CVE-2018-8847
published 2018-07-13CVE-2018-8847: Eaton 9000X DriveA versions 2.0.29 and prior has a stack-based buffer overflow vulnerability, which may allow remote code execution.
PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
6.84%
93.2th percentile
Eaton 9000X DriveA versions 2.0.29 and prior has a stack-based buffer overflow vulnerability, which may allow remote code execution.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| eaton | 9000x_firmware | <= 2.0.29 | — |
| ics-cert | eaton_9000x_drive | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is remotely exploitable (network vector) with no authentication required and no user interaction, targeting Eaton 9000X Drive versions 2.0.29 and prior via a stack-based buffer overflow (CWE-121) ↗
- →No known public exploits exist at time of advisory publication; exploitation requires high skill level, suggesting targeted/manual exploitation attempts rather than commodity scanning ↗
- →Monitor network traffic to Eaton 9000X Drive devices for anomalous or oversized input that could trigger a stack-based buffer overflow; device is deployed in Energy sector critical infrastructure worldwide ↗
- ·CVSS v3 base score is 5.6 (Medium) despite remote code execution potential; the High attack complexity (AC:H) reflects that exploitation is non-trivial and requires significant attacker skill ↗
- ·Only Eaton 9000X Drive versions 2.0.29 and prior are affected; patched firmware is available from Eaton's security bulletin ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v547-ggh4-4xpf: Eaton 9000X DriveA versions 2
ghsa_unreviewed·2022-05-13
CVE-2018-8847 [CRITICAL] CWE-787 GHSA-v547-ggh4-4xpf: Eaton 9000X DriveA versions 2
Eaton 9000X DriveA versions 2.0.29 and prior has a stack-based buffer overflow vulnerability, which may allow remote code execution.
CISA ICS
Eaton 9000X Drive
cisa_ics·2018-07-12·CVSS 9.8
[CRITICAL] Eaton 9000X Drive
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Eaton 9000X Drive
Last RevisedJuly 12, 2018
Alert CodeICSA-18-193-01
## 1. EXECUTIVE SUMMARY
-
CVSS v3 5.6
- ATTENTION: Exploitable remotely
- Vendor: Eaton
- Equipment: 9000X Drive
- Vulnerability: Stack-based Buffer Overflow
## 2. RISK EVALUATION
Successful exploitation of this vulnerability may allow remote code execution.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following version of Eaton 9000X Drive is affected:
- 9000X Drive, Versions 2.0.29 and prior.
## 3.2 VULNERABILITY OVERVIEW
## 3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121
A stack-based buffer o
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton_9000X_Drive.pdfhttp://www.securityfocus.com/bid/104736https://ics-cert.us-cert.gov/advisories/ICSA-18-193-01http://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton_9000X_Drive.pdfhttp://www.securityfocus.com/bid/104736https://ics-cert.us-cert.gov/advisories/ICSA-18-193-01
2018-07-13
Published