CVE-2018-10594
CRITICALDelta Industrial Automation COMMGR <1.08 - Buffer Overflow
Title source: llmDescription
Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1) utilize a fixed-length stack buffer where an unverified length value can be read from the network packets via a specific network port, causing the buffer to be overwritten. This may allow remote code execution, cause the application to crash, or result in a denial-of-service condition in the application server.
Exploits (3)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/45574
metasploit
WORKING POC
NORMAL
by ZDI, t4rkd3vilz, hubertwslin · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/scada/delta_ia_commgr_bof.rb
References (4)
Scores
CVSS v3
9.8
EPSS
0.7824
EPSS Percentile
99.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
CWE-121
Status
published
Products (1)
deltaww/commgr
< 1.08
Published
Jun 26, 2018
Tracked Since
Feb 18, 2026