Your one-stop web resource providing safety and security information to manufacturers

Delta Electronics has a new version that mitigates a stack-based buffer overflow in its ISPSoft, according to a report with NCCIC.

Successful exploitation of this vulnerability, discovered by Ariele Caltabiano (kimiya) working with Trend Micro’s Zero Day Initiative, could allow an attacker to execute code under the context of the application.

RELATED STORIES
GE Fills Hole in Communicator
Delta Electronics Update for PMSoft
Fuji Fixing FRENIC Devices
Fuji Working on Alpha5 Smart Loader Fix

A PLC program development tool, ISPSoft Version 3.0.5 and prior suffer from the remotely exploitable vulnerability.

By opening a crafted file, an attack can cause the application to read past the boundary allocated to a stack object, which could allow execution of code under the context of the application.

Schneider Bold

CVE-2018-14800 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.3.

The product sees use mainly in the critical manufacturing sector. It also sees action on a global basis.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

Taiwan-based Delta Electronics recommends affected users update to ISPSoft v3.0.6 or newer. Click here to download the update.

Pin It on Pinterest

Share This