Sign-up

ID

VAR-201804-1572


CVE

CVE-2018-8839


TITLE

Delta PMSoft Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2018-004980 // CNNVD: CNNVD-201805-040

DESCRIPTION

Delta PMSoft versions 2.10 and prior have multiple stack-based buffer overflow vulnerabilities where a .ppm file can introduce a value larger than is readable by PMSoft's fixed-length stack buffer. This can cause the buffer to be overwritten, which may allow arbitrary code execution or cause the application to crash. CVSS v3 base score: 7.1; CVSS vector string: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H. Delta Electronics recommends affected users update to at least PMSoft v2.11, which was made available as of March 22, 2018, or the latest available version. Delta PMSoft Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PMSoft is a Shareware software in the category Miscellaneous developed by DELTA ELECTRONICS,INC. Delta Electronics PMSoft is prone to multiple stack-based buffer-overflow vulnerabilities. Failed exploit attempts will likely cause denial-of-service conditions. Delta Electronics PMSoft version 2.10 and prior versions are vulnerable. Delta PMSoft is a set of programmable logic controller programming software from Delta Electronics

Trust: 2.79

sources: NVD: CVE-2018-8839 // JVNDB: JVNDB-2018-004980 // CNVD: CNVD-2018-08899 // BID: 104013 // IVD: e2ff16f2-39ab-11e9-bc34-000c29342cb1 // VULHUB: VHN-138871 // VULMON: CVE-2018-8839

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2ff16f2-39ab-11e9-bc34-000c29342cb1 // CNVD: CNVD-2018-08899

AFFECTED PRODUCTS

vendor:deltawwmodel:pmsoftscope:lteversion:2.10

Trust: 1.0

vendor:deltamodel:pmsoftscope:lteversion:2.10

Trust: 0.8

vendor:deltamodel:electronics pmsoftscope:lteversion:<=2.10

Trust: 0.6

vendor:deltamodel:pmsoftscope:eqversion:2.10

Trust: 0.6

vendor:deltamodel:electronics inc pmsoftscope:eqversion:2.10

Trust: 0.3

vendor:deltamodel:electronics inc pmsoftscope:neversion:2.11

Trust: 0.3

vendor:pmsoftmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: e2ff16f2-39ab-11e9-bc34-000c29342cb1 // CNVD: CNVD-2018-08899 // BID: 104013 // JVNDB: JVNDB-2018-004980 // CNNVD: CNNVD-201805-040 // NVD: CVE-2018-8839

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-8839
value: HIGH

Trust: 1.0

NVD: CVE-2018-8839
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-08899
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201805-040
value: HIGH

Trust: 0.6

IVD: e2ff16f2-39ab-11e9-bc34-000c29342cb1
value: HIGH

Trust: 0.2

VULHUB: VHN-138871
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-8839
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-8839
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-08899
severity: MEDIUM
baseScore: 6.6
vectorString: AV:L/AC:L/AU:N/C:N/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2ff16f2-39ab-11e9-bc34-000c29342cb1
severity: MEDIUM
baseScore: 6.6
vectorString: AV:L/AC:L/AU:N/C:N/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-138871
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-8839
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2018-8839
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: e2ff16f2-39ab-11e9-bc34-000c29342cb1 // CNVD: CNVD-2018-08899 // VULHUB: VHN-138871 // VULMON: CVE-2018-8839 // JVNDB: JVNDB-2018-004980 // CNNVD: CNNVD-201805-040 // NVD: CVE-2018-8839

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-138871 // JVNDB: JVNDB-2018-004980 // NVD: CVE-2018-8839

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201805-040

TYPE

Buffer error

Trust: 0.8

sources: IVD: e2ff16f2-39ab-11e9-bc34-000c29342cb1 // CNNVD: CNNVD-201805-040

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-004980

PATCH
title:Top Pageurl:http://www.deltaww.com/
Trust: 0.8
title:Patch for Delta PMSoft Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/128119
Trust: 0.6
title:Delta PMSoft Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79783
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-08899 // 
            
            
            
            JVNDB: JVNDB-2018-004980 // 
            
            
            
            CNNVD: CNNVD-201805-040

EXTERNAL IDS
db:NVDid:CVE-2018-8839
Trust: 3.7
db:ICS CERTid:ICSA-18-116-01
Trust: 3.5
db:BIDid:104013
Trust: 2.1
db:CNVDid:CNVD-2018-08899
Trust: 0.8
db:CNNVDid:CNNVD-201805-040
Trust: 0.8
db:JVNDBid:JVNDB-2018-004980
Trust: 0.8
db:IVDid:E2FF16F2-39AB-11E9-BC34-000C29342CB1
Trust: 0.2
db:SEEBUGid:SSVID-98967
Trust: 0.1
db:VULHUBid:VHN-138871
Trust: 0.1
db:VULMONid:CVE-2018-8839
Trust: 0.1
sources:
            
            
            IVD: e2ff16f2-39ab-11e9-bc34-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-08899 // 
            
            
            
            VULHUB: VHN-138871 // 
            
            
            
            VULMON: CVE-2018-8839 // 
            
            
            
            BID: 104013 // 
            
            
            
            JVNDB: JVNDB-2018-004980 // 
            
            
            
            CNNVD: CNNVD-201805-040 // 
            
            
            
            NVD: CVE-2018-8839

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-116-01
Trust: 3.6
url:http://www.securityfocus.com/bid/104013
Trust: 1.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8839
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-8839
Trust: 0.8
url:http://www.deltaww.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/787.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-08899 // 
            
            
            
            VULHUB: VHN-138871 // 
            
            
            
            VULMON: CVE-2018-8839 // 
            
            
            
            BID: 104013 // 
            
            
            
            JVNDB: JVNDB-2018-004980 // 
            
            
            
            CNNVD: CNNVD-201805-040 // 
            
            
            
            NVD: CVE-2018-8839

CREDITS
Ghirmay Desta, working with Trend Micro??s Zero Day Initiative
Trust: 0.3
sources:
            
            
            BID: 104013

SOURCES
db:IVDid:e2ff16f2-39ab-11e9-bc34-000c29342cb1
db:CNVDid:CNVD-2018-08899
db:VULHUBid:VHN-138871
db:VULMONid:CVE-2018-8839
db:BIDid:104013
db:JVNDBid:JVNDB-2018-004980
db:CNNVDid:CNNVD-201805-040
db:NVDid:CVE-2018-8839

LAST UPDATE DATE
2024-11-23T23:08:44.309000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-08899date:2018-11-05T00:00:00
db:VULHUBid:VHN-138871date:2020-09-29T00:00:00
db:VULMONid:CVE-2018-8839date:2020-09-29T00:00:00
db:BIDid:104013date:2018-04-26T00:00:00
db:JVNDBid:JVNDB-2018-004980date:2018-07-03T00:00:00
db:CNNVDid:CNNVD-201805-040date:2020-09-30T00:00:00
db:NVDid:CVE-2018-8839date:2024-11-21T04:14:25.540

SOURCES RELEASE DATE
db:IVDid:e2ff16f2-39ab-11e9-bc34-000c29342cb1date:2018-05-04T00:00:00
db:CNVDid:CNVD-2018-08899date:2018-05-04T00:00:00
db:VULHUBid:VHN-138871date:2018-04-30T00:00:00
db:VULMONid:CVE-2018-8839date:2018-04-30T00:00:00
db:BIDid:104013date:2018-04-26T00:00:00
db:JVNDBid:JVNDB-2018-004980date:2018-07-03T00:00:00
db:CNNVDid:CNNVD-201805-040date:2018-04-30T00:00:00
db:NVDid:CVE-2018-8839date:2018-04-30T15:29:00.350