Teledyne DALSA has updated software to mitigate a stack-based buffer overflow in its Sherlock product, according to a report with NCCIC.
Successful exploitation of this vulnerability, discovered by Robert Hawes, could crash the device being accessed; a buffer overflow condition may allow remote code execution.
A machine vision software interface, Sherlock Version 184.108.40.206 and prior suffer from the vulnerability.
A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution.
CVE-2018-17930 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.3.
The product sees use mainly in the critical manufacturing sector and it sees action on a global basis.
No known public exploits specifically target this vulnerability. This vulnerability is not exploitable remotely. However, an attacker with low skill level could leverage the vulnerability.
Canada-based Teledyne DALSA recommends users upgrade to Sherlock Version 220.127.116.11 or later. Click here to obtain the latest update.