Sign-up

ID

VAR-201803-0130


CVE

CVE-2017-16747


TITLE

Delta Industrial Automation Screen Editor Arbitrary code execution vulnerability

Trust: 0.8

sources: IVD: e300c49f-39ab-11e9-ba92-000c29342cb1 // CNVD: CNVD-2018-00879

DESCRIPTION

An Out-of-bounds Write issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. Specially crafted .dpb files may cause the system to write outside the intended buffer area. An attacker could exploit this vulnerability to execute arbitrary code (over boundary writes) with a specially crafted .dpb file. Multiple stack-based buffer-overflow vulnerabilities 2. Multiple denial-of-service vulnerabilities 3

Trust: 2.61

sources: NVD: CVE-2017-16747 // JVNDB: JVNDB-2017-012941 // CNVD: CNVD-2018-00879 // BID: 102426 // IVD: e300c49f-39ab-11e9-ba92-000c29342cb1

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e300c49f-39ab-11e9-ba92-000c29342cb1 // CNVD: CNVD-2018-00879

AFFECTED PRODUCTS

vendor:deltawwmodel:delta industrial automation screen editorscope:lteversion:2.00.23.00

Trust: 1.0

vendor:deltamodel:industrial automation screen editorscope:lteversion:2.00.23.00

Trust: 0.8

vendor:deltamodel:electronics delta industrial automation screen editorscope:lteversion:<=2.00.23.00

Trust: 0.6

vendor:deltawwmodel:delta industrial automation screen editorscope:eqversion:2.00.23.00

Trust: 0.6

vendor:deltamodel:electronics inc delta industrial automation screen editorscope:eqversion:2.00.23.00

Trust: 0.3

vendor:delta industrial automation screen editormodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: e300c49f-39ab-11e9-ba92-000c29342cb1 // CNVD: CNVD-2018-00879 // BID: 102426 // JVNDB: JVNDB-2017-012941 // CNNVD: CNNVD-201801-248 // NVD: CVE-2017-16747

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-16747
value: HIGH

Trust: 1.0

NVD: CVE-2017-16747
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-00879
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201801-248
value: HIGH

Trust: 0.6

IVD: e300c49f-39ab-11e9-ba92-000c29342cb1
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2017-16747
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-00879
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e300c49f-39ab-11e9-ba92-000c29342cb1
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2017-16747
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: e300c49f-39ab-11e9-ba92-000c29342cb1 // CNVD: CNVD-2018-00879 // JVNDB: JVNDB-2017-012941 // CNNVD: CNNVD-201801-248 // NVD: CVE-2017-16747

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.8

sources: JVNDB: JVNDB-2017-012941 // NVD: CVE-2017-16747

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201801-248

TYPE

Buffer error

Trust: 0.8

sources: IVD: e300c49f-39ab-11e9-ba92-000c29342cb1 // CNNVD: CNNVD-201801-248

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012941

PATCH
title:Top Pageurl:http://www.deltaww.com/
Trust: 0.8
title:Delta Industrial Automation Screen Editor patch for arbitrary code execution vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/113353
Trust: 0.6
title:Delta Industrial Automation Screen Editor Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77559
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-00879 // 
            
            
            
            JVNDB: JVNDB-2017-012941 // 
            
            
            
            CNNVD: CNNVD-201801-248

EXTERNAL IDS
db:NVDid:CVE-2017-16747
Trust: 3.5
db:ICS CERTid:ICSA-18-004-01
Trust: 3.3
db:BIDid:102426
Trust: 2.5
db:CNVDid:CNVD-2018-00879
Trust: 0.8
db:CNNVDid:CNNVD-201801-248
Trust: 0.8
db:JVNDBid:JVNDB-2017-012941
Trust: 0.8
db:IVDid:E300C49F-39AB-11E9-BA92-000C29342CB1
Trust: 0.2
sources:
            
            
            IVD: e300c49f-39ab-11e9-ba92-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-00879 // 
            
            
            
            BID: 102426 // 
            
            
            
            JVNDB: JVNDB-2017-012941 // 
            
            
            
            CNNVD: CNNVD-201801-248 // 
            
            
            
            NVD: CVE-2017-16747

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-004-01
Trust: 3.3
url:http://www.securityfocus.com/bid/102426
Trust: 2.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16747
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-16747
Trust: 0.8
url:http://www.deltaww.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-00879 // 
            
            
            
            BID: 102426 // 
            
            
            
            JVNDB: JVNDB-2017-012941 // 
            
            
            
            CNNVD: CNNVD-201801-248 // 
            
            
            
            NVD: CVE-2017-16747

CREDITS
Steven Seeley.
Trust: 0.9
sources:
            
            
            BID: 102426 // 
            
            
            
            CNNVD: CNNVD-201801-248

SOURCES
db:IVDid:e300c49f-39ab-11e9-ba92-000c29342cb1
db:CNVDid:CNVD-2018-00879
db:BIDid:102426
db:JVNDBid:JVNDB-2017-012941
db:CNNVDid:CNNVD-201801-248
db:NVDid:CVE-2017-16747

LAST UPDATE DATE
2024-11-23T22:00:40.454000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-00879date:2018-11-05T00:00:00
db:BIDid:102426date:2018-01-04T00:00:00
db:JVNDBid:JVNDB-2017-012941date:2018-05-02T00:00:00
db:CNNVDid:CNNVD-201801-248date:2019-10-17T00:00:00
db:NVDid:CVE-2017-16747date:2024-11-21T03:16:53.557

SOURCES RELEASE DATE
db:IVDid:e300c49f-39ab-11e9-ba92-000c29342cb1date:2018-01-15T00:00:00
db:CNVDid:CNVD-2018-00879date:2018-01-15T00:00:00
db:BIDid:102426date:2018-01-04T00:00:00
db:JVNDBid:JVNDB-2017-012941date:2018-05-02T00:00:00
db:CNNVDid:CNNVD-201801-248date:2018-01-08T00:00:00
db:NVDid:CVE-2017-16747date:2018-03-15T23:29:00.313