Main Vulnerability Database Vulnerabilities #VU13119

#VU13119 Out-of-bounds read in Delta Industrial Automation DOPSoft - CVE-2018-10623

Published: May 30, 2018 / Updated: June 1, 2018

Vulnerability identifier: #VU13119

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-10623

CWE-ID: CWE-125

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Delta Industrial Automation DOPSoft

Software vendor:
Delta Electronics, Inc.

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists due to the application performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. A remote unauthenticated attacker can bypass security restriction and cause improper restriction of operations within the bounds of the memory buffer, alter the intended control flow, read sensitive information, or cause the application to crash.

Remediation

Install update from vendor's website.

External links

https://ics-cert.us-cert.gov/advisories/ICSA-18-151-01

#VU13119 Out-of-bounds read in Delta Industrial Automation DOPSoft - CVE-2018-10623

Description

Remediation

External links

Please verify you're human