Delta Electronics has an update available to mitigate an out-of-bound read for its Delta Industrial Automation PMSoft, according to a report with NCCIC.
Successful exploitation of this remotely exploitable vulnerability could allow an attacker to read confidential information.
A software development tool for motion controllers, Delta Industrial Automation PMSoft v2.11 or prior suffer from the vulnerability, discovered by Mat Powell of Trend Micro’s Zero Day Initiative.
An out-of-bounds read vulnerability can be executed when processing project files, which may allow an attacker to read confidential information.
CVE-2018-14824 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 4.3.
The product sees use mainly in the critical manufacturing sector and it sees action on a global basis.
No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.
Taiwan-based Delta Electronics recommends affected users update to at least PMSoft v2.12, which was made available as of September 18, or the latest available version. Click here to download the update.