Heap Buffer Overflow in Delta Electronics Delta Industrial Automation DOPSoft
CVE-2018-10617

9.8CRITICAL

Key Information:

Vendor: Delta Electronics
Status: Delta Industrial Automation Dopsoft
Vendor: CVE Published:; 18 June 2018

Summary

Delta Electronics Delta Industrial Automation DOPSoft versions up to 4.00.04 are susceptible to a heap buffer overflow vulnerability. This flaw occurs due to the software's use of a fixed-length heap buffer, which can be tricked into reading values larger than its allocated size from .dpa files. As a result, this may lead to buffer overwriting, potentially allowing attackers to execute arbitrary code remotely or cause the application to crash entirely.

Affected Version(s)

Delta Industrial Automation DOPSoft Version 4.00.04 and prior.

References

http://www.securityfocus.com/bid/104375

vdb-entryx_refsource_BID

https://ics-cert.us-cert.gov/advisories/ICSA-18-151-01

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 18, 2018
Vulnerability Reserved
May 1, 2018