Heap-based Buffer Overflow in Eaton ELCSoft 2.4.01 and Earlier Versions
CVE-2016-4509

6MEDIUM

Key Information:

Vendor
Eaton
Status
Elcsoft
Vendor
CVE Published:
3 July 2016

Summary

A vulnerability exists in Eaton ELCSoft that is caused by a heap-based buffer overflow in elcsoft.exe. This issue allows remote authenticated users to potentially execute arbitrary code by sending specially crafted files to the application. If exploited, this vulnerability may compromise the integrity and security of the affected systems.

References

https://ics-cert.us-cert.gov/advisories/ICSA-16-182-01
x_refsource_MISC
http://www.zerodayinitiative.com/advisories/ZDI-16-408
x_refsource_MISC
http://www.securityfocus.com/bid/91524
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.