Details of VAR-201810-0465

ID

VAR-201810-0465

CVE

CVE-2018-17927

TITLE

Delta Industrial Automation TPEditor TPE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Trust: 1.4

sources: ZDI: ZDI-18-1245 // ZDI: ZDI-18-1237

DESCRIPTION

In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and prior, multiple out-of-bounds write vulnerabilities may be exploited by processing specially crafted project files lacking user input validation, which may cause the system to write outside the intended buffer area and may allow remote code execution. Delta Industrial Automation TPEditor Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation TPEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of TPE files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Delta Industrial Automation TPEditor is a Windows-based Delta text panel programming software from Delta Electronics. Failed exploit attempts will likely result in denial-of-service conditions

Trust: 5.13

sources: NVD: CVE-2018-17927 // JVNDB: JVNDB-2018-013717 // ZDI: ZDI-18-1245 // ZDI: ZDI-18-1239 // ZDI: ZDI-18-1235 // ZDI: ZDI-18-1237 // CNVD: CNVD-2019-09296 // BID: 105682 // IVD: 331701e1-f655-4a4a-9ee6-c3fc03f43f8b

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 331701e1-f655-4a4a-9ee6-c3fc03f43f8b // CNVD: CNVD-2019-09296

AFFECTED PRODUCTS

vendor:	delta industrial automation	model:	tpeditor	scope:	-	version:	-	Trust: 2.8
vendor:	deltaww	model:	tpeditor	scope:	lte	version:	1.90	Trust: 1.0
vendor:	delta	model:	tpeditor	scope:	lte	version:	1.90	Trust: 0.8
vendor:	delta	model:	electronics tpeditor	scope:	lte	version:	<=1.90	Trust: 0.6
vendor:	delta	model:	electronics delta industrial automation tpeditor	scope:	lte	version:	<=1.90	Trust: 0.6
vendor:	delta	model:	electronics inc delta industrial automation tpeditor	scope:	eq	version:	1.90	Trust: 0.3
vendor:	delta	model:	electronics inc delta industrial automation tpeditor	scope:	eq	version:	1.89	Trust: 0.3
vendor:	delta	model:	electronics inc delta industrial automation tpeditor	scope:	ne	version:	1.91	Trust: 0.3
vendor:	tpeditor	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 331701e1-f655-4a4a-9ee6-c3fc03f43f8b // ZDI: ZDI-18-1245 // ZDI: ZDI-18-1239 // ZDI: ZDI-18-1235 // ZDI: ZDI-18-1237 // CNVD: CNVD-2019-09296 // BID: 105682 // JVNDB: JVNDB-2018-013717 // NVD: CVE-2018-17927

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2018-17927
value:	MEDIUM
Trust: 2.1
nvd@nist.gov:	CVE-2018-17927
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-17927
value:	HIGH
Trust: 0.8
ZDI:	CVE-2018-17927
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2019-09296
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201810-556
value:	HIGH
Trust: 0.6
IVD:	331701e1-f655-4a4a-9ee6-c3fc03f43f8b
value:	HIGH
Trust: 0.2

nvd@nist.gov:	CVE-2018-17927
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 3.9
CNVD:	CNVD-2019-09296
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	331701e1-f655-4a4a-9ee6-c3fc03f43f8b
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2018-17927
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8
ZDI:	CVE-2018-17927
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.3
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: IVD: 331701e1-f655-4a4a-9ee6-c3fc03f43f8b // ZDI: ZDI-18-1245 // ZDI: ZDI-18-1239 // ZDI: ZDI-18-1235 // ZDI: ZDI-18-1237 // CNVD: CNVD-2019-09296 // JVNDB: JVNDB-2018-013717 // CNNVD: CNNVD-201810-556 // NVD: CVE-2018-17927

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.8

sources: JVNDB: JVNDB-2018-013717 // NVD: CVE-2018-17927

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201810-556

TYPE

Buffer error

Trust: 0.8

sources: IVD: 331701e1-f655-4a4a-9ee6-c3fc03f43f8b // CNNVD: CNNVD-201810-556

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013717

PATCH

title:	Delta Industrial Automation has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-18-284-03	Trust: 2.8
title:	Top Page	url:	http://www.deltaww.com/	Trust: 0.8
title:	Delta Industrial Automation TPEditor patch for out-of-bounds write vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/158285	Trust: 0.6
title:	Delta Industrial Automation TPEditor Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85681	Trust: 0.6

sources: ZDI: ZDI-18-1245 // ZDI: ZDI-18-1239 // ZDI: ZDI-18-1235 // ZDI: ZDI-18-1237 // CNVD: CNVD-2019-09296 // JVNDB: JVNDB-2018-013717 // CNNVD: CNNVD-201810-556

EXTERNAL IDS

db:	NVD	id:	CVE-2018-17927	Trust: 6.3
db:	ICS CERT	id:	ICSA-18-284-03	Trust: 3.3
db:	BID	id:	105682	Trust: 1.9
db:	CNVD	id:	CNVD-2019-09296	Trust: 0.8
db:	CNNVD	id:	CNNVD-201810-556	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-013717	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-6461	Trust: 0.7
db:	ZDI	id:	ZDI-18-1245	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6443	Trust: 0.7
db:	ZDI	id:	ZDI-18-1239	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6246	Trust: 0.7
db:	ZDI	id:	ZDI-18-1235	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6449	Trust: 0.7
db:	ZDI	id:	ZDI-18-1237	Trust: 0.7
db:	IVD	id:	331701E1-F655-4A4A-9EE6-C3FC03F43F8B	Trust: 0.2

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-284-03	Trust: 6.1
url:	http://www.securityfocus.com/bid/105682	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17927	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-17927	Trust: 0.8
url:	http://www.deltaww.com/	Trust: 0.3

sources: ZDI: ZDI-18-1245 // ZDI: ZDI-18-1239 // ZDI: ZDI-18-1235 // ZDI: ZDI-18-1237 // CNVD: CNVD-2019-09296 // BID: 105682 // JVNDB: JVNDB-2018-013717 // CNNVD: CNNVD-201810-556 // NVD: CVE-2018-17927

CREDITS

Mat Powell of Trend Micro Zero Day Initiative

Trust: 1.4

sources: ZDI: ZDI-18-1245 // ZDI: ZDI-18-1239

SOURCES

db:	IVD	id:	331701e1-f655-4a4a-9ee6-c3fc03f43f8b
db:	ZDI	id:	ZDI-18-1245
db:	ZDI	id:	ZDI-18-1239
db:	ZDI	id:	ZDI-18-1235
db:	ZDI	id:	ZDI-18-1237
db:	CNVD	id:	CNVD-2019-09296
db:	BID	id:	105682
db:	JVNDB	id:	JVNDB-2018-013717
db:	CNNVD	id:	CNNVD-201810-556
db:	NVD	id:	CVE-2018-17927

LAST UPDATE DATE

2024-11-23T22:17:17.373000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-18-1245	date:	2018-10-16T00:00:00
db:	ZDI	id:	ZDI-18-1239	date:	2018-10-15T00:00:00
db:	ZDI	id:	ZDI-18-1235	date:	2018-10-15T00:00:00
db:	ZDI	id:	ZDI-18-1237	date:	2018-10-15T00:00:00
db:	CNVD	id:	CNVD-2019-09296	date:	2019-04-07T00:00:00
db:	BID	id:	105682	date:	2018-10-11T00:00:00
db:	JVNDB	id:	JVNDB-2018-013717	date:	2019-02-28T00:00:00
db:	CNNVD	id:	CNNVD-201810-556	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-17927	date:	2024-11-21T03:55:13.520

SOURCES RELEASE DATE

db:	IVD	id:	331701e1-f655-4a4a-9ee6-c3fc03f43f8b	date:	2019-04-07T00:00:00
db:	ZDI	id:	ZDI-18-1245	date:	2018-10-16T00:00:00
db:	ZDI	id:	ZDI-18-1239	date:	2018-10-15T00:00:00
db:	ZDI	id:	ZDI-18-1235	date:	2018-10-15T00:00:00
db:	ZDI	id:	ZDI-18-1237	date:	2018-10-15T00:00:00
db:	CNVD	id:	CNVD-2019-09296	date:	2018-10-11T00:00:00
db:	BID	id:	105682	date:	2018-10-11T00:00:00
db:	JVNDB	id:	JVNDB-2018-013717	date:	2019-02-28T00:00:00
db:	CNNVD	id:	CNNVD-201810-556	date:	2018-10-12T00:00:00
db:	NVD	id:	CVE-2018-17927	date:	2018-10-11T22:29:00.317