Vulnerability CVE-2018-10623


Published: 2018-06-18

Description:
Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. This may cause improper restriction of operations within the bounds of the memory buffer, allow remote code execution, alter the intended control flow, allow reading of sensitive information, or cause the application to crash.

Type:

CWE-125

(Out-of-bounds Read)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Deltaww -> Delta industrial automation dopsoft 

 References:
http://www.securityfocus.com/bid/104375
https://ics-cert.us-cert.gov/advisories/ICSA-18-151-01

Copyright 2021, cxsecurity.com

 

Back to Top