PT-2018-9985 · Delta Industrial Automation · Commgr

T4Rkd3Vilz

Published

2018-06-26

Updated

2019-10-09

CVE-2018-10594

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Delta Industrial Automation COMMGR versions 1.08 and prior

Description: The issue is related to a fixed-length stack buffer that can be overwritten when an unverified length value is read from network packets via a specific network port. This can lead to remote code execution, cause the application to crash, or result in a denial-of-service condition in the application server.

Recommendations: For Delta Industrial Automation COMMGR versions 1.08 and prior, consider disabling the network port that accepts unverified length values until a patch is available to prevent potential remote code execution or denial-of-service conditions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Stack Overflow

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-119

Related Identifiers

CVE-2018-10594

ZDI-18-585

ZDI-18-586

ZDI-18-587

ZDI-18-588

Affected Products

Commgr

PT-2018-9985 · Delta Industrial Automation · Commgr

CVE-2018-10594

Weakness Enumeration

Related Identifiers

Affected Products

References · 11