CVE-2018-10623
CRITICALDelta Industrial Automation DOPSoft < 4.00.04 - Out-of-bounds Read via .dpa File
Title source: llmDescription
Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. This may cause improper restriction of operations within the bounds of the memory buffer, allow remote code execution, alter the intended control flow, allow reading of sensitive information, or cause the application to crash.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/104375
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-18-151-01
Scores
CVSS v3
9.8
EPSS
0.0358
EPSS Percentile
88.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-125
Status
published
Products (1)
deltaww/delta_industrial_automation_dopsoft
< 4.00.04
Published
Jun 18, 2018
Tracked Since
Feb 18, 2026