Use-After-Free Vulnerability in Delta Industrial Automation Screen Editor by Delta Electronics
CVE-2017-16749

7.8HIGH

Key Information:

Vendor: Deltaww
Status: Delta Electronics Delta Industrial Automation Screen Editor
Vendor: CVE Published:; 15 March 2018

What is CVE-2017-16749?

A Use-after-Free vulnerability has been identified in Delta Electronics’ Delta Industrial Automation Screen Editor, specifically in versions up to 2.00.23.00. This flaw can be exploited using specially crafted .dpb files, potentially allowing an attacker to execute arbitrary code or crash the application, thereby compromising the integrity and security of the system. Users of the affected product are strongly advised to upgrade to the latest version to mitigate associated risks.

Affected Version(s)

Delta Electronics Delta Industrial Automation Screen Editor Delta Electronics Delta Industrial Automation Screen Editor

References

https://ics-cert.us-cert.gov/advisories/ICSA-18-004-01

x_refsource_MISC

http://www.securityfocus.com/bid/102426

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 15, 2018
Vulnerability Reserved
Nov 9, 2017

CVE-2017-16749 Data

JSON

Deltaww

What is CVE-2017-16749?

Affected Version(s)

References

CVSS V3.1

Timeline