SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-381358214] Delta Electronics Delta Industrial Automation DOPSoft

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2018-03-01OtherDelta ElectronicsGhirmay Desta working with Trend Micro’s Zero Day Initiative (ZDI) reported this vulnerability to NCCIC.N/ACVE-2018-5476 N/AN/AN/A

Source

						
							
								
#
# Delta Electronics Delta Industrial Automation DOPSoft
#


### VULNERABLE VENDOR
Delta Electronics


### VULNERABLE PRODUCT
Delta Industrial Automation DOPSoft 


### RESEARCHER
Ghirmay Desta working with Trend Micro’s Zero Day Initiative (ZDI) reported this vulnerability to NCCIC.


### AFFECTED PRODUCTS
The following version of Delta Industrial Automation DOPSoft, a human machine interface (HMI), is affected:

Delta Industrial Automation DOPSoft, Version 4.00.01 or prior


### IMPACT
Successful exploitation of this vulnerability could cause the device the attacker is accessing to crash; a buffer overflow condition may allow remote code execution.


### VULNERABILITY OVERVIEW
STACK-BASED BUFFER OVERFLOW CWE-121
Stack-based buffer overflow vulnerabilities caused by processing specially crafted .dop or .dpb files may allow an attacker to remotely execute arbitrary code.
CVE-2018-5476 has been assigned to this vulnerability.
A CVSS v3 base score of 6.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)





### BACKGROUND
Critical Infrastructure Sectors: Commercial Facilities, Communications, Critical Manufacturing, Energy, Healthcare and Public Health
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Taiwan




### MITIGATION

Delta Electronics recommends affected users update to the latest version of DOPSoft Version 4.00.04, which is available for download at:

http://


www.deltaww.com/Products/PluginWebUserControl/downloadCenterCounter.aspx?DID=9063&DocPath=1&hl=en-US


.

Delta Electronics also recommends users restrict the interaction with the application to trusted files.