Main Vulnerability Database SB2017021307

SB2017021307 - Buffer overflow in ISPSoft

Published: February 13, 2017 Updated: August 8, 2020

Security Bulletin ID SB2017021307

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Buffer overflow (CVE-ID: CVE-2016-5805)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to2.10.10. There are multiple instances of heap-based buffer overflows that may allow malicious files to cause the execution of arbitrary code or a denial of service.

Remediation

Install update from vendor's website.

References

http://www.securityfocus.com/bid/94887
https://ics-cert.us-cert.gov/advisories/ICSA-16-348-03