← back
CVE-2018-10594

CVE-2018-10594

EPSS 69.0%CWE-121
Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1) utilize a fixed-length stack buffer where an unverified length value can be read from the network packets via a specific network port, causing the buffer to be overwritten. This may allow remote code execution, cause the application to crash, or result in a denial-of-service condition in the application server.
Affected products
ICS-CERT · Delta Industrial Automation COMMGR and accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1)
public PoCs found4
cve_referencewww.exploit-db.com/exploits/44965/unverifiedcve_referencewww.exploit-db.com/exploits/45574/unverifiedexploitdbwww.exploit-db.com/exploits/44965unverifiedexploitdbwww.exploit-db.com/exploits/45574unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://ics-cert.us-cert.gov/advisories/ICSA-18-172-01https://www.exploit-db.com/exploits/44965/https://www.exploit-db.com/exploits/45574/http://www.securityfocus.com/bid/104529