Login Sign Up

CVE-2018-17930

9.8 CRITICAL
Remote Code Execution Buffer Overflow

📋 TL;DR

A stack-based buffer overflow vulnerability in Teledyne DALSA Sherlock vision software allows remote attackers to execute arbitrary code on affected systems. This affects Sherlock versions 7.2.7.4 and earlier, potentially compromising industrial control systems and manufacturing environments.

💻 Affected Systems

Products:
  • Teledyne DALSA Sherlock
Versions: Version 7.2.7.4 and prior
Operating Systems: Windows (typically used with industrial systems)
Default Config Vulnerable: ⚠️ Yes
Notes: Used in industrial vision inspection systems, often in manufacturing environments with critical processes.

📦 What is this software?

Sherlock by Teledynedalsa

View all CVEs affecting Sherlock →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote unauthenticated attacker gains full system control, installs malware, disrupts industrial processes, and pivots to other network systems.

🟠

Likely Case

Remote code execution leading to system compromise, data theft, and disruption of vision inspection systems in manufacturing environments.

🟢

If Mitigated

Limited impact if system is isolated, patched, or protected by network segmentation and application whitelisting.

🌐 Internet-Facing: HIGH - CVSS 9.8 indicates critical remote exploitability without authentication.
🏢 Internal Only: HIGH - Even internally, this allows lateral movement and system compromise within networks.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Buffer overflow vulnerabilities typically have low exploitation complexity once details are known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 7.2.7.5 or later

Vendor Advisory: https://www.teledynedalsa.com/en/products/imaging/vision-software/sherlock/

Restart Required: Yes

Instructions:

1. Download latest Sherlock version from Teledyne DALSA. 2. Backup current configuration. 3. Install update following vendor instructions. 4. Restart system. 5. Verify version is 7.2.7.5 or higher.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Sherlock systems from untrusted networks and internet access

Application Whitelisting

windows

Implement application control to prevent unauthorized code execution

🧯 If You Can't Patch

  • Implement strict network segmentation and firewall rules to limit access to Sherlock systems
  • Deploy intrusion detection/prevention systems to monitor for exploit attempts

🔍 How to Verify

Check if Vulnerable:

Check Sherlock version in application interface or installation directory

Check Version:

Check Help > About in Sherlock application or review installation properties

Verify Fix Applied:

Confirm version is 7.2.7.5 or higher in application interface

📡 Detection & Monitoring

Log Indicators:

  • Unusual process creation from Sherlock executable
  • Memory access violations
  • Network connections to unexpected destinations

Network Indicators:

  • Unusual traffic patterns to/from Sherlock systems
  • Exploit attempt signatures in network traffic

SIEM Query:

source="sherlock*" AND (event_type="process_creation" OR event_type="access_violation")

📊 Metadata

CVE ID: CVE-2018-17930
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-121
Published: November 28, 2018
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-17930, you might also want to check these:

CVE-2024-39791 10.0

CVE-2024-39791 is a critical stack-based buffer overflow vulnerability in Vonets industrial WiFi bri...

Same vulnerability type (CWE-121)
CVE-2022-20699 10.0

This critical vulnerability in Cisco Small Business routers allows unauthenticated remote attackers ...

Same vulnerability type (CWE-121)
CVE-2022-20701 10.0

This CVE describes multiple critical vulnerabilities in Cisco Small Business RV series routers that ...

Same vulnerability type (CWE-121)