cvelistv5 - cve-2018-10623

CVE-2018-10623 (GCVE-0-2018-10623)

Vulnerability from cvelistv5 – Published: 2018-06-18 19:00 – Updated: 2024-09-17 01:11

Summary

Severity ?

No CVSS data available.

CWE

CWE-125 - OUT-OF-BOUNDS READ CWE-125

Assigner

icscert

References

URL

	Vendor	Product	Version
	Delta Electronics	Delta Industrial Automation DOPSoft	Affected: Version 4.00.04 and prior.

CNVD-2018-12141

Vulnerability from cnvd - Published: 2018-06-27

Title

Delta Industrial Automation DOPSoft越界读取漏洞

Description

Delta Electronics Delta Industrial Automation DOPSoft是台达电子（Delta Electronics）公司的一套人机界面应用程序。 Delta Electronics Delta Industrial Automation DOPSoft 4.00.04及之前版本中存在越界读取漏洞，该漏洞源于程序未能正确限制内存缓冲区范围内的操作。远程攻击者可利用该漏洞执行任意代码，读取敏感信息或造成应用程序崩溃。

Severity

高

Patch Name

Delta Industrial Automation DOPSoft越界读取漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： http://www.deltaww.com/

Reference

https://ics-cert.us-cert.gov/advisories/ICSA-18-151-01

Impacted products

Name
Delta Electronics Delta Industrial Automation DOPSoft <=4.00.04

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-10623"
    }
  },
  "description": "Delta Electronics Delta Industrial Automation DOPSoft\u662f\u53f0\u8fbe\u7535\u5b50\uff08Delta Electronics\uff09\u516c\u53f8\u7684\u4e00\u5957\u4eba\u673a\u754c\u9762\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nDelta Electronics Delta Industrial Automation DOPSoft 4.00.04\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u9650\u5236\u5185\u5b58\u7f13\u51b2\u533a\u8303\u56f4\u5185\u7684\u64cd\u4f5c\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u8bfb\u53d6\u654f\u611f\u4fe1\u606f\u6216\u9020\u6210\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002",
  "discovererName": "B0nd @garagehackers",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttp://www.deltaww.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-12141",
  "openTime": "2018-06-27",
  "patchDescription": "Delta Electronics Delta Industrial Automation DOPSoft\u662f\u53f0\u8fbe\u7535\u5b50\uff08Delta Electronics\uff09\u516c\u53f8\u7684\u4e00\u5957\u4eba\u673a\u754c\u9762\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nDelta Electronics Delta Industrial Automation DOPSoft 4.00.04\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u9650\u5236\u5185\u5b58\u7f13\u51b2\u533a\u8303\u56f4\u5185\u7684\u64cd\u4f5c\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u8bfb\u53d6\u654f\u611f\u4fe1\u606f\u6216\u9020\u6210\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002 \u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Delta Industrial Automation DOPSoft\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Delta Electronics Delta Industrial Automation DOPSoft \u003c=4.00.04"
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-01",
  "serverity": "\u9ad8",
  "submitTime": "2018-06-06",
  "title": "Delta Industrial Automation DOPSoft\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e"
}

GSD-2018-10623

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-10623

Aliases

CVE-2018-10623

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-10623",
    "description": "Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. This may cause improper restriction of operations within the bounds of the memory buffer, allow remote code execution, alter the intended control flow, allow reading of sensitive information, or cause the application to crash.",
    "id": "GSD-2018-10623"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-10623"
      ],
      "details": "Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. This may cause improper restriction of operations within the bounds of the memory buffer, allow remote code execution, alter the intended control flow, allow reading of sensitive information, or cause the application to crash.",
      "id": "GSD-2018-10623",
      "modified": "2023-12-13T01:22:41.386666Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "DATE_PUBLIC": "2018-05-31T00:00:00",
        "ID": "CVE-2018-10623",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Delta Industrial Automation DOPSoft",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Version 4.00.04 and prior."
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Delta Electronics"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. This may cause improper restriction of operations within the bounds of the memory buffer, allow remote code execution, alter the intended control flow, allow reading of sensitive information, or cause the application to crash."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "OUT-OF-BOUNDS READ CWE-125"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "104375",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/104375"
          },
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-01",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-01"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:deltaww:delta_industrial_automation_dopsoft:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.00.04",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2018-10623"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. This may cause improper restriction of operations within the bounds of the memory buffer, allow remote code execution, alter the intended control flow, allow reading of sensitive information, or cause the application to crash."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-125"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-01",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-01"
            },
            {
              "name": "104375",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/104375"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-09T23:32Z",
      "publishedDate": "2018-06-18T19:29Z"
    }
  }
}

VAR-201806-0553

Vulnerability from variot - Updated: 2023-12-18 12:50

Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. This may cause improper restriction of operations within the bounds of the memory buffer, allow remote code execution, alter the intended control flow, allow reading of sensitive information, or cause the application to crash. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of fields in DPA files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code under the context of the current process. Delta Electronics Delta Industrial Automation DOPSoft is a set of human interface applications from Delta Electronics. A remote code-execution vulnerability 2. A stack-based buffer-overflow vulnerability 3. Failed attacks will cause denial of service conditions. DOPSoft 4.00.04 and prior are vulnerable

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201806-0553",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "dopsoft",
        "scope": null,
        "trust": 1.4,
        "vendor": "delta industrial automation",
        "version": null
      },
      {
        "model": "delta industrial automation dopsoft",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "deltaww",
        "version": "4.00.04"
      },
      {
        "model": "industrial automation dopsoft",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "delta",
        "version": "4.00.04"
      },
      {
        "model": "electronics delta industrial automation dopsoft",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "delta",
        "version": "\u003c=4.00.04"
      },
      {
        "model": "delta industrial automation dopsoft",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "deltaww",
        "version": "4.00.04"
      },
      {
        "model": "electronics inc dopsoft",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "delta",
        "version": "4.0.4"
      },
      {
        "model": "electronics inc dopsoft",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "delta",
        "version": "4.0.1"
      },
      {
        "model": "electronics inc dopsoft",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "delta",
        "version": "2.0.5"
      },
      {
        "model": "electronics inc dopsoft",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "delta",
        "version": "2.00.04.09"
      },
      {
        "model": "electronics inc dopsoft",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "delta",
        "version": "4.00.04.22"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "delta industrial automation dopsoft",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e3007680-39ab-11e9-b812-000c29342cb1"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-537"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-535"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-12141"
      },
      {
        "db": "BID",
        "id": "104375"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006534"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-10623"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-809"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:deltaww:delta_industrial_automation_dopsoft:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.00.04",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-10623"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "b0nd @garage4hackers",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-18-537"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-535"
      }
    ],
    "trust": 1.4
  },
  "cve": "CVE-2018-10623",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "ZDI",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2018-10623",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 1.4,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2018-10623",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2018-12141",
            "impactScore": 8.5,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "e3007680-39ab-11e9-b812-000c29342cb1",
            "impactScore": 8.5,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:P",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2018-10623",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-10623",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "ZDI",
            "id": "CVE-2018-10623",
            "trust": 1.4,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-12141",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201806-809",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "e3007680-39ab-11e9-b812-000c29342cb1",
            "trust": 0.2,
            "value": "CRITICAL"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e3007680-39ab-11e9-b812-000c29342cb1"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-537"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-535"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-12141"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006534"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-10623"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-809"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. This may cause improper restriction of operations within the bounds of the memory buffer, allow remote code execution, alter the intended control flow, allow reading of sensitive information, or cause the application to crash. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of fields in DPA files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code under the context of the current process. Delta Electronics Delta Industrial Automation DOPSoft is a set of human interface applications from Delta Electronics. A remote code-execution vulnerability\n2. A stack-based buffer-overflow vulnerability\n3. Failed attacks will cause denial of  service conditions. \nDOPSoft 4.00.04 and prior are vulnerable",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-10623"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006534"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-537"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-535"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-12141"
      },
      {
        "db": "BID",
        "id": "104375"
      },
      {
        "db": "IVD",
        "id": "e3007680-39ab-11e9-b812-000c29342cb1"
      }
    ],
    "trust": 3.87
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-10623",
        "trust": 4.9
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-18-151-01",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "104375",
        "trust": 1.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-12141",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-809",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006534",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-5975",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-537",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-5973",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-535",
        "trust": 0.7
      },
      {
        "db": "IVD",
        "id": "E3007680-39AB-11E9-B812-000C29342CB1",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e3007680-39ab-11e9-b812-000c29342cb1"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-537"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-535"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-12141"
      },
      {
        "db": "BID",
        "id": "104375"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006534"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-10623"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-809"
      }
    ]
  },
  "id": "VAR-201806-0553",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "e3007680-39ab-11e9-b812-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-12141"
      }
    ],
    "trust": 1.7285714
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e3007680-39ab-11e9-b812-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-12141"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:50:44.571000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Delta Industrial Automation has issued an update to correct this vulnerability.",
        "trust": 1.4,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-151-01"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.deltaww.com/"
      },
      {
        "title": "Delta Industrial Automation DOPSoft cross-border read vulnerability patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/132877"
      },
      {
        "title": "Delta Industrial Automation DOPSoft Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=81327"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-18-537"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-535"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-12141"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006534"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-809"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-125",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006534"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-10623"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 4.7,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-151-01"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/104375"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10623"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10623"
      },
      {
        "trust": 0.3,
        "url": "http://www.deltaww.com/"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-18-537"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-535"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-12141"
      },
      {
        "db": "BID",
        "id": "104375"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006534"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-10623"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-809"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "e3007680-39ab-11e9-b812-000c29342cb1"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-537"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-535"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-12141"
      },
      {
        "db": "BID",
        "id": "104375"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006534"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-10623"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-809"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-06-27T00:00:00",
        "db": "IVD",
        "id": "e3007680-39ab-11e9-b812-000c29342cb1"
      },
      {
        "date": "2018-06-05T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-537"
      },
      {
        "date": "2018-06-05T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-535"
      },
      {
        "date": "2018-06-27T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-12141"
      },
      {
        "date": "2018-05-31T00:00:00",
        "db": "BID",
        "id": "104375"
      },
      {
        "date": "2018-08-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-006534"
      },
      {
        "date": "2018-06-18T19:29:00.293000",
        "db": "NVD",
        "id": "CVE-2018-10623"
      },
      {
        "date": "2018-06-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201806-809"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-06-05T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-537"
      },
      {
        "date": "2018-06-05T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-535"
      },
      {
        "date": "2018-11-05T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-12141"
      },
      {
        "date": "2018-05-31T00:00:00",
        "db": "BID",
        "id": "104375"
      },
      {
        "date": "2018-08-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-006534"
      },
      {
        "date": "2019-10-09T23:32:56.633000",
        "db": "NVD",
        "id": "CVE-2018-10623"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201806-809"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-809"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-18-537"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-535"
      }
    ],
    "trust": 1.4
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer error",
    "sources": [
      {
        "db": "IVD",
        "id": "e3007680-39ab-11e9-b812-000c29342cb1"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-809"
      }
    ],
    "trust": 0.8
  }
}

FKIE_CVE-2018-10623

Vulnerability from fkie_nvd - Published: 2018-06-18 19:29 - Updated: 2024-11-21 03:41

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
ics-cert@hq.dhs.gov	http://www.securityfocus.com/bid/104375	Third Party Advisory, VDB Entry
ics-cert@hq.dhs.gov	https://ics-cert.us-cert.gov/advisories/ICSA-18-151-01	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/104375	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-18-151-01	Third Party Advisory, US Government Resource

Impacted products

	Vendor	Product	Version
	deltaww	delta_industrial_automation_dopsoft	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:deltaww:delta_industrial_automation_dopsoft:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA105864-87DC-4A4A-90CF-A55CE057DE5F",
              "versionEndIncluding": "4.00.04",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. This may cause improper restriction of operations within the bounds of the memory buffer, allow remote code execution, alter the intended control flow, allow reading of sensitive information, or cause the application to crash."
    },
    {
      "lang": "es",
      "value": "Delta Industrial Automation DOPSoft, de Delta Electronics, en versiones 4.00.04 y anteriores, realiza operaciones de lectura en un b\u00fafer de memoria en el que la posici\u00f3n puede ser determinada por una lectura de valor desde un archivo .dpa. Esto podr\u00eda provocar la restricci\u00f3n incorrecta de operaciones en los l\u00edmites del b\u00fafer de memoria, permitir la ejecuci\u00f3n remota de c\u00f3digo, alterar el flujo de control planeado, permitir la lectura de informaci\u00f3n sensible o hacer que la aplicaci\u00f3n se cierre inesperadamente."
    }
  ],
  "id": "CVE-2018-10623",
  "lastModified": "2024-11-21T03:41:41.207",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-06-18T19:29:00.293",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104375"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104375"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-01"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ICSA-18-151-01

Vulnerability from csaf_cisa - Published: 2018-05-31 00:00 - Updated: 2018-05-31 00:00

Summary

ICSA-18-151-01_Delta Industrial Automation DOPSoft

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Summary

B0nd @garagehackers working with Trend Micro 's Zero Day Initiative reported the vulnerabilities to NCCIC.

Exploitability

No known public exploits specifically target these vulnerabilities.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "B0nd @garagehackers"
        ],
        "organization": "Trend Micro \u0027s Zero Day Initiative",
        "summary": "reporting the vulnerabilities to NCCIC"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "summary",
        "text": "B0nd @garagehackers working with Trend Micro \u0027s Zero Day Initiative reported the vulnerabilities to NCCIC.",
        "title": "Summary"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target these vulnerabilities.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "CISAservicedesk@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-18-151-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2018/icsa-18-151-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-18-151-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-18-151-01"
      }
    ],
    "title": "ICSA-18-151-01_Delta Industrial Automation DOPSoft",
    "tracking": {
      "current_release_date": "2018-05-31T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA USCert CSAF Generator",
          "version": "1"
        }
      },
      "id": "ICSA-18-151-01",
      "initial_release_date": "2018-05-31T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2018-05-31T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-18-151-01 Delta Industrial Automation DOPSoft"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 4.00.04",
                "product": {
                  "name": "DOPSoft: Version 4.00.04 and prior",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "DOPSoft"
          }
        ],
        "category": "vendor",
        "name": "Delta Electronics"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-10623",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The application performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. This may cause improper restriction of operations within the bounds of the memory buffer, allow remote code execution, alter the intended control flow, allow reading of sensitive information, or cause the application to crash.CVE-2018-10623 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Delta Electronics recommends affected users update to the latest version found at:",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "http://www.deltaww.com/Products/PluginWebUserControl/downloadCenterCounter.aspx?DID=9063\u0026DocPath=1\u0026hl=en-US"
        },
        {
          "category": "mitigation",
          "details": "Delta Electronics also recommends affected users restrict the interaction with the application to trusted files.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2018-10623"
    }
  ]
}

GHSA-PC7R-9WG4-2R5F

Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-10623"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-06-18T19:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. This may cause improper restriction of operations within the bounds of the memory buffer, allow remote code execution, alter the intended control flow, allow reading of sensitive information, or cause the application to crash.",
  "id": "GHSA-pc7r-9wg4-2r5f",
  "modified": "2022-05-13T01:34:58Z",
  "published": "2022-05-13T01:34:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10623"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104375"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-10623 (GCVE-0-2018-10623)

CNVD-2018-12141

GSD-2018-10623

VAR-201806-0553

FKIE_CVE-2018-10623

ICSA-18-151-01

GHSA-PC7R-9WG4-2R5F

Tags

Sightings

Nomenclature