Sign-up

ID

VAR-201803-2206


CVE

CVE-2018-7511


TITLE

Eaton ELCSoft Arbitrary code execution vulnerability

Trust: 0.8

sources: IVD: e2e54d61-39ab-11e9-86d3-000c29342cb1 // CNVD: CNVD-2018-04779

DESCRIPTION

In Eaton ELCSoft versions 2.04.02 and prior, there are multiple cases where specially crafted files could cause a buffer overflow which, in turn, may allow remote execution of arbitrary code. Eaton ELCSoft Contains buffer error vulnerabilities and input validation vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Eaton ELCSoft is a programmable logic control software that runs on a PC to help configure the ELC controller. There are arbitrary code execution vulnerabilities in Eaton ELCSoft 2.04.02 and earlier. Eaton ELCSoft Programming Software is prone to multiple buffer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. Failed exploits will result in denial-of-service condition. Eaton ELCSoft Versions 2.04.02 and prior are vulnerable

Trust: 2.61

sources: NVD: CVE-2018-7511 // JVNDB: JVNDB-2018-003319 // CNVD: CNVD-2018-04779 // BID: 103301 // IVD: e2e54d61-39ab-11e9-86d3-000c29342cb1

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2e54d61-39ab-11e9-86d3-000c29342cb1 // CNVD: CNVD-2018-04779

AFFECTED PRODUCTS

vendor:eatonmodel:elcsoftscope:ltversion:2.04.02

Trust: 1.0

vendor:eatonmodel:elcsoftscope:eqversion:2.4.01

Trust: 0.9

vendor:eatonmodel:elcsoftscope:lteversion:<=2.04.02

Trust: 0.8

vendor:eatonmodel:elcsoftscope:lteversion:2.04.02

Trust: 0.8

vendor:eatonmodel:elcsoftscope:eqversion:2.4.2

Trust: 0.3

sources: IVD: e2e54d61-39ab-11e9-86d3-000c29342cb1 // CNVD: CNVD-2018-04779 // BID: 103301 // JVNDB: JVNDB-2018-003319 // CNNVD: CNNVD-201803-709 // NVD: CVE-2018-7511

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7511
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-7511
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-04779
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201803-709
value: MEDIUM

Trust: 0.6

IVD: e2e54d61-39ab-11e9-86d3-000c29342cb1
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2018-7511
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-04779
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2e54d61-39ab-11e9-86d3-000c29342cb1
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-7511
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.8
impactScore: 3.4
version: 3.0

Trust: 1.8

sources: IVD: e2e54d61-39ab-11e9-86d3-000c29342cb1 // CNVD: CNVD-2018-04779 // JVNDB: JVNDB-2018-003319 // CNNVD: CNNVD-201803-709 // NVD: CVE-2018-7511

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2018-003319 // NVD: CVE-2018-7511

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201803-709

TYPE

Input validation error

Trust: 0.8

sources: IVD: e2e54d61-39ab-11e9-86d3-000c29342cb1 // CNNVD: CNNVD-201803-709

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003319

PATCH
title:Security Update for ELCSoft Programming Softwareurl:http://www.eaton.com/ecm/idcplg?IdcService=GET_FILE&allowInterrupt=1&RevisionSelectionMethod=LatestReleased&noSaveAs=0&Rendition=Primary&dDocName=PCT_3313148
Trust: 0.8
title:Patch of Eaton ELCSoft arbitrary code execution vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/120823
Trust: 0.6
title:Eaton ELCSoft Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79310
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-04779 // 
            
            
            
            JVNDB: JVNDB-2018-003319 // 
            
            
            
            CNNVD: CNNVD-201803-709

EXTERNAL IDS
db:NVDid:CVE-2018-7511
Trust: 3.5
db:ICS CERTid:ICSA-18-065-03
Trust: 3.3
db:BIDid:103301
Trust: 1.9
db:CNVDid:CNVD-2018-04779
Trust: 0.8
db:CNNVDid:CNNVD-201803-709
Trust: 0.8
db:JVNDBid:JVNDB-2018-003319
Trust: 0.8
db:IVDid:E2E54D61-39AB-11E9-86D3-000C29342CB1
Trust: 0.2
sources:
            
            
            IVD: e2e54d61-39ab-11e9-86d3-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-04779 // 
            
            
            
            BID: 103301 // 
            
            
            
            JVNDB: JVNDB-2018-003319 // 
            
            
            
            CNNVD: CNNVD-201803-709 // 
            
            
            
            NVD: CVE-2018-7511

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-065-03
Trust: 3.3
url:http://www.eaton.com/ecm/idcplg?idcservice=get_file&allowinterrupt=1&revisionselectionmethod=latestreleased&nosaveas=0&rendition=primary&ddocname=pct_3313148
Trust: 1.6
url:http://www.securityfocus.com/bid/103301
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7511
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7511
Trust: 0.8
url:http://www.eaton.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-04779 // 
            
            
            
            BID: 103301 // 
            
            
            
            JVNDB: JVNDB-2018-003319 // 
            
            
            
            CNNVD: CNNVD-201803-709 // 
            
            
            
            NVD: CVE-2018-7511

CREDITS
Ariele Caltabiano (kimiya) and axt working with Trend Micro's Zero Day Initiative
Trust: 0.3
sources:
            
            
            BID: 103301

SOURCES
db:IVDid:e2e54d61-39ab-11e9-86d3-000c29342cb1
db:CNVDid:CNVD-2018-04779
db:BIDid:103301
db:JVNDBid:JVNDB-2018-003319
db:CNNVDid:CNNVD-201803-709
db:NVDid:CVE-2018-7511

LAST UPDATE DATE
2024-11-23T22:17:36.674000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-04779date:2018-03-09T00:00:00
db:BIDid:103301date:2018-03-06T00:00:00
db:JVNDBid:JVNDB-2018-003319date:2018-05-22T00:00:00
db:CNNVDid:CNNVD-201803-709date:2019-10-17T00:00:00
db:NVDid:CVE-2018-7511date:2024-11-21T04:12:16.317

SOURCES RELEASE DATE
db:IVDid:e2e54d61-39ab-11e9-86d3-000c29342cb1date:2018-03-09T00:00:00
db:CNVDid:CNVD-2018-04779date:2018-03-09T00:00:00
db:BIDid:103301date:2018-03-06T00:00:00
db:JVNDBid:JVNDB-2018-003319date:2018-05-22T00:00:00
db:CNNVDid:CNNVD-201803-709date:2018-03-21T00:00:00
db:NVDid:CVE-2018-7511date:2018-03-20T16:29:00.483