Your one-stop web resource providing safety and security information to manufacturers

Teledyne DALSA has updated software to mitigate a stack-based buffer overflow in its Sherlock product, according to a report with NCCIC.

Successful exploitation of this vulnerability, discovered by Robert Hawes, could crash the device being accessed; a buffer overflow condition may allow remote code execution.

Siemens Fixes SIMATIC Panels
SIMATIC IT Production Suite Hole Fixed
SIMATIC STEP 7 TIA Portal Hole Filled
Siemens Clears SIMATIC S7 Vulnerability

A machine vision software interface, Sherlock Version and prior suffer from the vulnerability.

A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution.

Cyber Security

CVE-2018-17930 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.3.

The product sees use mainly in the critical manufacturing sector and it sees action on a global basis.

No known public exploits specifically target this vulnerability. This vulnerability is not exploitable remotely. However, an attacker with low skill level could leverage the vulnerability.

Canada-based Teledyne DALSA recommends users upgrade to Sherlock Version or later. Click here to obtain the latest update.

Pin It on Pinterest

Share This