Delta Industrial Automation DOPSoft ICSA-18-151-01 Multiple Security Vulnerabilities

Bugtraq ID:	104375
Class:	Input Validation Error
CVE:	CVE-2018-10623 CVE-2018-10617 CVE-2018-10621
Remote:	Yes
Local:	No
Published:	May 31 2018 12:00AM
Updated:	May 31 2018 12:00AM
Credit:	B0nd @garagehackers
Vulnerable:	Delta Electronics INC DOPSoft 4.0.4 Delta Electronics INC DOPSoft 4.0.1 Delta Electronics INC DOPSoft 2.0.5 Delta Electronics INC DOPSoft 2.00.04.09
Not Vulnerable:	Delta Electronics INC DOPSoft 4.00.04.22

Delta Industrial Automation DOPSoft ICSA-18-151-01 Multiple Security Vulnerabilities

Delta Industrial Automation DOPSoft is prone to the following security vulnerabilities:

1. A remote code-execution vulnerability
2. A stack-based buffer-overflow vulnerability
3. A heap-based buffer-overflow vulnerability

An attacker can exploit these issues to execute arbitrary code in the context of the affected application. Failed attacks will cause denial of service conditions.

DOPSoft 4.00.04 and prior are vulnerable.

Delta Industrial Automation DOPSoft ICSA-18-151-01 Multiple Security Vulnerabilities

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Delta Industrial Automation DOPSoft ICSA-18-151-01 Multiple Security Vulnerabilities

References:

• Delta Electronics Homepage (Delta Electronics)
  
• ICSA-18-151-01 Delta Industrial Automation DOPSoft (CERT)