CVE-2018-10623

CRITICAL

Delta Industrial Automation DOPSoft < 4.00.04 - Out-of-bounds Read via .dpa File

Title source: llm
STIX 2.1

Description

Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. This may cause improper restriction of operations within the bounds of the memory buffer, allow remote code execution, alter the intended control flow, allow reading of sensitive information, or cause the application to crash.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/104375
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-18-151-01

Scores

CVSS v3 9.8
EPSS 0.0358
EPSS Percentile 88.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-125
Status published
Products (1)
deltaww/delta_industrial_automation_dopsoft < 4.00.04
Published Jun 18, 2018
Tracked Since Feb 18, 2026