Teledyne DALSA Updates Sherlock Issue

Tuesday, November 20, 2018 @ 05:11 PM gHale

Teledyne DALSA has updated software to mitigate a stack-based buffer overflow in its Sherlock product, according to a report with NCCIC.

Successful exploitation of this vulnerability, discovered by Robert Hawes, could crash the device being accessed; a buffer overflow condition may allow remote code execution.

Siemens Fixes SIMATIC Panels
SIMATIC IT Production Suite Hole Fixed
SIMATIC STEP 7 TIA Portal Hole Filled
Siemens Clears SIMATIC S7 Vulnerability

A machine vision software interface, Sherlock Version and prior suffer from the vulnerability.

A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution.

CVE-2018-17930 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.3.

The product sees use mainly in the critical manufacturing sector and it sees action on a global basis.

No known public exploits specifically target this vulnerability. This vulnerability is not exploitable remotely. However, an attacker with low skill level could leverage the vulnerability.

Canada-based Teledyne DALSA recommends users upgrade to Sherlock Version or later. Click here to obtain the latest update.

Leave a Reply

You must be logged in to post a comment.