Critical vulnerabilities fixed in Delta Industrial Automation DOPSoft

Critical vulnerabilities fixed in Delta Industrial Automation DOPSoft

By default, there is no picture in this Topic


Both problems were fixed in DOPSoft version 4.00.06.47.

A vulnerability was discovered in Delta Industrial Automation DOPSoft from a Taiwanese company, Delta Electronics, which could lead to information leakage, remote code execution, and application crash.

Delta Industrial Automation DOPSoft is a human-machine interface editing software. The product is used in critical infrastructure manufacturing plants around the world.

The first vulnerability is multiple vulnerabilities combined under one CVE identifier (CVE-2019-13513) and allowing data to be read outside the allocated memory area. Vulnerabilities arise when a program processes a specially configured project file. According to the CVSS v3 vulnerability assessment system, she received 7.8 points out of a maximum of 10.

The second vulnerability is a memory free vulnerability (CVE-2019-13514) after use. As in the first case, it arises when the program processes a specially configured project file. According to the CVSS v3 vulnerability assessment system, she received 7.8 points out of a maximum of 10.

Both problems were fixed in DOPSoft version 4.00.06.47. No information was received about their exploitation in real attacks.


Securitylab.ru
Source link




TAGS
Share This

COMMENTS

Wordpress (0)
Disqus (0 )