ID

VAR-201805-1140


CVE

CVE-2018-7494


TITLE

Delta Electronics WPLSoft Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2018-004570 // CNNVD: CNNVD-201803-767

DESCRIPTION

WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length stack buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash. Delta Electronics WPLSoft Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft and Delta Industrial Automation ISPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of dvp files. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of current process. Delta Industrial Automation is the industry automation vendor for power management and cooling solutions worldwide. The length of the data provided by the user was not properly verified. WPLSoft (Delta PLC programming software) is a PLC program programming software used by Delta Electronics in the WINDOWS operating system environment. Delta Electronics WPLSoft has a stack buffer overflow vulnerability. The application uses a fixed-length heap buffer. Execute or cause the application to crash. A stack-based buffer-overflow vulnerability 2. A heap-based buffer-overflow vulnerability 3

Trust: 4.14

sources: NVD: CVE-2018-7494 // JVNDB: JVNDB-2018-004570 // ZDI: ZDI-17-698 // CNVD: CNVD-2017-22817 // CNVD: CNVD-2018-03767 // BID: 103179 // IVD: e3004f6f-39ab-11e9-b569-000c29342cb1 // IVD: 117014c0-b059-4ede-9515-daf57ae2fdf1 // IVD: e2ffb331-39ab-11e9-9c2e-000c29342cb1

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.8

sources: IVD: e3004f6f-39ab-11e9-b569-000c29342cb1 // IVD: 117014c0-b059-4ede-9515-daf57ae2fdf1 // IVD: e2ffb331-39ab-11e9-9c2e-000c29342cb1 // CNVD: CNVD-2017-22817 // CNVD: CNVD-2018-03767

AFFECTED PRODUCTS

vendor:deltawwmodel:wplsoftscope:lteversion:2.45.0

Trust: 1.0

vendor:deltamodel:wplsoftscope:lteversion:2.45.0

Trust: 0.8

vendor:delta industrial automationmodel:wplsoftscope: - version: -

Trust: 0.7

vendor:deltamodel:industrial automation wplsoftscope: - version: -

Trust: 0.6

vendor:deltamodel:electronics wplsoftscope:lteversion:<=2.45.0

Trust: 0.6

vendor:deltawwmodel:wplsoftscope:eqversion:2.45.0

Trust: 0.6

vendor:deltamodel:industrial automation wplsoftscope:eqversion:*

Trust: 0.4

vendor:deltamodel:electronics inc wplsoftscope:eqversion:2.45.0

Trust: 0.3

vendor:deltamodel:electronics inc wplsoftscope:eqversion:2.42.11

Trust: 0.3

vendor:deltamodel:electronics inc wplsoftscope:eqversion:2.0

Trust: 0.3

vendor:deltamodel:electronics inc wplsoftscope:neversion:2.46.0

Trust: 0.3

vendor:wplsoftmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: e3004f6f-39ab-11e9-b569-000c29342cb1 // IVD: 117014c0-b059-4ede-9515-daf57ae2fdf1 // IVD: e2ffb331-39ab-11e9-9c2e-000c29342cb1 // ZDI: ZDI-17-698 // CNVD: CNVD-2017-22817 // CNVD: CNVD-2018-03767 // BID: 103179 // JVNDB: JVNDB-2018-004570 // CNNVD: CNNVD-201803-767 // NVD: CVE-2018-7494

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7494
value: HIGH

Trust: 1.0

NVD: CVE-2018-7494
value: HIGH

Trust: 0.8

ZDI: CVE-2018-7494
value: HIGH

Trust: 0.7

CNVD: CNVD-2017-22817
value: HIGH

Trust: 0.6

CNVD: CNVD-2018-03767
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201803-767
value: HIGH

Trust: 0.6

IVD: e3004f6f-39ab-11e9-b569-000c29342cb1
value: HIGH

Trust: 0.2

IVD: 117014c0-b059-4ede-9515-daf57ae2fdf1
value: HIGH

Trust: 0.2

IVD: e2ffb331-39ab-11e9-9c2e-000c29342cb1
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2018-7494
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2018-7494
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

CNVD: CNVD-2017-22817
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

CNVD: CNVD-2018-03767
severity: HIGH
baseScore: 9.7
vectorString: AV:N/AC:L/AU:N/C:P/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 9.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e3004f6f-39ab-11e9-b569-000c29342cb1
severity: HIGH
baseScore: 9.7
vectorString: AV:N/AC:L/AU:N/C:P/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 9.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 117014c0-b059-4ede-9515-daf57ae2fdf1
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: e2ffb331-39ab-11e9-9c2e-000c29342cb1
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-7494
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: e3004f6f-39ab-11e9-b569-000c29342cb1 // IVD: 117014c0-b059-4ede-9515-daf57ae2fdf1 // IVD: e2ffb331-39ab-11e9-9c2e-000c29342cb1 // ZDI: ZDI-17-698 // CNVD: CNVD-2017-22817 // CNVD: CNVD-2018-03767 // JVNDB: JVNDB-2018-004570 // CNNVD: CNNVD-201803-767 // NVD: CVE-2018-7494

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

problemtype:CWE-121

Trust: 1.0

sources: JVNDB: JVNDB-2018-004570 // NVD: CVE-2018-7494

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-767

TYPE

Buffer error

Trust: 0.8

sources: IVD: e3004f6f-39ab-11e9-b569-000c29342cb1 // CNNVD: CNNVD-201803-767

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-004570

PATCH

title:Top Pageurl:http://www.deltaww.com/

Trust: 0.8

title:Delta Industrial Automation has issued an update to correct this vulnerability. This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.02/01/17 - ZDI disclosed reports to ICS-CERT02/07/17 - ICS-CERT provided ZDI with an ICS-VU # ICS-VU-97456803/16/17 - ICS-CERT asked ZDI questions about reproduction03/27/17 - ICS-CERT asked ZDI again some questions about reproduction06/07/17 - ICS-CERT offered ZDI a pre-release patch to test06/07/17 - ZDI replied that we cannot do the testing for the vendor07/20/17 - ZDI sent a mail to ICS-CERT asking the status07/26/17 - ICS-CERT advised that the vendor has a new version they believe addressed the reports (though to ZDI knowledge, no advisory was released)08/02/17 - ZDI advised ICS-CERT that our finder indicated that the vulnerabilities are still present08/11/17 - ZDI wrote ICS-CERT to indicate the intention to move these reports to 0-day on 8/24-- Mitigation:Given the nature of the vulnerability the only salient mitigation strategy is to restrict interaction with the application to trusted files.url:https://ics-cert.us-cert.gov/advisories/ICSA-18-058-02

Trust: 0.7

title:Delta Industrial Automation WPLSoft Stack Buffer Overflow Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/143669

Trust: 0.6

title:Patch for Delta Electronics WPLSoft Stack Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/119167

Trust: 0.6

title:Delta Electronics WPLSoft Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79353

Trust: 0.6

sources: ZDI: ZDI-17-698 // CNVD: CNVD-2017-22817 // CNVD: CNVD-2018-03767 // JVNDB: JVNDB-2018-004570 // CNNVD: CNNVD-201803-767

EXTERNAL IDS

db:NVDid:CVE-2018-7494

Trust: 4.2

db:ICS CERTid:ICSA-18-058-02

Trust: 3.3

db:BIDid:103179

Trust: 1.9

db:ZDIid:ZDI-17-698

Trust: 1.3

db:CNVDid:CNVD-2017-22817

Trust: 1.0

db:CNVDid:CNVD-2018-03767

Trust: 0.8

db:CNNVDid:CNNVD-201803-767

Trust: 0.8

db:JVNDBid:JVNDB-2018-004570

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-3917

Trust: 0.7

db:IVDid:E3004F6F-39AB-11E9-B569-000C29342CB1

Trust: 0.2

db:IVDid:117014C0-B059-4EDE-9515-DAF57AE2FDF1

Trust: 0.2

db:IVDid:E2FFB331-39AB-11E9-9C2E-000C29342CB1

Trust: 0.2

sources: IVD: e3004f6f-39ab-11e9-b569-000c29342cb1 // IVD: 117014c0-b059-4ede-9515-daf57ae2fdf1 // IVD: e2ffb331-39ab-11e9-9c2e-000c29342cb1 // ZDI: ZDI-17-698 // CNVD: CNVD-2017-22817 // CNVD: CNVD-2018-03767 // BID: 103179 // JVNDB: JVNDB-2018-004570 // CNNVD: CNNVD-201803-767 // NVD: CVE-2018-7494

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-18-058-02

Trust: 4.0

url:http://www.securityfocus.com/bid/103179

Trust: 1.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7494

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-7494

Trust: 0.8

url:http://www.zerodayinitiative.com/advisories/zdi-17-698/

Trust: 0.6

url:http://www.deltaww.com/

Trust: 0.3

sources: ZDI: ZDI-17-698 // CNVD: CNVD-2017-22817 // CNVD: CNVD-2018-03767 // BID: 103179 // JVNDB: JVNDB-2018-004570 // CNNVD: CNNVD-201803-767 // NVD: CVE-2018-7494

CREDITS

axt

Trust: 0.7

sources: ZDI: ZDI-17-698

SOURCES

db:IVDid:e3004f6f-39ab-11e9-b569-000c29342cb1
db:IVDid:117014c0-b059-4ede-9515-daf57ae2fdf1
db:IVDid:e2ffb331-39ab-11e9-9c2e-000c29342cb1
db:ZDIid:ZDI-17-698
db:CNVDid:CNVD-2017-22817
db:CNVDid:CNVD-2018-03767
db:BIDid:103179
db:JVNDBid:JVNDB-2018-004570
db:CNNVDid:CNNVD-201803-767
db:NVDid:CVE-2018-7494

LAST UPDATE DATE

2024-08-14T13:56:01.512000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-17-698date:2018-03-28T00:00:00
db:CNVDid:CNVD-2017-22817date:2018-11-05T00:00:00
db:CNVDid:CNVD-2018-03767date:2018-11-05T00:00:00
db:BIDid:103179date:2018-02-27T00:00:00
db:JVNDBid:JVNDB-2018-004570date:2018-06-25T00:00:00
db:CNNVDid:CNNVD-201803-767date:2019-10-17T00:00:00
db:NVDid:CVE-2018-7494date:2019-10-09T23:42:19.160

SOURCES RELEASE DATE

db:IVDid:e3004f6f-39ab-11e9-b569-000c29342cb1date:2018-02-28T00:00:00
db:IVDid:117014c0-b059-4ede-9515-daf57ae2fdf1date:2017-08-25T00:00:00
db:IVDid:e2ffb331-39ab-11e9-9c2e-000c29342cb1date:2017-08-25T00:00:00
db:ZDIid:ZDI-17-698date:2017-08-24T00:00:00
db:CNVDid:CNVD-2017-22817date:2017-08-25T00:00:00
db:CNVDid:CNVD-2018-03767date:2018-02-28T00:00:00
db:BIDid:103179date:2018-02-27T00:00:00
db:JVNDBid:JVNDB-2018-004570date:2018-06-25T00:00:00
db:CNNVDid:CNNVD-201803-767date:2018-03-22T00:00:00
db:NVDid:CVE-2018-7494date:2018-05-04T19:29:00.237