ID

VAR-201702-0423


CVE

CVE-2016-5805


TITLE

Delta Industrial Automation WPLSoft DVP File Parsing Heap-Based Buffer Overflow Remote Code Execution Vulnerability

Trust: 1.4

sources: ZDI: ZDI-16-648 // ZDI: ZDI-16-656

DESCRIPTION

An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to2.10.10. There are multiple instances of heap-based buffer overflows that may allow malicious files to cause the execution of arbitrary code or a denial of service. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation ISPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of dvp files. The process does not properly validate the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of current process. Delta Electronics WPLSoft and others are software control platforms used by Delta Electronics to edit the Delta DVP series of programmable logic controllers (PLCs). A heap buffer overflow vulnerability exists in several Delta Electronics products

Trust: 9.81

sources: NVD: CVE-2016-5805 // JVNDB: JVNDB-2016-007977 // ZDI: ZDI-16-651 // ZDI: ZDI-16-655 // ZDI: ZDI-16-662 // ZDI: ZDI-16-658 // ZDI: ZDI-16-656 // ZDI: ZDI-16-650 // ZDI: ZDI-16-649 // ZDI: ZDI-16-659 // ZDI: ZDI-16-653 // ZDI: ZDI-16-648 // ZDI: ZDI-16-661 // CNVD: CNVD-2016-12683 // BID: 94887 // IVD: e300285f-39ab-11e9-9115-000c29342cb1 // IVD: c1b2c178-9e7c-41ad-b334-53f292b6a7f0 // VULHUB: VHN-94624

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: c1b2c178-9e7c-41ad-b334-53f292b6a7f0 // IVD: e300285f-39ab-11e9-9115-000c29342cb1 // CNVD: CNVD-2016-12683

AFFECTED PRODUCTS

vendor:delta industrial automationmodel:wplsoftscope: - version: -

Trust: 4.9

vendor:delta industrial automationmodel:ispsoftscope: - version: -

Trust: 2.8

vendor:deltamodel:ispsoftscope:eqversion: -

Trust: 1.6

vendor:deltamodel:pmsoftscope:eqversion: -

Trust: 1.6

vendor:deltamodel:wplsoftscope:eqversion: -

Trust: 1.6

vendor:deltamodel:electronics inc ispsoftscope:eqversion:3.0

Trust: 0.9

vendor:deltamodel:electronics inc pmsoftscope:eqversion:2.0

Trust: 0.9

vendor:deltamodel:electronics inc wplsoftscope:eqversion:2.0

Trust: 0.9

vendor:deltamodel:ispsoftscope:ltversion:3.02.11

Trust: 0.8

vendor:deltamodel:pmsoftscope:ltversion:2.10.10

Trust: 0.8

vendor:deltamodel:wplsoftscope:ltversion:2.42.11

Trust: 0.8

vendor:ispsoftmodel: - scope:eqversion: -

Trust: 0.4

vendor:pmsoftmodel: - scope:eqversion: -

Trust: 0.4

vendor:wplsoftmodel: - scope:eqversion: -

Trust: 0.4

vendor:deltamodel:electronics inc wplsoftscope:neversion:2.42.11

Trust: 0.3

vendor:deltamodel:electronics inc pmsoftscope:neversion:2.10.10

Trust: 0.3

vendor:deltamodel:electronics inc ispsoftscope:neversion:3.02.11

Trust: 0.3

sources: IVD: c1b2c178-9e7c-41ad-b334-53f292b6a7f0 // IVD: e300285f-39ab-11e9-9115-000c29342cb1 // ZDI: ZDI-16-661 // ZDI: ZDI-16-648 // ZDI: ZDI-16-653 // ZDI: ZDI-16-659 // ZDI: ZDI-16-649 // ZDI: ZDI-16-651 // ZDI: ZDI-16-656 // ZDI: ZDI-16-650 // ZDI: ZDI-16-658 // ZDI: ZDI-16-662 // ZDI: ZDI-16-655 // CNVD: CNVD-2016-12683 // BID: 94887 // JVNDB: JVNDB-2016-007977 // CNNVD: CNNVD-201612-509 // NVD: CVE-2016-5805

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2016-5805
value: MEDIUM

Trust: 7.0

nvd@nist.gov: CVE-2016-5805
value: HIGH

Trust: 1.0

NVD: CVE-2016-5805
value: HIGH

Trust: 0.8

ZDI: CVE-2016-5805
value: HIGH

Trust: 0.7

CNVD: CNVD-2016-12683
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201612-509
value: MEDIUM

Trust: 0.6

IVD: c1b2c178-9e7c-41ad-b334-53f292b6a7f0
value: MEDIUM

Trust: 0.2

IVD: e300285f-39ab-11e9-9115-000c29342cb1
value: MEDIUM

Trust: 0.2

VULHUB: VHN-94624
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-5805
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 8.1

ZDI: CVE-2016-5805
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

ZDI: CVE-2016-5805
severity: MEDIUM
baseScore: 5.1
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

CNVD: CNVD-2016-12683
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: c1b2c178-9e7c-41ad-b334-53f292b6a7f0
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: e300285f-39ab-11e9-9115-000c29342cb1
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-94624
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-5805
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: c1b2c178-9e7c-41ad-b334-53f292b6a7f0 // IVD: e300285f-39ab-11e9-9115-000c29342cb1 // ZDI: ZDI-16-661 // ZDI: ZDI-16-648 // ZDI: ZDI-16-653 // ZDI: ZDI-16-659 // ZDI: ZDI-16-649 // ZDI: ZDI-16-651 // ZDI: ZDI-16-656 // ZDI: ZDI-16-650 // ZDI: ZDI-16-658 // ZDI: ZDI-16-662 // ZDI: ZDI-16-655 // CNVD: CNVD-2016-12683 // VULHUB: VHN-94624 // JVNDB: JVNDB-2016-007977 // CNNVD: CNNVD-201612-509 // NVD: CVE-2016-5805

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-94624 // JVNDB: JVNDB-2016-007977 // NVD: CVE-2016-5805

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201612-509

TYPE

Buffer overflow

Trust: 1.0

sources: IVD: c1b2c178-9e7c-41ad-b334-53f292b6a7f0 // IVD: e300285f-39ab-11e9-9115-000c29342cb1 // CNNVD: CNNVD-201612-509

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007977

PATCH

title:Delta Industrial Automation has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-16-348-03

Trust: 7.7

title:Top Pageurl:http://www.deltaww.com/

Trust: 0.8

title:Patches for Multiple Delta Electronics Product Heap Buffer Overflow Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/86302

Trust: 0.6

title:Multiple Delta Electronics Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66543

Trust: 0.6

sources: ZDI: ZDI-16-661 // ZDI: ZDI-16-648 // ZDI: ZDI-16-653 // ZDI: ZDI-16-659 // ZDI: ZDI-16-649 // ZDI: ZDI-16-651 // ZDI: ZDI-16-656 // ZDI: ZDI-16-650 // ZDI: ZDI-16-658 // ZDI: ZDI-16-662 // ZDI: ZDI-16-655 // CNVD: CNVD-2016-12683 // JVNDB: JVNDB-2016-007977 // CNNVD: CNNVD-201612-509

EXTERNAL IDS

db:NVDid:CVE-2016-5805

Trust: 11.5

db:ICS CERTid:ICSA-16-348-03

Trust: 3.4

db:BIDid:94887

Trust: 2.6

db:CNNVDid:CNNVD-201612-509

Trust: 1.1

db:CNVDid:CNVD-2016-12683

Trust: 1.0

db:JVNDBid:JVNDB-2016-007977

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-3915

Trust: 0.7

db:ZDIid:ZDI-16-661

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-3865

Trust: 0.7

db:ZDIid:ZDI-16-648

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-3930

Trust: 0.7

db:ZDIid:ZDI-16-653

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-3916

Trust: 0.7

db:ZDIid:ZDI-16-659

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-3859

Trust: 0.7

db:ZDIid:ZDI-16-649

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-3909

Trust: 0.7

db:ZDIid:ZDI-16-651

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-3911

Trust: 0.7

db:ZDIid:ZDI-16-656

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-3860

Trust: 0.7

db:ZDIid:ZDI-16-650

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-3913

Trust: 0.7

db:ZDIid:ZDI-16-658

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-4016

Trust: 0.7

db:ZDIid:ZDI-16-662

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-3910

Trust: 0.7

db:ZDIid:ZDI-16-655

Trust: 0.7

db:IVDid:C1B2C178-9E7C-41AD-B334-53F292B6A7F0

Trust: 0.2

db:IVDid:E300285F-39AB-11E9-9115-000C29342CB1

Trust: 0.2

db:VULHUBid:VHN-94624

Trust: 0.1

sources: IVD: c1b2c178-9e7c-41ad-b334-53f292b6a7f0 // IVD: e300285f-39ab-11e9-9115-000c29342cb1 // ZDI: ZDI-16-661 // ZDI: ZDI-16-648 // ZDI: ZDI-16-653 // ZDI: ZDI-16-659 // ZDI: ZDI-16-649 // ZDI: ZDI-16-651 // ZDI: ZDI-16-656 // ZDI: ZDI-16-650 // ZDI: ZDI-16-658 // ZDI: ZDI-16-662 // ZDI: ZDI-16-655 // CNVD: CNVD-2016-12683 // VULHUB: VHN-94624 // BID: 94887 // JVNDB: JVNDB-2016-007977 // CNNVD: CNNVD-201612-509 // NVD: CVE-2016-5805

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-16-348-03

Trust: 10.5

url:http://www.securityfocus.com/bid/94887

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5805

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2016-5805

Trust: 0.8

url:https://ics-cert.us-cert.gov/advisories/icsa-16-348-03#footnotea_6tkr584

Trust: 0.6

url:http://www.deltaww.com/

Trust: 0.3

sources: ZDI: ZDI-16-661 // ZDI: ZDI-16-648 // ZDI: ZDI-16-653 // ZDI: ZDI-16-659 // ZDI: ZDI-16-649 // ZDI: ZDI-16-651 // ZDI: ZDI-16-656 // ZDI: ZDI-16-650 // ZDI: ZDI-16-658 // ZDI: ZDI-16-662 // ZDI: ZDI-16-655 // CNVD: CNVD-2016-12683 // VULHUB: VHN-94624 // BID: 94887 // JVNDB: JVNDB-2016-007977 // CNNVD: CNNVD-201612-509 // NVD: CVE-2016-5805

CREDITS

axt

Trust: 7.7

sources: ZDI: ZDI-16-661 // ZDI: ZDI-16-648 // ZDI: ZDI-16-653 // ZDI: ZDI-16-659 // ZDI: ZDI-16-649 // ZDI: ZDI-16-651 // ZDI: ZDI-16-656 // ZDI: ZDI-16-650 // ZDI: ZDI-16-658 // ZDI: ZDI-16-662 // ZDI: ZDI-16-655

SOURCES

db:IVDid:c1b2c178-9e7c-41ad-b334-53f292b6a7f0
db:IVDid:e300285f-39ab-11e9-9115-000c29342cb1
db:ZDIid:ZDI-16-661
db:ZDIid:ZDI-16-648
db:ZDIid:ZDI-16-653
db:ZDIid:ZDI-16-659
db:ZDIid:ZDI-16-649
db:ZDIid:ZDI-16-651
db:ZDIid:ZDI-16-656
db:ZDIid:ZDI-16-650
db:ZDIid:ZDI-16-658
db:ZDIid:ZDI-16-662
db:ZDIid:ZDI-16-655
db:CNVDid:CNVD-2016-12683
db:VULHUBid:VHN-94624
db:BIDid:94887
db:JVNDBid:JVNDB-2016-007977
db:CNNVDid:CNNVD-201612-509
db:NVDid:CVE-2016-5805

LAST UPDATE DATE

2024-11-29T22:49:47.108000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-16-661date:2016-12-15T00:00:00
db:ZDIid:ZDI-16-648date:2016-12-15T00:00:00
db:ZDIid:ZDI-16-653date:2016-12-15T00:00:00
db:ZDIid:ZDI-16-659date:2016-12-15T00:00:00
db:ZDIid:ZDI-16-649date:2016-12-15T00:00:00
db:ZDIid:ZDI-16-651date:2016-12-15T00:00:00
db:ZDIid:ZDI-16-656date:2016-12-15T00:00:00
db:ZDIid:ZDI-16-650date:2016-12-15T00:00:00
db:ZDIid:ZDI-16-658date:2016-12-15T00:00:00
db:ZDIid:ZDI-16-662date:2016-12-15T00:00:00
db:ZDIid:ZDI-16-655date:2016-12-15T00:00:00
db:CNVDid:CNVD-2016-12683date:2018-11-05T00:00:00
db:VULHUBid:VHN-94624date:2017-03-14T00:00:00
db:BIDid:94887date:2016-12-20T01:09:00
db:JVNDBid:JVNDB-2016-007977date:2017-04-04T00:00:00
db:CNNVDid:CNNVD-201612-509date:2016-12-15T00:00:00
db:NVDid:CVE-2016-5805date:2024-11-21T02:55:02.687

SOURCES RELEASE DATE

db:IVDid:c1b2c178-9e7c-41ad-b334-53f292b6a7f0date:2016-12-21T00:00:00
db:IVDid:e300285f-39ab-11e9-9115-000c29342cb1date:2016-12-21T00:00:00
db:ZDIid:ZDI-16-661date:2016-12-15T00:00:00
db:ZDIid:ZDI-16-648date:2016-12-15T00:00:00
db:ZDIid:ZDI-16-653date:2016-12-15T00:00:00
db:ZDIid:ZDI-16-659date:2016-12-15T00:00:00
db:ZDIid:ZDI-16-649date:2016-12-15T00:00:00
db:ZDIid:ZDI-16-651date:2016-12-15T00:00:00
db:ZDIid:ZDI-16-656date:2016-12-15T00:00:00
db:ZDIid:ZDI-16-650date:2016-12-15T00:00:00
db:ZDIid:ZDI-16-658date:2016-12-15T00:00:00
db:ZDIid:ZDI-16-662date:2016-12-15T00:00:00
db:ZDIid:ZDI-16-655date:2016-12-15T00:00:00
db:CNVDid:CNVD-2016-12683date:2016-12-21T00:00:00
db:VULHUBid:VHN-94624date:2017-02-13T00:00:00
db:BIDid:94887date:2016-12-14T00:00:00
db:JVNDBid:JVNDB-2016-007977date:2017-04-04T00:00:00
db:CNNVDid:CNNVD-201612-509date:2016-12-15T00:00:00
db:NVDid:CVE-2016-5805date:2017-02-13T21:59:00.393