Details of VAR-201702-0421

ID

VAR-201702-0421

CVE

CVE-2016-5802

TITLE

plural Delta Electronics Vulnerability to load malicious files in products

Trust: 0.8

sources: JVNDB: JVNDB-2016-007976

DESCRIPTION

An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to 2.10.10. Multiple instances of out-of-bounds write conditions may allow malicious files to be read and executed by the affected software. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within parsing of a dvp file. A malformed dvp file can cause heap corruption and the BorrlndmmSysGetMem function will write to an arbitrary memory location in the user process. A remote attacker could leverage this vulnerability to execute arbitrary code in the context of the process. The process does not properly validate user-supplied data which can result in a write past the end of an allocated buffer. Delta Electronics WPLSoft and others are software control platforms used by Delta Electronics to edit the Delta DVP series of programmable logic controllers (PLCs)

Trust: 6.03

sources: NVD: CVE-2016-5802 // JVNDB: JVNDB-2016-007976 // ZDI: ZDI-16-660 // ZDI: ZDI-16-646 // ZDI: ZDI-16-647 // ZDI: ZDI-16-652 // ZDI: ZDI-16-663 // CNVD: CNVD-2016-12682 // BID: 94887 // IVD: 369617cd-e442-4f7b-852f-d167d53a3ae8 // IVD: e2ff3e00-39ab-11e9-baf6-000c29342cb1 // VULHUB: VHN-94621

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.0

sources: IVD: 369617cd-e442-4f7b-852f-d167d53a3ae8 // IVD: e2ff3e00-39ab-11e9-baf6-000c29342cb1 // CNVD: CNVD-2016-12682

AFFECTED PRODUCTS

vendor:	delta industrial automation	model:	wplsoft	scope:	-	version:	-	Trust: 2.8
vendor:	delta	model:	ispsoft	scope:	eq	version:	-	Trust: 1.6
vendor:	delta	model:	pmsoft	scope:	eq	version:	-	Trust: 1.6
vendor:	delta	model:	wplsoft	scope:	eq	version:	-	Trust: 1.6
vendor:	delta	model:	electronics inc ispsoft	scope:	eq	version:	3.0	Trust: 0.9
vendor:	delta	model:	electronics inc pmsoft	scope:	eq	version:	2.0	Trust: 0.9
vendor:	delta	model:	electronics inc wplsoft	scope:	eq	version:	2.0	Trust: 0.9
vendor:	delta	model:	ispsoft	scope:	lt	version:	3.02.11	Trust: 0.8
vendor:	delta	model:	pmsoft	scope:	lt	version:	2.10.10	Trust: 0.8
vendor:	delta	model:	wplsoft	scope:	lt	version:	2.42.11	Trust: 0.8
vendor:	delta industrial automation	model:	pmsoft	scope:	-	version:	-	Trust: 0.7
vendor:	ispsoft	model:	-	scope:	eq	version:	-	Trust: 0.4
vendor:	pmsoft	model:	-	scope:	eq	version:	-	Trust: 0.4
vendor:	wplsoft	model:	-	scope:	eq	version:	-	Trust: 0.4
vendor:	delta	model:	electronics inc wplsoft	scope:	ne	version:	2.42.11	Trust: 0.3
vendor:	delta	model:	electronics inc pmsoft	scope:	ne	version:	2.10.10	Trust: 0.3
vendor:	delta	model:	electronics inc ispsoft	scope:	ne	version:	3.02.11	Trust: 0.3

sources: IVD: 369617cd-e442-4f7b-852f-d167d53a3ae8 // IVD: e2ff3e00-39ab-11e9-baf6-000c29342cb1 // ZDI: ZDI-16-660 // ZDI: ZDI-16-646 // ZDI: ZDI-16-647 // ZDI: ZDI-16-652 // ZDI: ZDI-16-663 // CNVD: CNVD-2016-12682 // BID: 94887 // JVNDB: JVNDB-2016-007976 // CNNVD: CNNVD-201612-510 // NVD: CVE-2016-5802

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2016-5802
value:	MEDIUM
Trust: 2.1
ZDI:	CVE-2016-5802
value:	HIGH
Trust: 1.4
nvd@nist.gov:	CVE-2016-5802
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-5802
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2016-12682
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201612-510
value:	MEDIUM
Trust: 0.6
IVD:	369617cd-e442-4f7b-852f-d167d53a3ae8
value:	MEDIUM
Trust: 0.2
IVD:	e2ff3e00-39ab-11e9-baf6-000c29342cb1
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-94621
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-5802
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 3.9
ZDI:	CVE-2016-5802
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.4
CNVD:	CNVD-2016-12682
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	369617cd-e442-4f7b-852f-d167d53a3ae8
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	e2ff3e00-39ab-11e9-baf6-000c29342cb1
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-94621
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-5802
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: 369617cd-e442-4f7b-852f-d167d53a3ae8 // IVD: e2ff3e00-39ab-11e9-baf6-000c29342cb1 // ZDI: ZDI-16-660 // ZDI: ZDI-16-646 // ZDI: ZDI-16-647 // ZDI: ZDI-16-652 // ZDI: ZDI-16-663 // CNVD: CNVD-2016-12682 // VULHUB: VHN-94621 // JVNDB: JVNDB-2016-007976 // CNNVD: CNNVD-201612-510 // NVD: CVE-2016-5802

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.9

sources: VULHUB: VHN-94621 // JVNDB: JVNDB-2016-007976 // NVD: CVE-2016-5802

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201612-510

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201612-510

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007976

PATCH

title:	Delta Industrial Automation has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-16-348-03	Trust: 3.5
title:	Top Page	url:	http://www.deltaww.com/	Trust: 0.8
title:	Patches for arbitrary file access vulnerabilities in various Delta Electronics products	url:	https://www.cnvd.org.cn/patchInfo/show/86303	Trust: 0.6
title:	Multiple Delta Electronics Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66544	Trust: 0.6

sources: ZDI: ZDI-16-660 // ZDI: ZDI-16-646 // ZDI: ZDI-16-647 // ZDI: ZDI-16-652 // ZDI: ZDI-16-663 // CNVD: CNVD-2016-12682 // JVNDB: JVNDB-2016-007976 // CNNVD: CNNVD-201612-510

EXTERNAL IDS

db:	NVD	id:	CVE-2016-5802	Trust: 7.3
db:	ICS CERT	id:	ICSA-16-348-03	Trust: 3.4
db:	BID	id:	94887	Trust: 2.6
db:	CNNVD	id:	CNNVD-201612-510	Trust: 1.1
db:	CNVD	id:	CNVD-2016-12682	Trust: 1.0
db:	JVNDB	id:	JVNDB-2016-007976	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-3914	Trust: 0.7
db:	ZDI	id:	ZDI-16-660	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3587	Trust: 0.7
db:	ZDI	id:	ZDI-16-646	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3858	Trust: 0.7
db:	ZDI	id:	ZDI-16-647	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3861	Trust: 0.7
db:	ZDI	id:	ZDI-16-652	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3935	Trust: 0.7
db:	ZDI	id:	ZDI-16-663	Trust: 0.7
db:	IVD	id:	369617CD-E442-4F7B-852F-D167D53A3AE8	Trust: 0.2
db:	IVD	id:	E2FF3E00-39AB-11E9-BAF6-000C29342CB1	Trust: 0.2
db:	VULHUB	id:	VHN-94621	Trust: 0.1

sources: IVD: 369617cd-e442-4f7b-852f-d167d53a3ae8 // IVD: e2ff3e00-39ab-11e9-baf6-000c29342cb1 // ZDI: ZDI-16-660 // ZDI: ZDI-16-646 // ZDI: ZDI-16-647 // ZDI: ZDI-16-652 // ZDI: ZDI-16-663 // CNVD: CNVD-2016-12682 // VULHUB: VHN-94621 // BID: 94887 // JVNDB: JVNDB-2016-007976 // CNNVD: CNNVD-201612-510 // NVD: CVE-2016-5802

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-16-348-03	Trust: 6.3
url:	http://www.securityfocus.com/bid/94887	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5802	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5802	Trust: 0.8
url:	https://ics-cert.us-cert.gov/advisories/icsa-16-348-03#footnotea_6tkr584	Trust: 0.6
url:	http://www.deltaww.com/	Trust: 0.3

sources: ZDI: ZDI-16-660 // ZDI: ZDI-16-646 // ZDI: ZDI-16-647 // ZDI: ZDI-16-652 // ZDI: ZDI-16-663 // CNVD: CNVD-2016-12682 // VULHUB: VHN-94621 // BID: 94887 // JVNDB: JVNDB-2016-007976 // CNNVD: CNNVD-201612-510 // NVD: CVE-2016-5802

CREDITS

axt

Trust: 2.8

sources: ZDI: ZDI-16-660 // ZDI: ZDI-16-647 // ZDI: ZDI-16-652 // ZDI: ZDI-16-663

SOURCES

db:	IVD	id:	369617cd-e442-4f7b-852f-d167d53a3ae8
db:	IVD	id:	e2ff3e00-39ab-11e9-baf6-000c29342cb1
db:	ZDI	id:	ZDI-16-660
db:	ZDI	id:	ZDI-16-646
db:	ZDI	id:	ZDI-16-647
db:	ZDI	id:	ZDI-16-652
db:	ZDI	id:	ZDI-16-663
db:	CNVD	id:	CNVD-2016-12682
db:	VULHUB	id:	VHN-94621
db:	BID	id:	94887
db:	JVNDB	id:	JVNDB-2016-007976
db:	CNNVD	id:	CNNVD-201612-510
db:	NVD	id:	CVE-2016-5802

LAST UPDATE DATE

2024-11-23T22:01:19.289000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-16-660	date:	2016-12-15T00:00:00
db:	ZDI	id:	ZDI-16-646	date:	2016-12-15T00:00:00
db:	ZDI	id:	ZDI-16-647	date:	2016-12-15T00:00:00
db:	ZDI	id:	ZDI-16-652	date:	2016-12-15T00:00:00
db:	ZDI	id:	ZDI-16-663	date:	2016-12-15T00:00:00
db:	CNVD	id:	CNVD-2016-12682	date:	2018-11-05T00:00:00
db:	VULHUB	id:	VHN-94621	date:	2017-03-14T00:00:00
db:	BID	id:	94887	date:	2016-12-20T01:09:00
db:	JVNDB	id:	JVNDB-2016-007976	date:	2017-04-04T00:00:00
db:	CNNVD	id:	CNNVD-201612-510	date:	2016-12-15T00:00:00
db:	NVD	id:	CVE-2016-5802	date:	2024-11-21T02:55:02.313

SOURCES RELEASE DATE

db:	IVD	id:	369617cd-e442-4f7b-852f-d167d53a3ae8	date:	2016-12-21T00:00:00
db:	IVD	id:	e2ff3e00-39ab-11e9-baf6-000c29342cb1	date:	2016-12-21T00:00:00
db:	ZDI	id:	ZDI-16-660	date:	2016-12-15T00:00:00
db:	ZDI	id:	ZDI-16-646	date:	2016-12-15T00:00:00
db:	ZDI	id:	ZDI-16-647	date:	2016-12-15T00:00:00
db:	ZDI	id:	ZDI-16-652	date:	2016-12-15T00:00:00
db:	ZDI	id:	ZDI-16-663	date:	2016-12-15T00:00:00
db:	CNVD	id:	CNVD-2016-12682	date:	2016-12-21T00:00:00
db:	VULHUB	id:	VHN-94621	date:	2017-02-13T00:00:00
db:	BID	id:	94887	date:	2016-12-14T00:00:00
db:	JVNDB	id:	JVNDB-2016-007976	date:	2017-04-04T00:00:00
db:	CNNVD	id:	CNNVD-201612-510	date:	2016-12-15T00:00:00
db:	NVD	id:	CVE-2016-5802	date:	2017-02-13T21:59:00.330