Vulnerability Details : CVE-2018-17927
In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and prior, multiple out-of-bounds write vulnerabilities may be exploited by processing specially crafted project files lacking user input validation, which may cause the system to write outside the intended buffer area and may allow remote code execution.
Vulnerability category: Memory CorruptionExecute code
Products affected by CVE-2018-17927
- cpe:2.3:a:deltaww:tpeditor:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-17927
2.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 89 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-17927
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2018-17927
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by:
- ics-cert@hq.dhs.gov (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2018-17927
-
http://www.securityfocus.com/bid/105682
Delta Industrial Automation TPEditor Remote Code Execution and Stack Buffer Overflow VulnerabilitiesThird Party Advisory;VDB Entry
-
https://ics-cert.us-cert.gov/advisories/ICSA-18-284-03
Delta Industrial Automation TPEditor | CISAThird Party Advisory;US Government Resource
Jump to