Risk | High |
Patch available | YES |
Number of vulnerabilities | 3 |
CVE-ID | CVE-2018-10623 CVE-2018-10617 CVE-2018-10621 |
CWE-ID | CWE-125 CWE-122 CWE-121 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Delta Industrial Automation DOPSoft Client/Desktop applications / Other client software |
Vendor | Delta Electronics, Inc. |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
EUVDB-ID: #VU13119
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-10623
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The vulnerability exists due to the application performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. A remote unauthenticated attacker can bypass security restriction and cause improper restriction of operations within the bounds of the memory buffer, alter the intended control flow, read sensitive information, or cause the application to crash.
MitigationInstall update from vendor's website.
Vulnerable software versionsDelta Industrial Automation DOPSoft: All versions
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-18-151-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13120
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-10617
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.
The vulnerability exists due to the application utilizes a fixed-length heap buffer where a value larger than the buffer can be read from a .dpa file into the buffer. A remote unauthenticated attacker can trigger heap-based buffer overflow and cause the service to crash or execute arbitrary code with elevated privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsDelta Industrial Automation DOPSoft: All versions
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-18-151-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13121
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-10621
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.
The vulnerability exists due to the application utilizes a fixed-length stack buffer where a value larger than the buffer can be read from a .dpa file into the buffer. A remote unauthenticated attacker can trigger stack-based buffer overflow and cause the service to crash or execute arbitrary code with elevated privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsDelta Industrial Automation DOPSoft: All versions
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-18-151-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.