QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2018-10594

Back to search

CVE-2018-10594

Published: Jun 26, 2018

Modified: Sep 16, 2024

PUBLISHED

Description

Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1) utilize a fixed-length stack buffer where an unverified length value can be read from the network packets via a specific network port, causing the buffer to be overwritten. This may allow remote code execution, cause the application to crash, or result in a denial-of-service condition in the application server.

VendorProductVersions

ICS-CERT

Delta Industrial Automation COMMGR and accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1)

affected
Version 1.08 and prior

Weaknesses (CWE)

CWE-121

References

104529
vdb-entry
x_refsource_BID
44965
exploit
x_refsource_EXPLOIT-DB
45574
exploit
x_refsource_EXPLOIT-DB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now