PT-2018-6323 · Delta Electronics · Delta Industrial Automation Screen Editor

Publicado

2018-03-15

Atualizado

2019-10-09

CVE-2017-16745

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Delta Electronics Delta Industrial Automation Screen Editor versions 2.00.23.00 and prior

Description: A Type Confusion issue may allow an attacker to execute remote code when processing specially crafted .dpb files. This occurs due to an access of resource using incompatible type, which can be exploited by an attacker.

Recommendations: For versions 2.00.23.00 and prior, update to a version later than 2.00.23.00 to resolve the issue. As a temporary workaround, consider restricting access to .dpb files to minimize the risk of exploitation. Avoid processing specially crafted .dpb files until the issue is resolved.

Correção

Type Confusion

Incorrect Type Conversion or Cast

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-843CWE-704

Identificadores relacionados

CVE-2017-16745

Produtos afetados

Delta Industrial Automation Screen Editor

PT-2018-6323 · Delta Electronics · Delta Industrial Automation Screen Editor

CVE-2017-16745

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4