Stack-based buffer overflow in Delta Electronics, Inc. products - CVE-2018-10594
Published: June 21, 2018 / Updated: June 17, 2021
Vulnerability identifier: #VU13419
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2018-10594
CWE-ID: CWE-121
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: Delta Electronics, Inc.
Affected software:
COMMGR AHSIM_5x1
COMMGR AHSIM_5x0
COMMGR DVPSimulator SS2
COMMGR DVPSimulator SE
COMMGR DVPSimulator ES2
COMMGR DVPSimulator EH3
COMMGR DVPSimulator EH2
COMMGR AHSIM_5x1
COMMGR AHSIM_5x0
COMMGR DVPSimulator SS2
COMMGR DVPSimulator SE
COMMGR DVPSimulator ES2
COMMGR DVPSimulator EH3
COMMGR DVPSimulator EH2
Detailed vulnerability description
The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.
The vulnerability exists due to stack-based buffer overflow when the application utilizes a fixed-length stack buffer where an unverified length value can be read from the network packets via a specific network port. A remote unauthenticated attacker can trigger memory corruption and cause the service to crash or execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
How to mitigate CVE-2018-10594
Update to version 1.09.