Vulnerabilities > CVE-2019-10974 - Out-of-bounds Write vulnerability in Nrel Energyplus

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

local

low complexity

nrel

CWE-787

NVD

Published: 2019-07-26

Updated: 2024-11-21

Summary

NREL EnergyPlus, Versions 8.6.0 and possibly prior versions, The application fails to prevent an exception handler from being overwritten with arbitrary code.

Vulnerable Configurations

Part	Description	Count
Application	Nrel Nrel Energyplus - Nrel Energyplus 7.0.0.036 Nrel Energyplus 7.1.0.012 Nrel Energyplus 7.2.0.006 Nrel Energyplus 8.0.0.007 Nrel Energyplus 8.0.0.008 Nrel Energyplus 8.1.0.008 Nrel Energyplus 8.1.0.009 Nrel Energyplus 8.2.0 Nrel Energyplus 8.3.0 Nrel Energyplus 8.4.0 Nrel Energyplus 8.5.0 Nrel Energyplus 8.6.0	13

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://www.us-cert.gov/ics/advisories/icsa-19-204-02
https://www.us-cert.gov/ics/advisories/icsa-19-204-02