Main Vulnerability Database Vulnerabilities #VU16540

Stack-based buffer overflow in GUIcon Eurotherm - CVE-2018-7814

Published: December 14, 2018

Vulnerability identifier: #VU16540

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-7814

CWE-ID: CWE-121

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Schneider Electric

Affected software:
GUIcon Eurotherm

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to stack-based buffer overflow when handling malicious input. A remote unauthenticated attacker can trick the victim into parsing a specially crafted GD1 file, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2018-7814

Update to version 2.0.683.003.

Sources

https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-338-01-Eurotherm-GUIcon.pdf&p_Doc_Ref=SEVD-2018-338-01

Stack-based buffer overflow in GUIcon Eurotherm - CVE-2018-7814

Detailed vulnerability description

How to mitigate CVE-2018-7814

Sources

Please verify you're human