Stack-Based Buffer Overflow in Eaton ELCSoft Software
CVE-2016-4512

7.3HIGH

Key Information:

Vendor

Eaton

Status
Elcsoft
Vendor
CVE Published:
3 July 2016

What is CVE-2016-4512?

A stack-based buffer overflow vulnerability exists in the ELCSimulator component of Eaton's ELCSoft software. This flaw allows remote attackers to exploit the software by sending specially crafted packets, which can lead to the execution of arbitrary code on the target system. Users of ELCSoft 2.4.01 and earlier versions are particularly at risk, as the vulnerability can be triggered remotely without any prior authentication.

References

http://www.zerodayinitiative.com/advisories/ZDI-16-407
x_refsource_MISC
https://ics-cert.us-cert.gov/advisories/ICSA-16-182-01
x_refsource_MISC
http://www.securityfocus.com/bid/91524
vdb-entryx_refsource_BID

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.