Buffer Overflow Vulnerability in Delta Industrial Automation DOPSoft Software
CVE-2018-10623

9.8CRITICAL

Key Information:

Vendor: Delta Electronics
Status: Delta Industrial Automation Dopsoft
Vendor: CVE Published:; 18 June 2018

Summary

Delta Electronics' DOPSoft software, specifically version 4.00.04 and earlier, has a critical vulnerability that permits read operations based on values extracted from .dpa files. This flaw can allow attackers to manipulate the memory buffer, leading to potential remote code execution, unauthorized access to sensitive data, alteration of application control flow, or even application crashes, posing significant security risks to users.

Affected Version(s)

Delta Industrial Automation DOPSoft Version 4.00.04 and prior.

References

http://www.securityfocus.com/bid/104375

vdb-entryx_refsource_BID

https://ics-cert.us-cert.gov/advisories/ICSA-18-151-01

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 18, 2018
Vulnerability Reserved
May 1, 2018