Eaton 9000X Drive Stack-Based Buffer Overflow (CVE-2018-8847)

critical Tenable OT Security Plugin ID 501191

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Eaton 9000X DriveA versions 2.0.29 and prior has a stack-based buffer overflow vulnerability, which may allow remote code execution.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Eaton has released an update for 9000X Drive that is available via the following link:

http://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton_9000X_Drive.pdf

See Also

http://www.nessus.org/u?f1ee8617

http://www.securityfocus.com/bid/104736

https://ics-cert.us-cert.gov/advisories/ICSA-18-193-01

Plugin Details

Severity: Critical

ID: 501191

Version: 1.5

Type: remote

Family: Tenable.ot

Published: 6/20/2023

Updated: 9/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2018-8847

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:eaton:9000x_firmware

Required KB Items: Tenable.ot/Eaton

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/13/2018

Vulnerability Publication Date: 7/13/2018

Exploitable With

Core Impact

Reference Information

CVE: CVE-2018-8847

CWE: 787

ICSA: 18-193-01