Buffer overflow in Delta Controls Inc. products - CVE-2019-9569
Published: August 28, 2019 / Updated: August 28, 2019
Vulnerability identifier: #VU20421
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-9569
CWE-ID: CWE-120
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Delta Controls Inc.
Affected software:
enteliBUS Controller firmware
enteliBUS Manager Touch firmware
enteliBUS Manager firmware
enteliBUS Controller firmware
enteliBUS Manager Touch firmware
enteliBUS Manager firmware
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to the lack of input validation. A remote attacker on the same network can send a specially crafted request to the affected system, trigger buffer overflow, gain complete control of the device’s operating system and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
How to mitigate CVE-2019-9569
Install updates from vendor's website.