CVE-2018-14800

7.8HIGH

Key Information:

Vendor: Delta Electronics
Status: Ispsoft
Vendor: CVE Published:; 3 October 2018

Summary

Delta Electronics ISPSoft version 3.0.5 and prior allow an attacker, by opening a crafted file, to cause the application to read past the boundary allocated to a stack object, which could allow execution of code under the context of the application.

Affected Version(s)

ISPSoft Version 3.0.5 and prior

References

https://ics-cert.us-cert.gov/advisories/ICSA-18-275-01

x_refsource_MISC

http://www.securityfocus.com/bid/105485

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 3, 2018
Vulnerability Reserved
Aug 1, 2018