Sign-up

ID

VAR-201803-0129


CVE

CVE-2017-16745


TITLE

Delta Industrial Automation Screen Editor Type Confusion Vulnerability

Trust: 0.8

sources: IVD: e300c49e-39ab-11e9-9b1e-000c29342cb1 // CNVD: CNVD-2018-00878

DESCRIPTION

A Type Confusion issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. An access of resource using incompatible type ('type confusion') vulnerability may allow an attacker to execute remote code when processing specially crafted .dpb files. Multiple stack-based buffer-overflow vulnerabilities 2. Multiple denial-of-service vulnerabilities 3

Trust: 2.61

sources: NVD: CVE-2017-16745 // JVNDB: JVNDB-2017-012940 // CNVD: CNVD-2018-00878 // BID: 102426 // IVD: e300c49e-39ab-11e9-9b1e-000c29342cb1

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e300c49e-39ab-11e9-9b1e-000c29342cb1 // CNVD: CNVD-2018-00878

AFFECTED PRODUCTS

vendor:deltawwmodel:delta industrial automation screen editorscope:lteversion:2.00.23.00

Trust: 1.0

vendor:deltamodel:industrial automation screen editorscope:lteversion:2.00.23.00

Trust: 0.8

vendor:deltamodel:electronics delta industrial automation screen editorscope:lteversion:<=2.00.23.00

Trust: 0.6

vendor:deltawwmodel:delta industrial automation screen editorscope:eqversion:2.00.23.00

Trust: 0.6

vendor:deltamodel:electronics inc delta industrial automation screen editorscope:eqversion:2.00.23.00

Trust: 0.3

vendor:delta industrial automation screen editormodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: e300c49e-39ab-11e9-9b1e-000c29342cb1 // CNVD: CNVD-2018-00878 // BID: 102426 // JVNDB: JVNDB-2017-012940 // CNNVD: CNNVD-201801-249 // NVD: CVE-2017-16745

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-16745
value: HIGH

Trust: 1.0

NVD: CVE-2017-16745
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-00878
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201801-249
value: HIGH

Trust: 0.6

IVD: e300c49e-39ab-11e9-9b1e-000c29342cb1
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2017-16745
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-00878
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e300c49e-39ab-11e9-9b1e-000c29342cb1
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2017-16745
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: e300c49e-39ab-11e9-9b1e-000c29342cb1 // CNVD: CNVD-2018-00878 // JVNDB: JVNDB-2017-012940 // CNNVD: CNNVD-201801-249 // NVD: CVE-2017-16745

PROBLEMTYPE DATA

problemtype:CWE-704

Trust: 1.8

problemtype:CWE-843

Trust: 1.0

sources: JVNDB: JVNDB-2017-012940 // NVD: CVE-2017-16745

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201801-249

TYPE

Code problem

Trust: 0.8

sources: IVD: e300c49e-39ab-11e9-9b1e-000c29342cb1 // CNNVD: CNNVD-201801-249

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012940

PATCH
title:Top Pageurl:http://www.deltaww.com/
Trust: 0.8
title:Delta Industrial Automation Screen Editor Type Patch for Vulnerability Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/113355
Trust: 0.6
title:Delta Industrial Automation Screen Editor Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77560
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-00878 // 
            
            
            
            JVNDB: JVNDB-2017-012940 // 
            
            
            
            CNNVD: CNNVD-201801-249

EXTERNAL IDS
db:NVDid:CVE-2017-16745
Trust: 3.5
db:ICS CERTid:ICSA-18-004-01
Trust: 3.3
db:BIDid:102426
Trust: 2.5
db:CNVDid:CNVD-2018-00878
Trust: 0.8
db:CNNVDid:CNNVD-201801-249
Trust: 0.8
db:JVNDBid:JVNDB-2017-012940
Trust: 0.8
db:IVDid:E300C49E-39AB-11E9-9B1E-000C29342CB1
Trust: 0.2
sources:
            
            
            IVD: e300c49e-39ab-11e9-9b1e-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-00878 // 
            
            
            
            BID: 102426 // 
            
            
            
            JVNDB: JVNDB-2017-012940 // 
            
            
            
            CNNVD: CNNVD-201801-249 // 
            
            
            
            NVD: CVE-2017-16745

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-004-01
Trust: 3.3
url:http://www.securityfocus.com/bid/102426
Trust: 2.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16745
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-16745
Trust: 0.8
url:http://www.deltaww.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-00878 // 
            
            
            
            BID: 102426 // 
            
            
            
            JVNDB: JVNDB-2017-012940 // 
            
            
            
            CNNVD: CNNVD-201801-249 // 
            
            
            
            NVD: CVE-2017-16745

CREDITS
Steven Seeley.
Trust: 0.9
sources:
            
            
            BID: 102426 // 
            
            
            
            CNNVD: CNNVD-201801-249

SOURCES
db:IVDid:e300c49e-39ab-11e9-9b1e-000c29342cb1
db:CNVDid:CNVD-2018-00878
db:BIDid:102426
db:JVNDBid:JVNDB-2017-012940
db:CNNVDid:CNNVD-201801-249
db:NVDid:CVE-2017-16745

LAST UPDATE DATE
2024-11-23T22:00:40.563000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-00878date:2018-11-05T00:00:00
db:BIDid:102426date:2018-01-04T00:00:00
db:JVNDBid:JVNDB-2017-012940date:2018-05-02T00:00:00
db:CNNVDid:CNNVD-201801-249date:2019-10-17T00:00:00
db:NVDid:CVE-2017-16745date:2024-11-21T03:16:53.443

SOURCES RELEASE DATE
db:IVDid:e300c49e-39ab-11e9-9b1e-000c29342cb1date:2018-01-15T00:00:00
db:CNVDid:CNVD-2018-00878date:2018-01-15T00:00:00
db:BIDid:102426date:2018-01-04T00:00:00
db:JVNDBid:JVNDB-2017-012940date:2018-05-02T00:00:00
db:CNNVDid:CNNVD-201801-249date:2018-01-08T00:00:00
db:NVDid:CVE-2017-16745date:2018-03-15T23:29:00.253