Delta Electronics Clears DOPSoft Hole

Thursday, March 1, 2018 @ 03:03 PM gHale

Delta Electronics has new software to mitigate a stack-based buffer overflow in its Delta Industrial Automation DOPSoft, according to a report with ICS-CERT.

A human machine interface (HMI), Delta Industrial Automation DOPSoft, Version 4.00.01 or prior suffer from the remotely exploitable vulnerability, discovered by Ghirmay Desta working with Trend Micro’s Zero Day Initiative (ZDI).

RELATED STORIES
Moxa Fixes OnCell G3100-HSPA Series
Siemens Fixing SIMATIC, SIMOTION, SINUMERIK
Philips Fixing ISP Vulnerabilities
Medtronic 2090 Carelink Programmer Vulnerabilities

Successful exploitation of this vulnerability could cause the device the attacker is accessing to crash; a buffer overflow condition may allow remote code execution.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

Stack-based buffer overflow vulnerabilities caused by processing specially crafted .dop or .dpb files may allow an attacker to remotely execute arbitrary code.

CVE-2018-5476 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.3.

The product sees use mainly in the commercial facilities, communications, critical manufacturing, energy, and healthcare and public health sectors. It also sees action on a global basis.

Taiwan-based Delta Electronics recommends affected users update to the latest version of DOPSoft Version 4.00.04.

Delta Electronics also recommends users restrict the interaction with the application to trusted files.



Leave a Reply

You must be logged in to post a comment.