Remote code execution in Eaton ELCSoft

Published: 2018-03-07 12:05:19
Severity High
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-7511
CVSSv3 8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CWE ID CWE-120
Exploitation vector Network
Public exploit Not available
Vulnerable software ELCSoft
Vulnerable software versions ELCSoft -
Vendor URL Eaton

Security Advisory

1) Buffer overflow

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to buffer overflow when handling malicious input. A remote attacker can trick the victim into opening a specially crafted input, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

External links

https://ics-cert.us-cert.gov/advisories/ICSA-18-065-03

Back to List