Date |
Type |
Platform |
Author |
EDB-ID |
CVE-ID |
OSVDB-ID |
Download |
App |
SIS Signature |
2018-03-01 | Other | Delta Electronics | Ghirmay Desta working with Trend Micro’s Zero Day Initiative (ZDI) reported this vulnerability to NCCIC. | N/A | CVE-2018-5476 | N/A |  | N/A | N/A |
Source
#
# Delta Electronics Delta Industrial Automation DOPSoft
#
### VULNERABLE VENDOR
Delta Electronics
### VULNERABLE PRODUCT
Delta Industrial Automation DOPSoft
### RESEARCHER
Ghirmay Desta working with Trend Micro’s Zero Day Initiative (ZDI) reported this vulnerability to NCCIC.
### AFFECTED PRODUCTS
The following version of Delta Industrial Automation DOPSoft, a human machine interface (HMI), is affected:
Delta Industrial Automation DOPSoft, Version 4.00.01 or prior
### IMPACT
Successful exploitation of this vulnerability could cause the device the attacker is accessing to crash; a buffer overflow condition may allow remote code execution.
### VULNERABILITY OVERVIEW
STACK-BASED BUFFER OVERFLOW CWE-121
Stack-based buffer overflow vulnerabilities caused by processing specially crafted .dop or .dpb files may allow an attacker to remotely execute arbitrary code.
CVE-2018-5476 has been assigned to this vulnerability.
A CVSS v3 base score of 6.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
### BACKGROUND
Critical Infrastructure Sectors: Commercial Facilities, Communications, Critical Manufacturing, Energy, Healthcare and Public Health
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Taiwan
### MITIGATION
Delta Electronics recommends affected users update to the latest version of DOPSoft Version 4.00.04, which is available for download at:
http://
www.deltaww.com/Products/PluginWebUserControl/downloadCenterCounter.aspx?DID=9063&DocPath=1&hl=en-US
.
Delta Electronics also recommends users restrict the interaction with the application to trusted files.