PT-2018-16982 · Delta Electronics · Dopsoft

Ghirmay Desta

Published

2018-03-02

Updated

2020-09-18

CVE-2018-5476

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Delta Electronics Delta Industrial Automation DOPSoft version 4.00.01 or prior

Description A Stack-based Buffer Overflow issue was discovered in Delta Electronics Delta Industrial Automation DOPSoft. This issue is caused by processing specially crafted .dop or .dpb files, which may allow an attacker to remotely execute arbitrary code.

Recommendations For Delta Electronics Delta Industrial Automation DOPSoft version 4.00.01 or prior, update to a version later than 4.00.01 to resolve the issue. As a temporary workaround, consider avoiding the use of specially crafted .dop or .dpb files until a patch is available. Restrict access to the DOPSoft application to minimize the risk of exploitation.

Fix

Stack Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-787

Related Identifiers

CVE-2018-5476

ZDI-18-220

ZDI-18-221

ZDI-18-222

ZDI-18-223

ZDI-18-224

ZDI-18-225

ZDI-18-226

ZDI-18-227

ZDI-18-228

ZDI-18-229

ZDI-18-230

ZDI-18-231

ZDI-18-232

ZDI-18-233

ZDI-18-234

ZDI-18-235

Affected Products

Dopsoft

PT-2018-16982 · Delta Electronics · Dopsoft

CVE-2018-5476

Weakness Enumeration

Related Identifiers

Affected Products

References · 20