Your one-stop web resource providing safety and security information to manufacturers

Delta Electronics has an updated version available to mitigate stack-based buffer overflow, heap-based buffer overflow, and an out-of-bounds write vulnerabilitis in its TPEditor, according to a report with CISA.

Successful exploitation of these vulnerabilities may allow information disclosure, remote code execution, or may crash the application.

A programming software for Delta text panels, versions 1.94 and prior suffer from the issues, discovered by kimiya of 9sg Security Team working with Trend Micro’s Zero Day Initiative (ZDI).

Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to remotely execute arbitrary code.

Cyber Security

CVE-2019-13540 is the case number assigned to these vulnerabilities, which has a CVSS v3 base score of 7.8.

In addition, there are multiple heap-based buffer overflow vulnerabilities that be exploited by processing specially crafted project files, which may allow an attacker to remotely execute arbitrary code.

CVE-2019-13536 is the case number assigned to these vulnerabilities, which has a CVSS v3 base score of 7.8.

Also, there are multiple out-of-bounds write vulnerabilities that may be exploited by processing specially crafted project files, which may allow remote code execution.

CVE-2019-13544 is the case number assigned to these vulnerabilities, which has a CVSS v3 base score of 7.8.

The product sees use mainly in the critical manufacturing sector. It also sees action on a global basis.

No known public exploits specifically target these vulnerabilities. These vulnerabilities are not exploitable remotely. However, an attacker with low skill level could leverage the issues.

Taiwan-based Delta Electronics recommends affected users update to the latest version of Delta Industrial Automation TPEditor, Version 1.95.

Delta Electronics also recommends affected users restrict the interaction with the application to trusted files.

Pin It on Pinterest

Share This