CVE-2018-10621

Name of the Vulnerable Software and Affected Versions Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior

Description The issue is related to a stack-based buffer overflow that occurs when parsing .dpa files. This happens because the software uses a fixed-length stack buffer where a value larger than the buffer can be read from a .dpa file, causing the buffer to be overwritten. This may allow remote code execution or cause the application to crash.

Recommendations For Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior, as a temporary workaround, consider restricting the use of .dpa files until a patch is available. Avoid using the vulnerable DOPSoft version to parse .dpa files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.