CVE-2018-10594

CVE-2018-10594

Vendor Ics-Cert
Product Delta Industrial Automation COMMGR and accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1)
Weakness CWE-121
Published June 26, 2018
Last update September 16, 2024

CVSS base score

What the vulnerability does

01Description

Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1) utilize a fixed-length stack buffer where an unverified length value can be read from the network packets via a specific network port, causing the buffer to be overwritten. This may allow remote code execution, cause the application to crash, or result in a denial-of-service condition in the application server.

Key dates

02Disclosure timeline

June 26, 2018 CVE published
September 16, 2024 Record updated