CVE-2018-10623 - OpenCVE

Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. This may cause improper restriction of operations within the bounds of the memory buffer, allow remote code execution, alter the intended control flow, allow reading of sensitive information, or cause the application to crash.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Deltaww	Delta Industrial Automation Dopsoft

Configuration 1 [-]

cpe:2.3:a:deltaww:delta_industrial_automation_dopsoft:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/104375
https://ics-cert.us-cert.gov/advisories/ICSA-18-151-01

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2018-06-18T19:00:00Z

Updated: 2024-09-17T01:11:08.499Z

Reserved: 2018-05-01T00:00:00

Link: CVE-2018-10623

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-06-18T19:29:00.293

Modified: 2019-10-09T23:32:56.633

Link: CVE-2018-10623

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Delta Industrial Automation DOPSoft", "vendor": "Delta Electronics", "versions": [{"status": "affected", "version": "Version 4.00.04 and prior."}]}], "datePublic": "2018-05-31T00:00:00", "descriptions": [{"lang": "en", "value": "Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. This may cause improper restriction of operations within the bounds of the memory buffer, allow remote code execution, alter the intended control flow, allow reading of sensitive information, or cause the application to crash."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "OUT-OF-BOUNDS READ CWE-125", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-06-19T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"name": "104375", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/104375"}, {"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-01"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2018-05-31T00:00:00", "ID": "CVE-2018-10623", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Delta Industrial Automation DOPSoft", "version": {"version_data": [{"version_value": "Version 4.00.04 and prior."}]}}]}, "vendor_name": "Delta Electronics"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. This may cause improper restriction of operations within the bounds of the memory buffer, allow remote code execution, alter the intended control flow, allow reading of sensitive information, or cause the application to crash."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "OUT-OF-BOUNDS READ CWE-125"}]}]}, "references": {"reference_data": [{"name": "104375", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104375"}, {"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T07:46:46.153Z"}, "title": "CVE Program Container", "references": [{"name": "104375", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/104375"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-01"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-10623", "datePublished": "2018-06-18T19:00:00Z", "dateReserved": "2018-05-01T00:00:00", "dateUpdated": "2024-09-17T01:11:08.499Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:deltaww:delta_industrial_automation_dopsoft:*:*:*:*:*:*:*:*", "matchCriteriaId": "DA105864-87DC-4A4A-90CF-A55CE057DE5F", "versionEndIncluding": "4.00.04", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. This may cause improper restriction of operations within the bounds of the memory buffer, allow remote code execution, alter the intended control flow, allow reading of sensitive information, or cause the application to crash."}, {"lang": "es", "value": "Delta Industrial Automation DOPSoft, de Delta Electronics, en versiones 4.00.04 y anteriores, realiza operaciones de lectura en un b\u00fafer de memoria en el que la posici\u00f3n puede ser determinada por una lectura de valor desde un archivo .dpa. Esto podr\u00eda provocar la restricci\u00f3n incorrecta de operaciones en los l\u00edmites del b\u00fafer de memoria, permitir la ejecuci\u00f3n remota de c\u00f3digo, alterar el flujo de control planeado, permitir la lectura de informaci\u00f3n sensible o hacer que la aplicaci\u00f3n se cierre inesperadamente."}], "id": "CVE-2018-10623", "lastModified": "2019-10-09T23:32:56.633", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-06-18T19:29:00.293", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104375"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-125"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}