Details of VAR-201806-0554

ID

VAR-201806-0554

CVE

CVE-2018-10594

TITLE

Delta Industrial Automation COMMGR Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2018-006826 // CNNVD: CNNVD-201806-1170

DESCRIPTION

Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1) utilize a fixed-length stack buffer where an unverified length value can be read from the network packets via a specific network port, causing the buffer to be overwritten. This may allow remote code execution, cause the application to crash, or result in a denial-of-service condition in the application server. Delta Industrial Automation COMMGR Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation COMMGR. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of TCP packets sent to COMMGR. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of the COMMGR process. Delta Industrial Automation COMMGR is a communications management software from Delta Electronics. Failed exploit attempts will likely cause a denial-of-service condition. Industrial Automation COMMGR 1.08 and prior are vulnerable

Trust: 5.13

sources: NVD: CVE-2018-10594 // JVNDB: JVNDB-2018-006826 // ZDI: ZDI-18-587 // ZDI: ZDI-18-586 // ZDI: ZDI-18-588 // ZDI: ZDI-18-585 // CNVD: CNVD-2018-12128 // BID: 104529 // IVD: e2ff3e01-39ab-11e9-a6a4-000c29342cb1

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2ff3e01-39ab-11e9-a6a4-000c29342cb1 // CNVD: CNVD-2018-12128

AFFECTED PRODUCTS

vendor:	delta industrial automation	model:	commgr	scope:	-	version:	-	Trust: 2.8
vendor:	deltaww	model:	commgr	scope:	lte	version:	1.08	Trust: 1.0
vendor:	delta	model:	commgr	scope:	lte	version:	1.08	Trust: 0.8
vendor:	delta	model:	electronics delta industrial automation commgr	scope:	lte	version:	<=1.08	Trust: 0.6
vendor:	delta	model:	electronics delta industrial automation commgr ahsim 5x0	scope:	-	version:	-	Trust: 0.6
vendor:	delta	model:	electronics delta industrial automation commgr ahsim 5x1	scope:	-	version:	-	Trust: 0.6
vendor:	delta	model:	electronics delta industrial automation commgr dvpsimulator eh2	scope:	-	version:	-	Trust: 0.6
vendor:	delta	model:	electronics delta industrial automation commgr dvpsimulator eh3	scope:	-	version:	-	Trust: 0.6
vendor:	delta	model:	electronics delta industrial automation commgr dvpsimulator es2	scope:	-	version:	-	Trust: 0.6
vendor:	delta	model:	electronics delta industrial automation commgr dvpsimulator se	scope:	-	version:	-	Trust: 0.6
vendor:	delta	model:	electronics delta industrial automation commgr dvpsimulator ss2	scope:	-	version:	-	Trust: 0.6
vendor:	deltaww	model:	commgr	scope:	eq	version:	1.08	Trust: 0.6
vendor:	delta	model:	electronics inc industrial automation commgr	scope:	eq	version:	1.08	Trust: 0.3
vendor:	delta	model:	electronics inc dvpsimulator ss2	scope:	eq	version:	0	Trust: 0.3
vendor:	delta	model:	electronics inc dvpsimulator se	scope:	eq	version:	0	Trust: 0.3
vendor:	delta	model:	electronics inc dvpsimulator es2	scope:	eq	version:	0	Trust: 0.3
vendor:	delta	model:	electronics inc dvpsimulator eh3	scope:	eq	version:	0	Trust: 0.3
vendor:	delta	model:	electronics inc dvpsimulator eh2	scope:	eq	version:	0	Trust: 0.3
vendor:	delta	model:	electronics inc ahsim	scope:	eq	version:	5x1	Trust: 0.3
vendor:	delta	model:	electronics inc ahsim	scope:	eq	version:	5x0	Trust: 0.3
vendor:	delta	model:	electronics inc industrial automation commgr	scope:	ne	version:	1.09	Trust: 0.3
vendor:	commgr	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2ff3e01-39ab-11e9-a6a4-000c29342cb1 // ZDI: ZDI-18-587 // ZDI: ZDI-18-586 // ZDI: ZDI-18-588 // ZDI: ZDI-18-585 // CNVD: CNVD-2018-12128 // BID: 104529 // JVNDB: JVNDB-2018-006826 // CNNVD: CNNVD-201806-1170 // NVD: CVE-2018-10594

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2018-10594
value:	HIGH
Trust: 2.8
nvd@nist.gov:	CVE-2018-10594
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-10594
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2018-12128
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201806-1170
value:	CRITICAL
Trust: 0.6
IVD:	e2ff3e01-39ab-11e9-a6a4-000c29342cb1
value:	CRITICAL
Trust: 0.2

nvd@nist.gov:	CVE-2018-10594
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 4.6
CNVD:	CNVD-2018-12128
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2ff3e01-39ab-11e9-a6a4-000c29342cb1
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2018-10594
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: e2ff3e01-39ab-11e9-a6a4-000c29342cb1 // ZDI: ZDI-18-587 // ZDI: ZDI-18-586 // ZDI: ZDI-18-588 // ZDI: ZDI-18-585 // CNVD: CNVD-2018-12128 // JVNDB: JVNDB-2018-006826 // CNNVD: CNNVD-201806-1170 // NVD: CVE-2018-10594

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.8
problemtype:	CWE-121	Trust: 1.0

sources: JVNDB: JVNDB-2018-006826 // NVD: CVE-2018-10594

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-1170

TYPE

Buffer error

Trust: 0.8

sources: IVD: e2ff3e01-39ab-11e9-a6a4-000c29342cb1 // CNNVD: CNNVD-201806-1170

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-006826

PATCH

title:	Delta Industrial Automation has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-18-172-01	Trust: 2.8
title:	Top Page	url:	http://www.deltaww.com/	Trust: 0.8
title:	Patch for Delta Electronics Delta Industrial Automation COMMGR Buffer Overflow Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/132857	Trust: 0.6
title:	Delta Industrial Automation COMMGR Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81478	Trust: 0.6

sources: ZDI: ZDI-18-587 // ZDI: ZDI-18-586 // ZDI: ZDI-18-588 // ZDI: ZDI-18-585 // CNVD: CNVD-2018-12128 // JVNDB: JVNDB-2018-006826 // CNNVD: CNNVD-201806-1170

EXTERNAL IDS

db:	NVD	id:	CVE-2018-10594	Trust: 6.3
db:	ICS CERT	id:	ICSA-18-172-01	Trust: 2.7
db:	BID	id:	104529	Trust: 2.5
db:	EXPLOIT-DB	id:	44965	Trust: 1.6
db:	EXPLOIT-DB	id:	45574	Trust: 1.6
db:	CNVD	id:	CNVD-2018-12128	Trust: 0.8
db:	CNNVD	id:	CNNVD-201806-1170	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-006826	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-5668	Trust: 0.7
db:	ZDI	id:	ZDI-18-587	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-5666	Trust: 0.7
db:	ZDI	id:	ZDI-18-586	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-5667	Trust: 0.7
db:	ZDI	id:	ZDI-18-588	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-5665	Trust: 0.7
db:	ZDI	id:	ZDI-18-585	Trust: 0.7
db:	IVD	id:	E2FF3E01-39AB-11E9-A6A4-000C29342CB1	Trust: 0.2

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-172-01	Trust: 5.5
url:	http://www.securityfocus.com/bid/104529	Trust: 2.8
url:	https://www.exploit-db.com/exploits/45574/	Trust: 1.6
url:	https://www.exploit-db.com/exploits/44965/	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10594	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-10594	Trust: 0.8
url:	http://www.deltaww.com/	Trust: 0.3

sources: ZDI: ZDI-18-587 // ZDI: ZDI-18-586 // ZDI: ZDI-18-588 // ZDI: ZDI-18-585 // CNVD: CNVD-2018-12128 // BID: 104529 // JVNDB: JVNDB-2018-006826 // CNNVD: CNNVD-201806-1170 // NVD: CVE-2018-10594

CREDITS

Anonymous

Trust: 2.8

sources: ZDI: ZDI-18-587 // ZDI: ZDI-18-586 // ZDI: ZDI-18-588 // ZDI: ZDI-18-585

SOURCES

db:	IVD	id:	e2ff3e01-39ab-11e9-a6a4-000c29342cb1
db:	ZDI	id:	ZDI-18-587
db:	ZDI	id:	ZDI-18-586
db:	ZDI	id:	ZDI-18-588
db:	ZDI	id:	ZDI-18-585
db:	CNVD	id:	CNVD-2018-12128
db:	BID	id:	104529
db:	JVNDB	id:	JVNDB-2018-006826
db:	CNNVD	id:	CNNVD-201806-1170
db:	NVD	id:	CVE-2018-10594

LAST UPDATE DATE

2024-11-23T23:05:06.011000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-18-587	date:	2018-06-26T00:00:00
db:	ZDI	id:	ZDI-18-586	date:	2018-06-26T00:00:00
db:	ZDI	id:	ZDI-18-588	date:	2018-06-26T00:00:00
db:	ZDI	id:	ZDI-18-585	date:	2018-06-26T00:00:00
db:	CNVD	id:	CNVD-2018-12128	date:	2018-11-05T00:00:00
db:	BID	id:	104529	date:	2018-06-21T00:00:00
db:	JVNDB	id:	JVNDB-2018-006826	date:	2018-08-31T00:00:00
db:	CNNVD	id:	CNNVD-201806-1170	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-10594	date:	2024-11-21T03:41:37.600

SOURCES RELEASE DATE

db:	IVD	id:	e2ff3e01-39ab-11e9-a6a4-000c29342cb1	date:	2018-06-27T00:00:00
db:	ZDI	id:	ZDI-18-587	date:	2018-06-26T00:00:00
db:	ZDI	id:	ZDI-18-586	date:	2018-06-26T00:00:00
db:	ZDI	id:	ZDI-18-588	date:	2018-06-26T00:00:00
db:	ZDI	id:	ZDI-18-585	date:	2018-06-26T00:00:00
db:	CNVD	id:	CNVD-2018-12128	date:	2018-06-27T00:00:00
db:	BID	id:	104529	date:	2018-06-21T00:00:00
db:	JVNDB	id:	JVNDB-2018-006826	date:	2018-08-31T00:00:00
db:	CNNVD	id:	CNNVD-201806-1170	date:	2018-06-26T00:00:00
db:	NVD	id:	CVE-2018-10594	date:	2018-06-26T20:29:00.227