#VU14447 Stack-based buffer overflow in DeltaV - CVE-2018-14793
Published: August 17, 2018
Vulnerability identifier: #VU14447
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2018-14793
CWE-ID: CWE-121
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
DeltaV
DeltaV
Software vendor:
Emerson
Emerson
Description
The vulnerability allows an adjacent attacker to execute arbitrary code on the target system.
The vulnerability exists due to stack-based buffer overflow. An adjacent attacker can use open communication port to trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Remediation
Install update from vendor's website.