Delta Electronics PMSoft Mitigation

Thursday, April 26, 2018 @ 03:04 PM gHale

Delta Electronics has a plan to mitigate multiple stack-based buffer overflow vulnerabilities in its PMSoft product, according to a report from ICS-CERT.

Successful exploitation of these vulnerabilities, discovered by Ghirmay Desta, working with Trend Micro’s Zero Day Initiative, could cause the application to crash; stack-based buffer overflow conditions may allow arbitrary code execution.

BD Patches Pyxis
Vecna Clears VGo Robot Holes
Intel Updates 2G Modem Firmware
Advantech Working to Fix HMI Holes

A software development tool for motion controllers, PMSoft v 2.10 or prior suffer from the vulnerabilities.

The application has multiple stack-based buffer overflow vulnerabilities where a .ppm file can introduce a value larger than is readable by PMSoft’s fixed-length stack buffer. This can cause the buffer to be overwritten, which may allow arbitrary code execution or cause the application to crash.

CVE-2018-8839 is the case number assigned to these vulnerabilities, which have a CVSS v3 base score of 7.1.

The product sees action mainly in the critical manufacturing sector. It also sees use on a global basis.

No known public exploits specifically target these vulnerabilities. These vulnerabilities are not exploitable remotely.

Taiwan-based Delta Electronics recommends affected users update to at least PMSoft v2.11, which was made available as of March 22 or the latest available version. Click here to download this update.

Leave a Reply

You must be logged in to post a comment.