Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-10623

Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. This may cause improper restriction of operations within the bounds of the memory buffer, allow remote code execution, alter the intended control flow, allow reading of sensitive information, or cause the application to crash.

Published

2018-06-18T19:29:00.293

Last Modified

2024-11-21T03:41:41.207

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-125
Type: Primary
CWE-125

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	deltaww	delta_industrial_automation_dopsoft	≤ 4.00.04	Yes

References

http://www.securityfocus.com/bid/104375 Third Party Advisory, VDB Entry ([email protected])
https://ics-cert.us-cert.gov/advisories/ICSA-18-151-01 Third Party Advisory, US Government Resource ([email protected])
http://www.securityfocus.com/bid/104375 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://ics-cert.us-cert.gov/advisories/ICSA-18-151-01 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)