Sign-up

ID

VAR-201808-0176


CVE

CVE-2018-10636


TITLE

Delta Industrial Automation CNCSoft ScreenEditor DPB File wKPFString Stack-based Buffer Overflow Remote Code Execution Vulnerability

Trust: 1.4

sources: ZDI: ZDI-18-1071 // ZDI: ZDI-18-983

DESCRIPTION

CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has multiple stack-based buffer overflow vulnerabilities that could cause the software to crash due to lacking user input validation before copying data from project files onto the stack. Which may allow an attacker to gain remote code execution with administrator privileges if exploited. CNCSoft and ScreenEditor Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of DPB files. When parsing the wFont attribute of the UserVARComment element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. Delta Electronics CNCSoft and ScreenEditor are products of Delta Electronics. Delta Electronics CNCSoft is a set of simulation software for CNC machine tools. ScreenEditor is a set of human-machine interface programming software. A stack buffer overflow vulnerability exists in Delta Electronics CNCSoft 1.00.83 and earlier and ScreenEditor 1.00.54. An attacker could use this vulnerability to cause software to crash. Multiple stack-based buffer-overflow vulnerabilities 2

Trust: 8.73

sources: NVD: CVE-2018-10636 // JVNDB: JVNDB-2018-009204 // ZDI: ZDI-18-1071 // ZDI: ZDI-18-984 // ZDI: ZDI-18-1070 // ZDI: ZDI-18-985 // ZDI: ZDI-18-986 // ZDI: ZDI-18-981 // ZDI: ZDI-18-982 // ZDI: ZDI-18-979 // ZDI: ZDI-18-980 // ZDI: ZDI-18-983 // CNVD: CNVD-2018-17874 // BID: 105032

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-17874

AFFECTED PRODUCTS

vendor:delta industrial automationmodel:cncsoftscope: - version: -

Trust: 7.0

vendor:deltawwmodel:screeneditorscope:eqversion:1.00.54

Trust: 1.6

vendor:deltawwmodel:cncsoftscope:lteversion:1.00.83

Trust: 1.0

vendor:deltamodel:cncsoftscope:lteversion:1.00.83

Trust: 0.8

vendor:deltamodel:screeneditorscope:eqversion:1.00.54

Trust: 0.8

vendor:deltamodel:electronics cncsoftscope:lteversion:<=1.00.83

Trust: 0.6

vendor:deltamodel:electronics screeneditorscope:eqversion:1.00.54

Trust: 0.6

vendor:deltawwmodel:cncsoftscope:eqversion:1.00.83

Trust: 0.6

vendor:deltamodel:electronics inc screeneditorscope:eqversion:1.0.54

Trust: 0.3

vendor:deltamodel:electronics inc cncsoftscope:eqversion:1.0.83

Trust: 0.3

sources: ZDI: ZDI-18-1071 // ZDI: ZDI-18-984 // ZDI: ZDI-18-1070 // ZDI: ZDI-18-985 // ZDI: ZDI-18-986 // ZDI: ZDI-18-981 // ZDI: ZDI-18-982 // ZDI: ZDI-18-979 // ZDI: ZDI-18-980 // ZDI: ZDI-18-983 // CNVD: CNVD-2018-17874 // BID: 105032 // JVNDB: JVNDB-2018-009204 // CNNVD: CNNVD-201808-308 // NVD: CVE-2018-10636

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2018-10636
value: HIGH

Trust: 7.0

nvd@nist.gov: CVE-2018-10636
value: HIGH

Trust: 1.0

NVD: CVE-2018-10636
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-17874
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201808-308
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2018-10636
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 8.8

CNVD: CNVD-2018-17874
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-10636
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2018-10636
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: ZDI: ZDI-18-1071 // ZDI: ZDI-18-984 // ZDI: ZDI-18-1070 // ZDI: ZDI-18-985 // ZDI: ZDI-18-986 // ZDI: ZDI-18-981 // ZDI: ZDI-18-982 // ZDI: ZDI-18-979 // ZDI: ZDI-18-980 // ZDI: ZDI-18-983 // CNVD: CNVD-2018-17874 // JVNDB: JVNDB-2018-009204 // CNNVD: CNNVD-201808-308 // NVD: CVE-2018-10636

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-787

Trust: 1.0

problemtype:CWE-119

Trust: 0.8

sources: JVNDB: JVNDB-2018-009204 // NVD: CVE-2018-10636

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201808-308

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201808-308

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-009204

PATCH
title:Delta Industrial Automation has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-18-219-01
Trust: 7.0
title:Top Pageurl:https://www.deltaww.com/
Trust: 0.8
title:Patch for Delta Electronics CNCSoft and ScreenEditor stack buffer overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/138735
Trust: 0.6
title:Delta Electronics CNCSoft and ScreenEditor Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83919
Trust: 0.6
sources:
            
            
            ZDI: ZDI-18-1071 // 
            
            
            
            ZDI: ZDI-18-984 // 
            
            
            
            ZDI: ZDI-18-1070 // 
            
            
            
            ZDI: ZDI-18-985 // 
            
            
            
            ZDI: ZDI-18-986 // 
            
            
            
            ZDI: ZDI-18-981 // 
            
            
            
            ZDI: ZDI-18-982 // 
            
            
            
            ZDI: ZDI-18-979 // 
            
            
            
            ZDI: ZDI-18-980 // 
            
            
            
            ZDI: ZDI-18-983 // 
            
            
            
            CNVD: CNVD-2018-17874 // 
            
            
            
            JVNDB: JVNDB-2018-009204 // 
            
            
            
            CNNVD: CNNVD-201808-308

EXTERNAL IDS
db:NVDid:CVE-2018-10636
Trust: 10.3
db:ICS CERTid:ICSA-18-219-01
Trust: 3.3
db:BIDid:105032
Trust: 1.9
db:JVNDBid:JVNDB-2018-009204
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-6359
Trust: 0.7
db:ZDIid:ZDI-18-1071
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-6273
Trust: 0.7
db:ZDIid:ZDI-18-984
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-6358
Trust: 0.7
db:ZDIid:ZDI-18-1070
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-6275
Trust: 0.7
db:ZDIid:ZDI-18-985
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-6276
Trust: 0.7
db:ZDIid:ZDI-18-986
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-6270
Trust: 0.7
db:ZDIid:ZDI-18-981
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-6271
Trust: 0.7
db:ZDIid:ZDI-18-982
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-6310
Trust: 0.7
db:ZDIid:ZDI-18-979
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-6269
Trust: 0.7
db:ZDIid:ZDI-18-980
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-6272
Trust: 0.7
db:ZDIid:ZDI-18-983
Trust: 0.7
db:CNVDid:CNVD-2018-17874
Trust: 0.6
db:CNNVDid:CNNVD-201808-308
Trust: 0.6
sources:
            
            
            ZDI: ZDI-18-1071 // 
            
            
            
            ZDI: ZDI-18-984 // 
            
            
            
            ZDI: ZDI-18-1070 // 
            
            
            
            ZDI: ZDI-18-985 // 
            
            
            
            ZDI: ZDI-18-986 // 
            
            
            
            ZDI: ZDI-18-981 // 
            
            
            
            ZDI: ZDI-18-982 // 
            
            
            
            ZDI: ZDI-18-979 // 
            
            
            
            ZDI: ZDI-18-980 // 
            
            
            
            ZDI: ZDI-18-983 // 
            
            
            
            CNVD: CNVD-2018-17874 // 
            
            
            
            BID: 105032 // 
            
            
            
            JVNDB: JVNDB-2018-009204 // 
            
            
            
            CNNVD: CNNVD-201808-308 // 
            
            
            
            NVD: CVE-2018-10636

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-219-01
Trust: 10.3
url:http://www.securityfocus.com/bid/105032
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10636
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-10636
Trust: 0.8
url:http://www.deltaww.com/
Trust: 0.3
sources:
            
            
            ZDI: ZDI-18-1071 // 
            
            
            
            ZDI: ZDI-18-984 // 
            
            
            
            ZDI: ZDI-18-1070 // 
            
            
            
            ZDI: ZDI-18-985 // 
            
            
            
            ZDI: ZDI-18-986 // 
            
            
            
            ZDI: ZDI-18-981 // 
            
            
            
            ZDI: ZDI-18-982 // 
            
            
            
            ZDI: ZDI-18-979 // 
            
            
            
            ZDI: ZDI-18-980 // 
            
            
            
            ZDI: ZDI-18-983 // 
            
            
            
            CNVD: CNVD-2018-17874 // 
            
            
            
            BID: 105032 // 
            
            
            
            JVNDB: JVNDB-2018-009204 // 
            
            
            
            CNNVD: CNNVD-201808-308 // 
            
            
            
            NVD: CVE-2018-10636

CREDITS
Natnael Samson(Natti)
Trust: 7.0
sources:
            
            
            ZDI: ZDI-18-1071 // 
            
            
            
            ZDI: ZDI-18-984 // 
            
            
            
            ZDI: ZDI-18-1070 // 
            
            
            
            ZDI: ZDI-18-985 // 
            
            
            
            ZDI: ZDI-18-986 // 
            
            
            
            ZDI: ZDI-18-981 // 
            
            
            
            ZDI: ZDI-18-982 // 
            
            
            
            ZDI: ZDI-18-979 // 
            
            
            
            ZDI: ZDI-18-980 // 
            
            
            
            ZDI: ZDI-18-983

SOURCES
db:ZDIid:ZDI-18-1071
db:ZDIid:ZDI-18-984
db:ZDIid:ZDI-18-1070
db:ZDIid:ZDI-18-985
db:ZDIid:ZDI-18-986
db:ZDIid:ZDI-18-981
db:ZDIid:ZDI-18-982
db:ZDIid:ZDI-18-979
db:ZDIid:ZDI-18-980
db:ZDIid:ZDI-18-983
db:CNVDid:CNVD-2018-17874
db:BIDid:105032
db:JVNDBid:JVNDB-2018-009204
db:CNNVDid:CNNVD-201808-308
db:NVDid:CVE-2018-10636

LAST UPDATE DATE
2024-11-23T22:00:20.887000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-18-1071date:2018-09-19T00:00:00
db:ZDIid:ZDI-18-984date:2018-09-05T00:00:00
db:ZDIid:ZDI-18-1070date:2018-09-19T00:00:00
db:ZDIid:ZDI-18-985date:2018-09-05T00:00:00
db:ZDIid:ZDI-18-986date:2018-09-05T00:00:00
db:ZDIid:ZDI-18-981date:2018-09-05T00:00:00
db:ZDIid:ZDI-18-982date:2018-09-05T00:00:00
db:ZDIid:ZDI-18-979date:2018-09-05T00:00:00
db:ZDIid:ZDI-18-980date:2018-09-05T00:00:00
db:ZDIid:ZDI-18-983date:2018-09-05T00:00:00
db:CNVDid:CNVD-2018-17874date:2018-09-07T00:00:00
db:BIDid:105032date:2018-08-07T00:00:00
db:JVNDBid:JVNDB-2018-009204date:2018-11-12T00:00:00
db:CNNVDid:CNNVD-201808-308date:2020-09-02T00:00:00
db:NVDid:CVE-2018-10636date:2024-11-21T03:41:42.633

SOURCES RELEASE DATE
db:ZDIid:ZDI-18-1071date:2018-09-19T00:00:00
db:ZDIid:ZDI-18-984date:2018-09-05T00:00:00
db:ZDIid:ZDI-18-1070date:2018-09-19T00:00:00
db:ZDIid:ZDI-18-985date:2018-09-05T00:00:00
db:ZDIid:ZDI-18-986date:2018-09-05T00:00:00
db:ZDIid:ZDI-18-981date:2018-09-05T00:00:00
db:ZDIid:ZDI-18-982date:2018-09-05T00:00:00
db:ZDIid:ZDI-18-979date:2018-09-05T00:00:00
db:ZDIid:ZDI-18-980date:2018-09-05T00:00:00
db:ZDIid:ZDI-18-983date:2018-09-05T00:00:00
db:CNVDid:CNVD-2018-17874date:2018-09-07T00:00:00
db:BIDid:105032date:2018-08-07T00:00:00
db:JVNDBid:JVNDB-2018-009204date:2018-11-12T00:00:00
db:CNNVDid:CNNVD-201808-308date:2018-08-13T00:00:00
db:NVDid:CVE-2018-10636date:2018-08-13T21:47:59.167