var-201805-1148
Vulnerability from variot

WPLSoft in Delta Electronics versions 2.45.0 and prior writes data from a file outside the bounds of the intended buffer space, which could cause memory corruption or may allow remote code execution. Delta Electronics WPLSoft Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of .dvp files. Crafted data in a .dvp file can trigger an overflow of a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. Delta Industrial Automation is the industry automation vendor for power management and cooling solutions worldwide. WPLSoft and PMSoft are Delta's PLC programming software. Delta Electronics WPLSoft is prone to the following security vulnerabilities: 1. A stack-based buffer-overflow vulnerability 2. A heap-based buffer-overflow vulnerability 3. Delta Industrial WPLSoft Version 2.45.0 and prior versions are vulnerable

Show details on source website


{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "wplsoft",
        "scope": null,
        "trust": 2.1,
        "vendor": "delta industrial automation",
        "version": null
      },
      {
        "_id": null,
        "model": "industrial automation wplsoft",
        "scope": null,
        "trust": 1.8,
        "vendor": "delta",
        "version": null
      },
      {
        "_id": null,
        "model": "industrial automation wplsoft",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "delta",
        "version": "*"
      },
      {
        "_id": null,
        "model": "wplsoft",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "deltaww",
        "version": "2.45.0"
      },
      {
        "_id": null,
        "model": "wplsoft",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "delta",
        "version": "2.45.0"
      },
      {
        "_id": null,
        "model": "electronics wplsoft",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "delta",
        "version": "\u003c=2.45.0"
      },
      {
        "_id": null,
        "model": "wplsoft",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "deltaww",
        "version": "2.45.0"
      },
      {
        "_id": null,
        "model": "electronics inc wplsoft",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "delta",
        "version": "2.45.0"
      },
      {
        "_id": null,
        "model": "electronics inc wplsoft",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "delta",
        "version": "2.42.11"
      },
      {
        "_id": null,
        "model": "electronics inc wplsoft",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "delta",
        "version": "2.0"
      },
      {
        "_id": null,
        "model": "electronics inc wplsoft",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "delta",
        "version": "2.46.0"
      },
      {
        "_id": null,
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "wplsoft",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2ff16f1-39ab-11e9-9e8d-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "bd88bef6-a734-4ab3-b708-493e5939c42c"
      },
      {
        "db": "IVD",
        "id": "9b0290fd-5208-4c4d-be64-9b123c16f26e"
      },
      {
        "db": "IVD",
        "id": "c3d16b7a-9f9a-4e2c-b16b-7a6bbe22e631"
      },
      {
        "db": "IVD",
        "id": "e300014f-39ab-11e9-ae3c-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "e2ff8c23-39ab-11e9-a10f-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "e2ffda40-39ab-11e9-aced-000c29342cb1"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-701"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-700"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-697"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22819"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22816"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-03766"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22820"
      },
      {
        "db": "BID",
        "id": "103179"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004572"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-769"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7509"
      }
    ]
  },
  "configurations": {
    "_id": null,
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:delta_electronics:wplsoft",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004572"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "axt",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-17-701"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-700"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-697"
      }
    ],
    "trust": 2.1
  },
  "cve": "CVE-2018-7509",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "ZDI",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2018-7509",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 2.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2018-7509",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-22819",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-22816",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.7,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2018-03766",
            "impactScore": 9.5,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-22820",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.7,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "e2ff16f1-39ab-11e9-9e8d-000c29342cb1",
            "impactScore": 9.5,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:C/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "bd88bef6-a734-4ab3-b708-493e5939c42c",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "9b0290fd-5208-4c4d-be64-9b123c16f26e",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "c3d16b7a-9f9a-4e2c-b16b-7a6bbe22e631",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "e300014f-39ab-11e9-ae3c-000c29342cb1",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "e2ff8c23-39ab-11e9-a10f-000c29342cb1",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "e2ffda40-39ab-11e9-aced-000c29342cb1",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2018-7509",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "ZDI",
            "id": "CVE-2018-7509",
            "trust": 2.1,
            "value": "HIGH"
          },
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-7509",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-7509",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-22819",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-22816",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-03766",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-22820",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201803-769",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "e2ff16f1-39ab-11e9-9e8d-000c29342cb1",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "bd88bef6-a734-4ab3-b708-493e5939c42c",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "9b0290fd-5208-4c4d-be64-9b123c16f26e",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "c3d16b7a-9f9a-4e2c-b16b-7a6bbe22e631",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "e300014f-39ab-11e9-ae3c-000c29342cb1",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "e2ff8c23-39ab-11e9-a10f-000c29342cb1",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "e2ffda40-39ab-11e9-aced-000c29342cb1",
            "trust": 0.2,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2ff16f1-39ab-11e9-9e8d-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "bd88bef6-a734-4ab3-b708-493e5939c42c"
      },
      {
        "db": "IVD",
        "id": "9b0290fd-5208-4c4d-be64-9b123c16f26e"
      },
      {
        "db": "IVD",
        "id": "c3d16b7a-9f9a-4e2c-b16b-7a6bbe22e631"
      },
      {
        "db": "IVD",
        "id": "e300014f-39ab-11e9-ae3c-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "e2ff8c23-39ab-11e9-a10f-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "e2ffda40-39ab-11e9-aced-000c29342cb1"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-701"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-700"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-697"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22819"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22816"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-03766"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22820"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004572"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-769"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7509"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "WPLSoft in Delta Electronics versions 2.45.0 and prior writes data from a file outside the bounds of the intended buffer space, which could cause memory corruption or may allow remote code execution. Delta Electronics WPLSoft Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of .dvp files. Crafted data in a .dvp file can trigger an overflow of a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. Delta Industrial Automation is the industry automation vendor for power management and cooling solutions worldwide. WPLSoft and PMSoft are Delta\u0027s PLC programming software. Delta Electronics WPLSoft is prone to the following security vulnerabilities:\n1. A stack-based buffer-overflow vulnerability\n2. A heap-based buffer-overflow vulnerability\n3. \nDelta Industrial WPLSoft  Version 2.45.0 and prior versions are vulnerable",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-7509"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004572"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-701"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-697"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-700"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22819"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22816"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-03766"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22820"
      },
      {
        "db": "BID",
        "id": "103179"
      },
      {
        "db": "IVD",
        "id": "e2ff8c23-39ab-11e9-a10f-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "e2ffda40-39ab-11e9-aced-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "e300014f-39ab-11e9-ae3c-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "bd88bef6-a734-4ab3-b708-493e5939c42c"
      },
      {
        "db": "IVD",
        "id": "c3d16b7a-9f9a-4e2c-b16b-7a6bbe22e631"
      },
      {
        "db": "IVD",
        "id": "9b0290fd-5208-4c4d-be64-9b123c16f26e"
      },
      {
        "db": "IVD",
        "id": "e2ff16f1-39ab-11e9-9e8d-000c29342cb1"
      }
    ],
    "trust": 7.2
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-7509",
        "trust": 5.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-18-058-02",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "103179",
        "trust": 1.9
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-701",
        "trust": 1.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-700",
        "trust": 1.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-697",
        "trust": 1.3
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22819",
        "trust": 1.0
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22820",
        "trust": 1.0
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22816",
        "trust": 1.0
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-03766",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-769",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004572",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-4435",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-4428",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-4438",
        "trust": 0.7
      },
      {
        "db": "IVD",
        "id": "E2FF16F1-39AB-11E9-9E8D-000C29342CB1",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "BD88BEF6-A734-4AB3-B708-493E5939C42C",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "9B0290FD-5208-4C4D-BE64-9B123C16F26E",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "C3D16B7A-9F9A-4E2C-B16B-7A6BBE22E631",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "E300014F-39AB-11E9-AE3C-000C29342CB1",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "E2FF8C23-39AB-11E9-A10F-000C29342CB1",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "E2FFDA40-39AB-11E9-ACED-000C29342CB1",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2ff16f1-39ab-11e9-9e8d-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "bd88bef6-a734-4ab3-b708-493e5939c42c"
      },
      {
        "db": "IVD",
        "id": "9b0290fd-5208-4c4d-be64-9b123c16f26e"
      },
      {
        "db": "IVD",
        "id": "c3d16b7a-9f9a-4e2c-b16b-7a6bbe22e631"
      },
      {
        "db": "IVD",
        "id": "e300014f-39ab-11e9-ae3c-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "e2ff8c23-39ab-11e9-a10f-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "e2ffda40-39ab-11e9-aced-000c29342cb1"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-701"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-700"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-697"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22819"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22816"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-03766"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22820"
      },
      {
        "db": "BID",
        "id": "103179"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004572"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-769"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7509"
      }
    ]
  },
  "id": "VAR-201805-1148",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "e2ff16f1-39ab-11e9-9e8d-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "bd88bef6-a734-4ab3-b708-493e5939c42c"
      },
      {
        "db": "IVD",
        "id": "9b0290fd-5208-4c4d-be64-9b123c16f26e"
      },
      {
        "db": "IVD",
        "id": "c3d16b7a-9f9a-4e2c-b16b-7a6bbe22e631"
      },
      {
        "db": "IVD",
        "id": "e300014f-39ab-11e9-ae3c-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "e2ff8c23-39ab-11e9-a10f-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "e2ffda40-39ab-11e9-aced-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22819"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22816"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-03766"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22820"
      }
    ],
    "trust": 4.716666666666667
  },
  "iot_taxonomy": {
    "_id": null,
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 3.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2ff16f1-39ab-11e9-9e8d-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "bd88bef6-a734-4ab3-b708-493e5939c42c"
      },
      {
        "db": "IVD",
        "id": "9b0290fd-5208-4c4d-be64-9b123c16f26e"
      },
      {
        "db": "IVD",
        "id": "c3d16b7a-9f9a-4e2c-b16b-7a6bbe22e631"
      },
      {
        "db": "IVD",
        "id": "e300014f-39ab-11e9-ae3c-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "e2ff8c23-39ab-11e9-a10f-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "e2ffda40-39ab-11e9-aced-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22819"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22816"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-03766"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22820"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:53:07.271000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "Delta Industrial Automation has issued an update to correct this vulnerability.        This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.02/01/17 - ZDI disclosed reports to ICS-CERT02/07/17 - ICS-CERT provided ZDI with an ICS-VU # ICS-VU-97456803/16/17 - ICS-CERT asked ZDI questions about reproduction03/27/17 - ICS-CERT asked ZDI again some questions about reproduction06/07/17 - ICS-CERT offered ZDI a pre-release patch to test06/07/17 - ZDI replied that we cannot do the testing for the vendor07/20/17 - ZDI sent a mail to ICS-CERT asking the status07/26/17 - ICS-CERT advised that the vendor has a new version they believe addressed the reports (though to ZDI knowledge, no advisory was released)08/02/17 - ZDI advised ICS-CERT that our finder indicated that the vulnerabilities are still present08/11/17 - ZDI wrote ICS-CERT to indicate the intention to move these reports to 0-day on 8/24-- Mitigation:Given the nature of the vulnerability the only salient mitigation strategy is to restrict interaction with the application to trusted files.",
        "trust": 2.1,
        "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-02"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.deltaww.com/"
      },
      {
        "title": "Delta Industrial Automation WPLSoft dvp file border write vulnerability (CNVD-2017-228198) patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/143673"
      },
      {
        "title": "Patch for Delta Industrial Automation WPLSoft dvp File Buffer Buffer Overflow Vulnerability (CNVD-2017-228165)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/143667"
      },
      {
        "title": "Delta Electronics WPLSoft cross-border write vulnerability patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/119163"
      },
      {
        "title": "Delta Industrial Automation WPLSoft dvp file cross-boundary write vulnerability patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/143675"
      },
      {
        "title": "Delta Electronics WPLSoft Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79355"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-17-701"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-700"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-697"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22819"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22816"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-03766"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22820"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004572"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-769"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004572"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7509"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 5.4,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-058-02"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/103179"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7509"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7509"
      },
      {
        "trust": 0.6,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-17-700/"
      },
      {
        "trust": 0.6,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-17-697/"
      },
      {
        "trust": 0.6,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-17-701/"
      },
      {
        "trust": 0.3,
        "url": "http://www.deltaww.com/"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-17-701"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-700"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-697"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22819"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22816"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-03766"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22820"
      },
      {
        "db": "BID",
        "id": "103179"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004572"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-769"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7509"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "IVD",
        "id": "e2ff16f1-39ab-11e9-9e8d-000c29342cb1",
        "ident": null
      },
      {
        "db": "IVD",
        "id": "bd88bef6-a734-4ab3-b708-493e5939c42c",
        "ident": null
      },
      {
        "db": "IVD",
        "id": "9b0290fd-5208-4c4d-be64-9b123c16f26e",
        "ident": null
      },
      {
        "db": "IVD",
        "id": "c3d16b7a-9f9a-4e2c-b16b-7a6bbe22e631",
        "ident": null
      },
      {
        "db": "IVD",
        "id": "e300014f-39ab-11e9-ae3c-000c29342cb1",
        "ident": null
      },
      {
        "db": "IVD",
        "id": "e2ff8c23-39ab-11e9-a10f-000c29342cb1",
        "ident": null
      },
      {
        "db": "IVD",
        "id": "e2ffda40-39ab-11e9-aced-000c29342cb1",
        "ident": null
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-701",
        "ident": null
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-700",
        "ident": null
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-697",
        "ident": null
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22819",
        "ident": null
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22816",
        "ident": null
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-03766",
        "ident": null
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-22820",
        "ident": null
      },
      {
        "db": "BID",
        "id": "103179",
        "ident": null
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004572",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-769",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7509",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2018-02-28T00:00:00",
        "db": "IVD",
        "id": "e2ff16f1-39ab-11e9-9e8d-000c29342cb1",
        "ident": null
      },
      {
        "date": "2017-08-25T00:00:00",
        "db": "IVD",
        "id": "bd88bef6-a734-4ab3-b708-493e5939c42c",
        "ident": null
      },
      {
        "date": "2017-08-25T00:00:00",
        "db": "IVD",
        "id": "9b0290fd-5208-4c4d-be64-9b123c16f26e",
        "ident": null
      },
      {
        "date": "2017-08-25T00:00:00",
        "db": "IVD",
        "id": "c3d16b7a-9f9a-4e2c-b16b-7a6bbe22e631",
        "ident": null
      },
      {
        "date": "2017-08-25T00:00:00",
        "db": "IVD",
        "id": "e300014f-39ab-11e9-ae3c-000c29342cb1",
        "ident": null
      },
      {
        "date": "2017-08-25T00:00:00",
        "db": "IVD",
        "id": "e2ff8c23-39ab-11e9-a10f-000c29342cb1",
        "ident": null
      },
      {
        "date": "2017-08-25T00:00:00",
        "db": "IVD",
        "id": "e2ffda40-39ab-11e9-aced-000c29342cb1",
        "ident": null
      },
      {
        "date": "2017-08-24T00:00:00",
        "db": "ZDI",
        "id": "ZDI-17-701",
        "ident": null
      },
      {
        "date": "2017-08-24T00:00:00",
        "db": "ZDI",
        "id": "ZDI-17-700",
        "ident": null
      },
      {
        "date": "2017-08-24T00:00:00",
        "db": "ZDI",
        "id": "ZDI-17-697",
        "ident": null
      },
      {
        "date": "2017-08-25T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-22819",
        "ident": null
      },
      {
        "date": "2017-08-25T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-22816",
        "ident": null
      },
      {
        "date": "2018-02-28T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-03766",
        "ident": null
      },
      {
        "date": "2017-08-25T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-22820",
        "ident": null
      },
      {
        "date": "2018-02-27T00:00:00",
        "db": "BID",
        "id": "103179",
        "ident": null
      },
      {
        "date": "2018-06-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-004572",
        "ident": null
      },
      {
        "date": "2018-03-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201803-769",
        "ident": null
      },
      {
        "date": "2018-05-04T19:29:00.360000",
        "db": "NVD",
        "id": "CVE-2018-7509",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2018-03-28T00:00:00",
        "db": "ZDI",
        "id": "ZDI-17-701",
        "ident": null
      },
      {
        "date": "2018-03-28T00:00:00",
        "db": "ZDI",
        "id": "ZDI-17-700",
        "ident": null
      },
      {
        "date": "2018-03-28T00:00:00",
        "db": "ZDI",
        "id": "ZDI-17-697",
        "ident": null
      },
      {
        "date": "2018-11-05T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-22819",
        "ident": null
      },
      {
        "date": "2018-11-05T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-22816",
        "ident": null
      },
      {
        "date": "2018-11-05T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-03766",
        "ident": null
      },
      {
        "date": "2018-11-05T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-22820",
        "ident": null
      },
      {
        "date": "2018-02-27T00:00:00",
        "db": "BID",
        "id": "103179",
        "ident": null
      },
      {
        "date": "2018-06-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-004572",
        "ident": null
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201803-769",
        "ident": null
      },
      {
        "date": "2024-11-21T04:12:16.097000",
        "db": "NVD",
        "id": "CVE-2018-7509",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-769"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "_id": null,
    "data": "(0Day) Delta Industrial Automation WPLSoft dvp File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-17-701"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-700"
      }
    ],
    "trust": 1.4
  },
  "type": {
    "_id": null,
    "data": "Buffer error",
    "sources": [
      {
        "db": "IVD",
        "id": "e2ff16f1-39ab-11e9-9e8d-000c29342cb1"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-769"
      }
    ],
    "trust": 0.8
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.