CVE-2018-14807
published 2018-10-18CVE-2018-14807: A stack-based buffer overflow vulnerability in Opto 22 PAC Control Basic and PAC Control Professional versions R10.0a and prior may allow remote code execution.
PriorityP258critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.13%
86.2th percentile
A stack-based buffer overflow vulnerability in Opto 22 PAC Control Basic and PAC Control Professional versions R10.0a and prior may allow remote code execution.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| opto22 | pac_control | <= r10.0a | — |
| opto_22 | pac_control_basic_and_pac_control_professional | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is a stack-based buffer overflow (CWE-121) in Opto 22 PAC Control Basic and PAC Control Professional versions R10.0a and prior; monitor for anomalous remote connections or crashes targeting these products ↗
- →Successful exploitation may cause a device crash followed by potential remote code execution; unexpected process crashes on PAC Control systems should be investigated as possible exploitation attempts ↗
- ·No known public exploits specifically target this vulnerability at time of advisory publication ↗
- ·Vulnerability is rated exploitable remotely with low skill level required; CVSS v3 base score 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) — note the attack vector is listed as Local (AV:L) despite being described as remotely exploitable, which may affect detection scoping ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jxch-7prc-x795: A stack-based buffer overflow vulnerability in Opto 22 PAC Control Basic and PAC Control Professional versions R10
ghsa_unreviewed·2022-05-13
CVE-2018-14807 [CRITICAL] CWE-787 GHSA-jxch-7prc-x795: A stack-based buffer overflow vulnerability in Opto 22 PAC Control Basic and PAC Control Professional versions R10
A stack-based buffer overflow vulnerability in Opto 22 PAC Control Basic and PAC Control Professional versions R10.0a and prior may allow remote code execution.
CISA ICS
Opto 22 PAC Control Basic and PAC Control Professional
cisa_ics·2018-10-18·CVSS 9.8
[CRITICAL] Opto 22 PAC Control Basic and PAC Control Professional
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Opto 22 PAC Control Basic and PAC Control Professional
Last RevisedOctober 18, 2018
Alert CodeICSA-18-247-01
## 1. EXECUTIVE SUMMARY
-
CVSS v3 8.4
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Opto 22
- Equipment: PAC Control Basic and PAC Control Professional
- Vulnerability: Stack-based Buffer Overflow
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could crash the device being accessed, and a buffer overflow condition may then allow remote code execution.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versi
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-10-18
Published