{"api_version":"1","generated_at":"2026-04-26T18:39:43+00:00","cve":"CVE-2017-16745","urls":{"html":"https://cve.report/CVE-2017-16745","api":"https://cve.report/api/cve/CVE-2017-16745.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-16745","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-16745"},"summary":{"title":"CVE-2017-16745","description":"A Type Confusion issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. An access of resource using incompatible type ('type confusion') vulnerability may allow an attacker to execute remote code when processing specially crafted .dpb files.","state":"PUBLIC","assigner":"ics-cert@hq.dhs.gov","published_at":"2018-03-15 23:29:00","updated_at":"2019-10-09 23:25:00"},"problem_types":["CWE-704"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/102426","name":"102426","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Malformed Request","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-18-004-01","name":"https://ics-cert.us-cert.gov/advisories/ICSA-18-004-01","refsource":"MISC","tags":["Third Party Advisory","US Government Resource"],"title":"Delta Electronics Delta Industrial Automation Screen Editor | CISA","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-16745","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16745","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"16745","vulnerable":"1","versionEndIncluding":"2.00.23.00","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"deltaww","cpe5":"delta_industrial_automation_screen_editor","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"ics-cert@hq.dhs.gov","ID":"CVE-2017-16745","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Delta Electronics Delta Industrial Automation Screen Editor","version":{"version_data":[{"version_value":"Delta Electronics Delta Industrial Automation Screen Editor"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A Type Confusion issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. An access of resource using incompatible type ('type confusion') vulnerability may allow an attacker to execute remote code when processing specially crafted .dpb files."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-843"}]}]},"references":{"reference_data":[{"name":"https://ics-cert.us-cert.gov/advisories/ICSA-18-004-01","refsource":"MISC","url":"https://ics-cert.us-cert.gov/advisories/ICSA-18-004-01"},{"name":"102426","refsource":"BID","url":"http://www.securityfocus.com/bid/102426"}]}},"nvd":{"publishedDate":"2018-03-15 23:29:00","lastModifiedDate":"2019-10-09 23:25:00","problem_types":["CWE-704"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:deltaww:delta_industrial_automation_screen_editor:*:*:*:*:*:*:*:*","versionEndIncluding":"2.00.23.00","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"16745","Ordinal":"114491","Title":"CVE-2017-16745","CVE":"CVE-2017-16745","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"16745","Ordinal":"1","NoteData":"A Type Confusion issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. An access of resource using incompatible type ('type confusion') vulnerability may allow an attacker to execute remote code when processing specially crafted .dpb files.","Type":"Description","Title":null},{"CveYear":"2017","CveId":"16745","Ordinal":"2","NoteData":"2018-03-15","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"16745","Ordinal":"3","NoteData":"2018-03-16","Type":"Other","Title":"Modified"}]}}}