PT-2018-16982 · Delta Electronics · Dopsoft

Ghirmay Desta

Publicado

2018-03-02

Atualizado

2020-09-18

CVE-2018-5476

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Delta Electronics Delta Industrial Automation DOPSoft version 4.00.01 or prior

Description A Stack-based Buffer Overflow issue was discovered in Delta Electronics Delta Industrial Automation DOPSoft. This issue is caused by processing specially crafted .dop or .dpb files, which may allow an attacker to remotely execute arbitrary code.

Recommendations For Delta Electronics Delta Industrial Automation DOPSoft version 4.00.01 or prior, update to a version later than 4.00.01 to resolve the issue. As a temporary workaround, consider avoiding the use of specially crafted .dop or .dpb files until a patch is available. Restrict access to the DOPSoft application to minimize the risk of exploitation.

Correção

Stack Overflow

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-121CWE-787

Identificadores relacionados

CVE-2018-5476

ZDI-18-220

ZDI-18-221

ZDI-18-222

ZDI-18-223

ZDI-18-224

ZDI-18-225

ZDI-18-226

ZDI-18-227

ZDI-18-228

ZDI-18-229

ZDI-18-230

ZDI-18-231

ZDI-18-232

ZDI-18-233

ZDI-18-234

ZDI-18-235

Produtos afetados

Dopsoft

PT-2018-16982 · Delta Electronics · Dopsoft

CVE-2018-5476

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 20