Main Vulnerability Database Vulnerabilities #VU14447

Stack-based buffer overflow in DeltaV - CVE-2018-14793

Published: August 17, 2018

Vulnerability identifier: #VU14447

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-14793

CWE-ID: CWE-121

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: Emerson

Affected software:
DeltaV

Detailed vulnerability description

The vulnerability allows an adjacent attacker to execute arbitrary code on the target system.

The vulnerability exists due to stack-based buffer overflow. An adjacent attacker can use open communication port to trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

How to mitigate CVE-2018-14793

Install update from vendor's website.

Sources

https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01

Stack-based buffer overflow in DeltaV - CVE-2018-14793

Detailed vulnerability description

How to mitigate CVE-2018-14793

Sources

Please verify you're human