Details of VAR-201806-1813

ID

VAR-201806-1813

TITLE

Eaton ELCSoft Programming Software has multiple buffer overflow vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2018-11443

DESCRIPTION

Eaton ELCSoft Programming Software is a suite of software for configuring programmable logic controllers. Eaton ELCSoft Programming Software has multiple buffer overflow vulnerabilities that stem from failure to perform sufficient boundary checking before copying user data into undersized buffers. An attacker can exploit a vulnerability to execute arbitrary code in an affected application environment, and a failed attack can result in a denial of service. Failed exploits will result in denial-of-service condition

Trust: 0.99

sources: CNVD: CNVD-2018-11443 // BID: 100144 // IVD: e2f37e30-39ab-11e9-bf2d-000c29342cb1

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2f37e30-39ab-11e9-bf2d-000c29342cb1 // CNVD: CNVD-2018-11443

AFFECTED PRODUCTS

vendor:

eaton

model:

elcsoft

scope:

version:

Trust: 1.1

sources: IVD: e2f37e30-39ab-11e9-bf2d-000c29342cb1 // CNVD: CNVD-2018-11443 // BID: 100144

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-11443
value:	HIGH
Trust: 0.6
IVD:	e2f37e30-39ab-11e9-bf2d-000c29342cb1
value:	HIGH
Trust: 0.2

CNVD:	CNVD-2018-11443
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2f37e30-39ab-11e9-bf2d-000c29342cb1
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: e2f37e30-39ab-11e9-bf2d-000c29342cb1 // CNVD: CNVD-2018-11443

THREAT TYPE

network

Trust: 0.3

sources: BID: 100144

TYPE

Boundary Condition Error

Trust: 0.3

sources: BID: 100144

EXTERNAL IDS

db:	BID	id:	100144	Trust: 0.9
db:	CNVD	id:	CNVD-2018-11443	Trust: 0.8
db:	ICS CERT ALERT	id:	ICS-ALERT-17-216-01	Trust: 0.3
db:	IVD	id:	E2F37E30-39AB-11E9-BF2D-000C29342CB1	Trust: 0.2

sources: IVD: e2f37e30-39ab-11e9-bf2d-000c29342cb1 // CNVD: CNVD-2018-11443 // BID: 100144

REFERENCES

url:	http://www.securityfocus.com/bid/100144	Trust: 0.6
url:	http://www.eaton.com/	Trust: 0.3
url:	https://ics-cert.us-cert.gov/alerts/ics-alert-17-216-01-0	Trust: 0.3

sources: CNVD: CNVD-2018-11443 // BID: 100144

CREDITS

Ariele Caltabiano (kimiya)

Trust: 0.3

sources: BID: 100144

SOURCES

db:	IVD	id:	e2f37e30-39ab-11e9-bf2d-000c29342cb1
db:	CNVD	id:	CNVD-2018-11443
db:	BID	id:	100144

LAST UPDATE DATE

2022-05-17T01:46:23.419000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-11443	date:	2018-06-13T00:00:00
db:	BID	id:	100144	date:	2017-08-04T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	e2f37e30-39ab-11e9-bf2d-000c29342cb1	date:	2018-06-13T00:00:00
db:	CNVD	id:	CNVD-2018-11443	date:	2018-06-13T00:00:00
db:	BID	id:	100144	date:	2017-08-04T00:00:00