#VU13419 Stack-based buffer overflow in Delta Electronics, Inc. products - CVE-2018-10594
Published: June 21, 2018 / Updated: June 17, 2021
Vulnerability identifier: #VU13419
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2018-10594
CWE-ID: CWE-121
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
COMMGR AHSIM_5x1
COMMGR AHSIM_5x0
COMMGR DVPSimulator SS2
COMMGR DVPSimulator SE
COMMGR DVPSimulator ES2
COMMGR DVPSimulator EH3
COMMGR DVPSimulator EH2
COMMGR AHSIM_5x1
COMMGR AHSIM_5x0
COMMGR DVPSimulator SS2
COMMGR DVPSimulator SE
COMMGR DVPSimulator ES2
COMMGR DVPSimulator EH3
COMMGR DVPSimulator EH2
Software vendor:
Delta Electronics, Inc.
Delta Electronics, Inc.
Description
The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.
The vulnerability exists due to stack-based buffer overflow when the application utilizes a fixed-length stack buffer where an unverified length value can be read from the network packets via a specific network port. A remote unauthenticated attacker can trigger memory corruption and cause the service to crash or execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Update to version 1.09.