a un usuario a abrir un archivo DVP especialmente manipulado para lograr la ejecuci\u00f3n del c\u00f3digo."
}
],
"id": "CVE-2023-5130",
"lastModified": "2024-11-21T08:41:07.267",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:P/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 9.5,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0,
"source": "disclosures@exodusintel.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-18T22:15:10.890",
"references": [
{
"source": "disclosures@exodusintel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.exodusintel.com/2024/01/18/delta-electronics-wplsoft-buffer-overflow/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.exodusintel.com/2024/01/18/delta-electronics-wplsoft-buffer-overflow/"
}
],
"sourceIdentifier": "disclosures@exodusintel.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "disclosures@exodusintel.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-04 19:29
Modified
2024-11-21 04:12
Severity ?
Summary
WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length stack buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/103179 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-18-058-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103179 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-18-058-02 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:deltaww:wplsoft:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A36F1A86-38AC-48AE-93D1-0D58E6120229",
"versionEndIncluding": "2.45.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length stack buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash."
},
{
"lang": "es",
"value": "WPLSoft en Delta Electronics en versiones 2.45.0 y anteriores emplea un b\u00fafer de pila con un tama\u00f1o fijo en el que un valor m\u00e1s grande que el b\u00fafer puede ser le\u00eddo en en el b\u00fafer desde un archivo. Esto provoca que el b\u00fafer se sobrescriba, lo que podr\u00eda permitir la ejecuci\u00f3n remota de c\u00f3digo o que la aplicaci\u00f3n se cierre inesperadamente."
}
],
"id": "CVE-2018-7494",
"lastModified": "2024-11-21T04:12:14.513",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-04T19:29:00.237",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103179"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-09 20:15
Modified
2024-11-21 08:41
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability was found in Delta Electronics WPLSoft 2.51. It has been classified as problematic. Affected is an unknown function of the component Modbus Handler. The manipulation leads to cleartext transmission of sensitive information. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241584. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://drive.google.com/drive/folders/17nBJt3tejqipE_L-lMEhYXeGhG0eii-_ | Permissions Required | |
| cna@vuldb.com | https://vuldb.com/?ctiid.241584 | Permissions Required, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?id.241584 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://drive.google.com/drive/folders/17nBJt3tejqipE_L-lMEhYXeGhG0eii-_ | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.241584 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.241584 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:deltaww:wplsoft:2.51:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E856CF-4581-4E89-A9E4-560C3ACE939A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Delta Electronics WPLSoft 2.51. It has been classified as problematic. Affected is an unknown function of the component Modbus Handler. The manipulation leads to cleartext transmission of sensitive information. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241584. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Delta Electronics WPLSoft 2.51. Ha sido clasificado como problem\u00e1tico. Una funci\u00f3n desconocida del componente Modbus Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a la transmisi\u00f3n en texto plano de informaci\u00f3n confidencial. Es posible lanzar el ataque de forma remota. La complejidad de un ataque es bastante alta. Se dice que la explotabilidad es dif\u00edcil. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-241584. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"id": "CVE-2023-5461",
"lastModified": "2024-11-21T08:41:48.913",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-09T20:15:10.633",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
],
"url": "https://drive.google.com/drive/folders/17nBJt3tejqipE_L-lMEhYXeGhG0eii-_"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://vuldb.com/?ctiid.241584"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.241584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://drive.google.com/drive/folders/17nBJt3tejqipE_L-lMEhYXeGhG0eii-_"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://vuldb.com/?ctiid.241584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.241584"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-04 19:29
Modified
2024-11-21 04:12
Severity ?
Summary
WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length heap buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/103179 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-18-058-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103179 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-18-058-02 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:deltaww:wplsoft:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A36F1A86-38AC-48AE-93D1-0D58E6120229",
"versionEndIncluding": "2.45.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length heap buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash."
},
{
"lang": "es",
"value": "WPLSoft en Delta Electronics en versiones 2.45.0 y anteriores emplea un b\u00fafer de memoria din\u00e1mica (heap) con un tama\u00f1o fijo en el que un valor m\u00e1s grande que el b\u00fafer puede ser le\u00eddo en en el b\u00fafer desde un archivo. Esto provoca que el b\u00fafer se sobrescriba, lo que podr\u00eda permitir la ejecuci\u00f3n remota de c\u00f3digo o que la aplicaci\u00f3n se cierre inesperadamente."
}
],
"id": "CVE-2018-7507",
"lastModified": "2024-11-21T04:12:15.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-04T19:29:00.313",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103179"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-04 19:29
Modified
2024-11-21 04:12
Severity ?
Summary
WPLSoft in Delta Electronics versions 2.45.0 and prior writes data from a file outside the bounds of the intended buffer space, which could cause memory corruption or may allow remote code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/103179 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-18-058-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103179 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-18-058-02 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:deltaww:wplsoft:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A36F1A86-38AC-48AE-93D1-0D58E6120229",
"versionEndIncluding": "2.45.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WPLSoft in Delta Electronics versions 2.45.0 and prior writes data from a file outside the bounds of the intended buffer space, which could cause memory corruption or may allow remote code execution."
},
{
"lang": "es",
"value": "WPLSoft en Delta Electronics en versiones 2.45.0 y anteriores escribe datos desde un archivo fuera de los l\u00edmites del espacio de b\u00fafer planeado, lo que podr\u00eda provocar la corrupci\u00f3n de la memoria o permitir la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"id": "CVE-2018-7509",
"lastModified": "2024-11-21T04:12:16.097",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-04T19:29:00.360",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103179"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}