Details of VAR-201708-1566

ID

VAR-201708-1566

TITLE

(0Day) Delta Industrial Automation PMSoft Project File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Trust: 0.7

sources: ZDI: ZDI-17-706

DESCRIPTION

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation PMSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within parsing of information for a TTreeView object in a ppm project file. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. Delta Industrial Automation is the industry automation vendor for power management and cooling solutions worldwide. WPLSoft and PMSoft are Delta's PLC programming software. The length of the data provided by the user is not verified

Trust: 1.53

sources: ZDI: ZDI-17-706 // CNVD: CNVD-2017-22825 // IVD: af6d17dc-4489-4c06-b9a8-ca9ea7b79486 // IVD: 7d803930-463f-11e9-a709-000c29342cb1

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.0

sources: IVD: af6d17dc-4489-4c06-b9a8-ca9ea7b79486 // IVD: 7d803930-463f-11e9-a709-000c29342cb1 // CNVD: CNVD-2017-22825

AFFECTED PRODUCTS

vendor:	delta industrial automation	model:	pmsoft	scope:	-	version:	-	Trust: 0.7
vendor:	delta	model:	industrial automation pmsoft	scope:	-	version:	-	Trust: 0.6
vendor:	delta	model:	industrial automation pmsoft	scope:	eq	version:	*	Trust: 0.4

sources: IVD: af6d17dc-4489-4c06-b9a8-ca9ea7b79486 // IVD: 7d803930-463f-11e9-a709-000c29342cb1 // ZDI: ZDI-17-706 // CNVD: CNVD-2017-22825

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	ZDI-17-706
value:	MEDIUM
Trust: 0.7
CNVD:	CNVD-2017-22825
value:	MEDIUM
Trust: 0.6
IVD:	af6d17dc-4489-4c06-b9a8-ca9ea7b79486
value:	MEDIUM
Trust: 0.2
IVD:	7d803930-463f-11e9-a709-000c29342cb1
value:	MEDIUM
Trust: 0.2

ZDI:	ZDI-17-706
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
CNVD:	CNVD-2017-22825
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	af6d17dc-4489-4c06-b9a8-ca9ea7b79486
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	7d803930-463f-11e9-a709-000c29342cb1
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: af6d17dc-4489-4c06-b9a8-ca9ea7b79486 // IVD: 7d803930-463f-11e9-a709-000c29342cb1 // ZDI: ZDI-17-706 // CNVD: CNVD-2017-22825

TYPE

Buffer overflow

Trust: 0.4

sources: IVD: af6d17dc-4489-4c06-b9a8-ca9ea7b79486 // IVD: 7d803930-463f-11e9-a709-000c29342cb1

PATCH

title:

Patch for Delta Industrial Automation PMSoft Stack Buffer Overflow Vulnerability (CNVD-2017-228255)

url:

https://www.cnvd.org.cn/patchinfo/show/146901

Trust: 0.6

sources: CNVD: CNVD-2017-22825

EXTERNAL IDS

db:	ZDI	id:	ZDI-17-706	Trust: 1.3
db:	CNVD	id:	CNVD-2017-22825	Trust: 1.0
db:	ZDI_CAN	id:	ZDI-CAN-4045	Trust: 0.7
db:	IVD	id:	AF6D17DC-4489-4C06-B9A8-CA9EA7B79486	Trust: 0.2
db:	IVD	id:	7D803930-463F-11E9-A709-000C29342CB1	Trust: 0.2

sources: IVD: af6d17dc-4489-4c06-b9a8-ca9ea7b79486 // IVD: 7d803930-463f-11e9-a709-000c29342cb1 // ZDI: ZDI-17-706 // CNVD: CNVD-2017-22825

REFERENCES

url:

http://www.zerodayinitiative.com/advisories/zdi-17-706/

Trust: 0.6

sources: CNVD: CNVD-2017-22825

CREDITS

Ghirmay Desta

Trust: 0.7

sources: ZDI: ZDI-17-706

SOURCES

db:	IVD	id:	af6d17dc-4489-4c06-b9a8-ca9ea7b79486
db:	IVD	id:	7d803930-463f-11e9-a709-000c29342cb1
db:	ZDI	id:	ZDI-17-706
db:	CNVD	id:	CNVD-2017-22825

LAST UPDATE DATE

2022-05-17T02:08:57.674000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-17-706	date:	2017-08-24T00:00:00
db:	CNVD	id:	CNVD-2017-22825	date:	2018-12-12T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	af6d17dc-4489-4c06-b9a8-ca9ea7b79486	date:	2017-08-25T00:00:00
db:	IVD	id:	7d803930-463f-11e9-a709-000c29342cb1	date:	2017-08-25T00:00:00
db:	ZDI	id:	ZDI-17-706	date:	2017-08-24T00:00:00
db:	CNVD	id:	CNVD-2017-22825	date:	2017-08-25T00:00:00