CVE-2018-10623

Published: Jun 18, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. This may cause improper restriction of operations within the bounds of the memory buffer, allow remote code execution, alter the intended control flow, allow reading of sensitive information, or cause the application to crash.

Affected (1)

Products: Deltaww: Delta Industrial Automation Dopsoft

1 product

Delta Industrial Automation Dopsoft

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Deltaww Delta Industrial Automation Dopsoft	Up to 4.00.04

Related CWEs

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (4)

http://www.securityfocus.com/bid/104375

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-18-151-01

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

http://www.securityfocus.com/bid/104375

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-18-151-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.