PT-2018-6323 · Delta Electronics · Delta Industrial Automation Screen Editor

Published

2018-03-15

Updated

2019-10-09

CVE-2017-16745

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Delta Electronics Delta Industrial Automation Screen Editor versions 2.00.23.00 and prior

Description: A Type Confusion issue may allow an attacker to execute remote code when processing specially crafted .dpb files. This occurs due to an access of resource using incompatible type, which can be exploited by an attacker.

Recommendations: For versions 2.00.23.00 and prior, update to a version later than 2.00.23.00 to resolve the issue. As a temporary workaround, consider restricting access to .dpb files to minimize the risk of exploitation. Avoid processing specially crafted .dpb files until the issue is resolved.

Fix

Type Confusion

Incorrect Type Conversion or Cast

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-843CWE-704

Related Identifiers

CVE-2017-16745

Affected Products

Delta Industrial Automation Screen Editor

PT-2018-6323 · Delta Electronics · Delta Industrial Automation Screen Editor

CVE-2017-16745

Weakness Enumeration

Related Identifiers

Affected Products

References · 4