cve/2018/CVE-2018-10594.md

### [CVE-2018-10594](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10594)
![](https://img.shields.io/static/v1?label=Product&message=Delta%20Industrial%20Automation%20COMMGR%20and%20accompanying%20PLC%20Simulators%20(DVPSimulator%20EH2%2C%20EH3%2C%20ES2%2C%20SE%2C%20SS2%20and%20AHSIM_5x0%2C%20AHSIM_5x1)&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=STACK-BASED%20BUFFER%20OVERFLOW%20CWE-121&color=brighgreen)

### Description

Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1) utilize a fixed-length stack buffer where an unverified length value can be read from the network packets via a specific network port, causing the buffer to be overwritten. This may allow remote code execution, cause the application to crash, or result in a denial-of-service condition in the application server.

### POC

#### Reference
- https://www.exploit-db.com/exploits/44965/
- https://www.exploit-db.com/exploits/45574/

#### Github
- https://github.com/ARPSyndicate/cvemon
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2018-10594](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10594)`
			`![](https://img.shields.io/static/v1?label=Product&message=Delta%20Industrial%20Automation%20COMMGR%20and%20accompanying%20PLC%20Simulators%20(DVPSimulator%20EH2%2C%20EH3%2C%20ES2%2C%20SE%2C%20SS2%20and%20AHSIM_5x0%2C%20AHSIM_5x1)&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=STACK-BASED%20BUFFER%20OVERFLOW%20CWE-121&color=brighgreen)`

			`### Description`

			`Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1) utilize a fixed-length stack buffer where an unverified length value can be read from the network packets via a specific network port, causing the buffer to be overwritten. This may allow remote code execution, cause the application to crash, or result in a denial-of-service condition in the application server.`

			`### POC`

			`#### Reference`
			`- https://www.exploit-db.com/exploits/44965/`
			`- https://www.exploit-db.com/exploits/45574/`

			`#### Github`
			`- https://github.com/ARPSyndicate/cvemon`