CVE-2018-17927

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-284-03", "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-284-03", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/105682", "name": "105682", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and prior, multiple out-of-bounds write vulnerabilities may be exploited by processing specially crafted project files lacking user input validation, which may cause the system to write outside the intended buffer area and may allow remote code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-787"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2018-17927", "ASSIGNER": "ics-cert@hq.dhs.gov"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}}, "publishedDate": "2018-10-11T22:29Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:deltaww:tpeditor:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.90"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2019-10-09T23:37Z"}