Main Vulnerability Database Vulnerabilities #VU13119

Out-of-bounds read in Delta Industrial Automation DOPSoft - CVE-2018-10623

Published: May 30, 2018 / Updated: June 1, 2018

Vulnerability identifier: #VU13119

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-10623

CWE-ID: CWE-125

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Delta Electronics, Inc.

Affected software:
Delta Industrial Automation DOPSoft

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists due to the application performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. A remote unauthenticated attacker can bypass security restriction and cause improper restriction of operations within the bounds of the memory buffer, alter the intended control flow, read sensitive information, or cause the application to crash.

How to mitigate CVE-2018-10623

Install update from vendor's website.

Sources

https://ics-cert.us-cert.gov/advisories/ICSA-18-151-01

Out-of-bounds read in Delta Industrial Automation DOPSoft - CVE-2018-10623

Detailed vulnerability description

How to mitigate CVE-2018-10623

Sources

Please verify you're human