CVE-2018-10594

CRITICAL

Delta Industrial Automation COMMGR <1.08 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2018-10594. PoCs published by Metasploit, t4rkd3vilz, ZDI, t4rkd3vilz, hubertwslin, including Metasploit module exploits/windows/scada/delta_ia_commgr_bof.

AI-analyzed exploit summary This Metasploit module exploits a stack-based buffer overflow in Delta Electronics Delta Industrial Automation COMMGR 1.08 by sending a crafted packet to TCP port 502. It achieves remote code execution by overwriting the return address and executing shellcode.

Description

Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1) utilize a fixed-length stack buffer where an unverified length value can be read from the network packets via a specific network port, causing the buffer to be overwritten. This may allow remote code execution, cause the application to crash, or result in a denial-of-service condition in the application server.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/45574

This Metasploit module exploits a stack-based buffer overflow in Delta Electronics Delta Industrial Automation COMMGR 1.08 by sending a crafted packet to TCP port 502. It achieves remote code execution by overwriting the return address and executing shellcode.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Delta Electronics Delta Industrial Automation COMMGR 1.08
No auth needed
Prerequisites: Network access to TCP port 502 on the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by t4rkd3vilz · pythondoshardware
https://www.exploit-db.com/exploits/44965

This exploit demonstrates a remote stack-based buffer overflow in Delta Electronics Delta Industrial Automation COMMGR by sending a crafted payload to crash the server. It establishes multiple connections and sends a large buffer of 'A's followed by 'B's to trigger the vulnerability.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Delta Electronics Delta Industrial Automation COMMGR Version 1.08 and prior
No auth needed
Prerequisites: Network access to the target system · Target system running vulnerable version of COMMGR
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by ZDI, t4rkd3vilz, hubertwslin · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/scada/delta_ia_commgr_bof.rb

This Metasploit module exploits a stack-based buffer overflow in Delta Electronics Delta Industrial Automation COMMGR 1.08 by sending a crafted packet to TCP port 502. It achieves remote code execution by overwriting the return address and executing shellcode.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Delta Electronics Delta Industrial Automation COMMGR 1.08
No auth needed
Prerequisites: Network access to TCP port 502 · Target running Delta Electronics Delta Industrial Automation COMMGR 1.08
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/104529
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44965/
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-18-172-01
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/45574/

Scores

CVSS v3 9.8
EPSS 0.7824
EPSS Percentile 99.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119 CWE-121
Status published
Products (1)
deltaww/commgr < 1.08
Published Jun 26, 2018
Tracked Since Feb 18, 2026