CVE-2018-10617

9.8CRITICAL

Key Information:

Vendor: Delta Electronics
Status: Delta Industrial Automation Dopsoft
Vendor: CVE Published:; 18 June 2018

Summary

Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length heap buffer where a value larger than the buffer can be read from a .dpa file into the buffer, causing the buffer to be overwritten. This may allow remote code execution or cause the application to crash.

Affected Version(s)

Delta Industrial Automation DOPSoft Version 4.00.04 and prior.

References

http://www.securityfocus.com/bid/104375

vdb-entryx_refsource_BID

https://ics-cert.us-cert.gov/advisories/ICSA-18-151-01

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 18, 2018
Vulnerability Reserved
May 1, 2018