nvd-json-data-feeds/CVE-2017/CVE-2017-167xx/CVE-2017-16745.json

{
  "id": "CVE-2017-16745",
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "published": "2018-03-15T23:29:00.253",
  "lastModified": "2019-10-09T23:25:16.863",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "A Type Confusion issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. An access of resource using incompatible type ('type confusion') vulnerability may allow an attacker to execute remote code when processing specially crafted .dpb files."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto una vulnerabilidad de confusi\u00f3n de tipos en Delta Industrial Automation Screen Editor de Delta Electronics en las versiones 2.00.23.00 y anteriores. Un acceso de recurso que utiliza una vulnerabilidad de tipo incompatible (confusi\u00f3n de tipos) podr\u00eda permitir que un atacante ejecute c\u00f3digo remotamente cuando se procesan archivos .dpb especialmente manipulados."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-704"
        }
      ]
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-843"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:deltaww:delta_industrial_automation_screen_editor:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "2.00.23.00",
              "matchCriteriaId": "1FE7B554-B7E3-4864-80E7-D49678FEBCC6"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.securityfocus.com/bid/102426",
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-01",
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ]
    }
  ]
}