CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0CVE-2018-7511
https://notcve.org/view.php?id=CVE-2018-7511
20 Mar 2018 — In Eaton ELCSoft versions 2.04.02 and prior, there are multiple cases where specially crafted files could cause a buffer overflow which, in turn, may allow remote execution of arbitrary code. En las versiones 2.04.02 y anteriores de Eaton ELCSoft, hay múltiples casos en los que archivos especialmente manipulados podrían provocar un desbordamiento de búfer que, a su vez, podría permitir la ejecución remota de código arbitrario. • http://www.eaton.com/ecm/idcplg?IdcService=GET_FILE&allowInterrupt=1&RevisionSelectionMethod=LatestReleased&noSaveAs=0&Rendition=Primary&dDocName=PCT_3313148 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-4509 – Eaton ELCSoft Heap Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-4509
03 Jul 2016 — Heap-based buffer overflow in elcsoft.exe in Eaton ELCSoft 2.4.01 and earlier allows remote authenticated users to execute arbitrary code via a crafted file. Desbordamiento de buffer basado en memoria dinámica en elcsoft.exe en Eaton ELCSoft 2.4.01 y versiones anteriores permite a usuarios remotos autenticados ejecutar código arbitrario a través de un archivo manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Eaton ELCSoft. User interaction is req... • http://www.securityfocus.com/bid/91524 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 18%CPEs: 1EXPL: 0CVE-2016-4512 – Eaton ELCSoft ELCSimulator Stack Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-4512
03 Jul 2016 — Stack-based buffer overflow in ELCSimulator in Eaton ELCSoft 2.4.01 and earlier allows remote attackers to execute arbitrary code via a long packet. Desbordamiento de buffer basado en pila en ELCSimulator en Eaton ELCSoft 2.4.01 y versiones anteriores permite a atacantes remotos ejecutar código arbitrario a través de un paquete largo. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Eaton ELCSoft. Authentication is not required to exploit this vulnerability... • http://www.securityfocus.com/bid/91524 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •