PT-2018-16966 · Emerson Process Management · Controlwave Micro

Younes Dragoni

Published

2018-03-07

Updated

2020-09-18

CVE-2018-5452

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Emerson Process Management ControlWave Micro Process Automation Controller versions prior to CWM v.05.78.00

Description A Stack-based Buffer Overflow issue was discovered, caused by sending crafted packets on Port 20547, which could force the PLC to change its state into halt mode.

Recommendations For versions prior to CWM v.05.78.00, update the firmware to a version later than CWM v.05.78.00 to resolve the issue. As a temporary workaround, consider restricting access to Port 20547 to minimize the risk of exploitation.

Fix

Stack Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-787

Related Identifiers

CVE-2018-5452

Affected Products

Controlwave Micro

PT-2018-16966 · Emerson Process Management · Controlwave Micro

CVE-2018-5452

Weakness Enumeration

Related Identifiers

Affected Products

References · 4