#VU20351 Use-after-free


Published: 2019-08-21

Vulnerability identifier: #VU20351

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-13514

CWE-ID: CWE-416

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Delta Industrial Automation DOPSoft
Client/Desktop applications / Other client software

Vendor: Delta Electronics, Inc.

Description

The vulnerability allows a local attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing a specially crafted project file. A local attacker can send a specially crafted project file, trigger a use-after-free vulnerability, gain sensitive information on the target system, execute arbitrary code, or crash the application.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Delta Industrial Automation DOPSoft: 4.00.06.15


CPE

External links
http://www.us-cert.gov/ics/advisories/icsa-19-225-01
http://www.zerodayinitiative.com/advisories/ZDI-19-717/


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability