CVE-2018-10623
CRITICALDeltaww Delta Industrial Automation Dopsoft < 4.00.04 - Out-of-Bounds Read
Title source: ruleDescription
Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. This may cause improper restriction of operations within the bounds of the memory buffer, allow remote code execution, alter the intended control flow, allow reading of sensitive information, or cause the application to crash.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/104375
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-18-151-01
Scores
CVSS v3
9.8
EPSS
0.0270
EPSS Percentile
86.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-125
Status
published
Products (1)
deltaww/delta_industrial_automation_dopsoft
< 4.00.04
Published
Jun 18, 2018
Tracked Since
Feb 18, 2026