{ "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2018-06-21T00:00:00", "ID": "CVE-2018-10594", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Delta Industrial Automation COMMGR and accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1)", "version": { "version_data": [ { "version_value": "Version 1.08 and prior" } ] } } ] }, "vendor_name": "ICS-CERT" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1) utilize a fixed-length stack buffer where an unverified length value can be read from the network packets via a specific network port, causing the buffer to be overwritten. This may allow remote code execution, cause the application to crash, or result in a denial-of-service condition in the application server." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "STACK-BASED BUFFER OVERFLOW CWE-121" } ] } ] }, "references": { "reference_data": [ { "name": "104529", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104529" }, { "name": "44965", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/44965/" }, { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-172-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-172-01" }, { "name": "45574", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/45574/" } ] } }