9.8

CVE-2018-10623

EPSS 2.7%
Veröffentlicht 18.06.2018 19:29:00
Zuletzt bearbeitet 21.11.2024 03:41:41
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. This may cause improper restriction of operations within the bounds of the memory buffer, allow remote code execution, alter the intended control flow, allow reading of sensitive information, or cause the application to crash.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Deltaww ≫ Delta Industrial Automation Dopsoft Version <= 4.00.04

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.7%	0.855

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

http://www.securityfocus.com/bid/104375

Third Party Advisory

VDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-18-151-01

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2018-10623

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-10623

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-10623

EUVD