PT-2018-16966 · Emerson Process Management · Controlwave Micro

Younes Dragoni

Publicado

2018-03-07

Atualizado

2020-09-18

CVE-2018-5452

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Emerson Process Management ControlWave Micro Process Automation Controller versions prior to CWM v.05.78.00

Description A Stack-based Buffer Overflow issue was discovered, caused by sending crafted packets on Port 20547, which could force the PLC to change its state into halt mode.

Recommendations For versions prior to CWM v.05.78.00, update the firmware to a version later than CWM v.05.78.00 to resolve the issue. As a temporary workaround, consider restricting access to Port 20547 to minimize the risk of exploitation.

Correção

Stack Overflow

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-121CWE-787

Identificadores relacionados

CVE-2018-5452

Produtos afetados

Controlwave Micro

PT-2018-16966 · Emerson Process Management · Controlwave Micro

CVE-2018-5452

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4