Sign-up

ID

VAR-201904-1316


CVE

CVE-2018-20818


TITLE

OpenPLC Buffer Overflow Vulnerability

Trust: 0.8

sources: IVD: cd2704ae-ad35-41ac-9a35-fde15c7b458b // CNVD: CNVD-2019-13413

DESCRIPTION

A buffer overflow vulnerability was discovered in the OpenPLC controller, in the OpenPLC_v2 and OpenPLC_v3 versions. It occurs in the modbus.cpp mapUnusedIO() function, which can cause a runtime crash of the PLC or possibly have unspecified other impact. OpenPLC_v2 and OpenPLC_v3 Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. OpenPLC is an open source programmable logic controller. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations

Trust: 2.52

sources: NVD: CVE-2018-20818 // JVNDB: JVNDB-2018-015290 // CNVD: CNVD-2019-13413 // IVD: cd2704ae-ad35-41ac-9a35-fde15c7b458b // VULHUB: VHN-131662 // VULMON: CVE-2018-20818

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: cd2704ae-ad35-41ac-9a35-fde15c7b458b // CNVD: CNVD-2019-13413

AFFECTED PRODUCTS

vendor:openplcmodel:v2scope: - version: -

Trust: 1.4

vendor:openplcmodel:v3scope: - version: -

Trust: 1.4

vendor:openplcprojectmodel:openplc v3scope:eqversion: -

Trust: 1.0

vendor:openplcprojectmodel:openplc v2scope:eqversion: -

Trust: 1.0

vendor:openplc v2model: - scope:eqversion: -

Trust: 0.2

vendor:openplc v3model: - scope:eqversion: -

Trust: 0.2

sources: IVD: cd2704ae-ad35-41ac-9a35-fde15c7b458b // CNVD: CNVD-2019-13413 // JVNDB: JVNDB-2018-015290 // NVD: CVE-2018-20818

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-20818
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-20818
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-13413
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201904-971
value: CRITICAL

Trust: 0.6

IVD: cd2704ae-ad35-41ac-9a35-fde15c7b458b
value: CRITICAL

Trust: 0.2

VULHUB: VHN-131662
value: HIGH

Trust: 0.1

VULMON: CVE-2018-20818
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-20818
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-13413
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: cd2704ae-ad35-41ac-9a35-fde15c7b458b
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-131662
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-20818
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: cd2704ae-ad35-41ac-9a35-fde15c7b458b // CNVD: CNVD-2019-13413 // VULHUB: VHN-131662 // VULMON: CVE-2018-20818 // JVNDB: JVNDB-2018-015290 // CNNVD: CNNVD-201904-971 // NVD: CVE-2018-20818

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-131662 // JVNDB: JVNDB-2018-015290 // NVD: CVE-2018-20818

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-971

TYPE

Buffer error

Trust: 0.8

sources: IVD: cd2704ae-ad35-41ac-9a35-fde15c7b458b // CNNVD: CNNVD-201904-971

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015290

PATCH
title:Top Pageurl:https://www.openplcproject.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-015290

EXTERNAL IDS
db:NVDid:CVE-2018-20818
Trust: 3.4
db:CNNVDid:CNNVD-201904-971
Trust: 0.9
db:CNVDid:CNVD-2019-13413
Trust: 0.8
db:JVNDBid:JVNDB-2018-015290
Trust: 0.8
db:IVDid:CD2704AE-AD35-41AC-9A35-FDE15C7B458B
Trust: 0.2
db:VULHUBid:VHN-131662
Trust: 0.1
db:VULMONid:CVE-2018-20818
Trust: 0.1
sources:
            
            
            IVD: cd2704ae-ad35-41ac-9a35-fde15c7b458b // 
            
            
            
            CNVD: CNVD-2019-13413 // 
            
            
            
            VULHUB: VHN-131662 // 
            
            
            
            VULMON: CVE-2018-20818 // 
            
            
            
            JVNDB: JVNDB-2018-015290 // 
            
            
            
            CNNVD: CNNVD-201904-971 // 
            
            
            
            NVD: CVE-2018-20818

REFERENCES
url:https://arxiv.org/pdf/1809.07477
Trust: 2.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20818
Trust: 1.4
url:https://nvd.nist.gov/vuln/detail/cve-2018-20818
Trust: 1.4
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-13413 // 
            
            
            
            VULHUB: VHN-131662 // 
            
            
            
            VULMON: CVE-2018-20818 // 
            
            
            
            JVNDB: JVNDB-2018-015290 // 
            
            
            
            CNNVD: CNNVD-201904-971 // 
            
            
            
            NVD: CVE-2018-20818

SOURCES
db:IVDid:cd2704ae-ad35-41ac-9a35-fde15c7b458b
db:CNVDid:CNVD-2019-13413
db:VULHUBid:VHN-131662
db:VULMONid:CVE-2018-20818
db:JVNDBid:JVNDB-2018-015290
db:CNNVDid:CNNVD-201904-971
db:NVDid:CVE-2018-20818

LAST UPDATE DATE
2024-11-23T21:59:58.933000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-13413date:2019-05-09T00:00:00
db:VULHUBid:VHN-131662date:2019-04-23T00:00:00
db:VULMONid:CVE-2018-20818date:2019-04-23T00:00:00
db:JVNDBid:JVNDB-2018-015290date:2019-05-23T00:00:00
db:CNNVDid:CNNVD-201904-971date:2019-04-24T00:00:00
db:NVDid:CVE-2018-20818date:2024-11-21T04:02:15.033

SOURCES RELEASE DATE
db:IVDid:cd2704ae-ad35-41ac-9a35-fde15c7b458bdate:2019-05-09T00:00:00
db:CNVDid:CNVD-2019-13413date:2019-05-09T00:00:00
db:VULHUBid:VHN-131662date:2019-04-22T00:00:00
db:VULMONid:CVE-2018-20818date:2019-04-22T00:00:00
db:JVNDBid:JVNDB-2018-015290date:2019-05-23T00:00:00
db:CNNVDid:CNNVD-201904-971date:2019-04-22T00:00:00
db:NVDid:CVE-2018-20818date:2019-04-22T11:29:01.970