CVE-2018-10594 — CRITICAL (9.8)

Q: How severe is CVE-2018-10594?

CVE-2018-10594 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2018-10594?

Check the references section above for vendor advisories and patch information. Affected products include: Deltaww Commgr, Deltaww Dvpsimulator Ahsim 5X0, Deltaww Dvpsimulator Ahsim 5X1, Deltaww Dvpsimulator Eh2, Deltaww Dvpsimulator Es2.

Vulnerability Description

Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1) utilize a fixed-length stack buffer where an unverified length value can be read from the network packets via a specific network port, causing the buffer to be overwritten. This may allow remote code execution, cause the application to crash, or result in a denial-of-service condition in the application server.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Deltaww	Commgr	<= 1.08
Deltaww	Dvpsimulator Ahsim 5X0	-
Deltaww	Dvpsimulator Ahsim 5X1	-
Deltaww	Dvpsimulator Eh2	-
Deltaww	Dvpsimulator Es2	-
Deltaww	Dvpsimulator H3	-
Deltaww	Dvpsimulator Se	-
Deltaww	Dvpsimulator Ss2	-

Related Weaknesses (CWE)

CWE-121 CWE-119

References

http://www.securityfocus.com/bid/104529Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-172-01Third Party AdvisoryUS Government Resource
https://www.exploit-db.com/exploits/44965/ExploitThird Party AdvisoryVDB Entry
https://www.exploit-db.com/exploits/45574/ExploitThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/104529Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-172-01Third Party AdvisoryUS Government Resource
https://www.exploit-db.com/exploits/44965/ExploitThird Party AdvisoryVDB Entry
https://www.exploit-db.com/exploits/45574/ExploitThird Party AdvisoryVDB Entry

FAQ

What is CVE-2018-10594?

CVE-2018-10594 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1) utilize a fixed-length...

How severe is CVE-2018-10594?

CVE-2018-10594 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2018-10594?

Check the references section above for vendor advisories and patch information. Affected products include: Deltaww Commgr, Deltaww Dvpsimulator Ahsim 5X0, Deltaww Dvpsimulator Ahsim 5X1, Deltaww Dvpsimulator Eh2, Deltaww Dvpsimulator Es2.