CVE-2018-10623

{"id": "CVE-2018-10623", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2018-06-18T19:29:00.293", "references": [{"url": "http://www.securityfocus.com/bid/104375", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. This may cause improper restriction of operations within the bounds of the memory buffer, allow remote code execution, alter the intended control flow, allow reading of sensitive information, or cause the application to crash."}, {"lang": "es", "value": "Delta Industrial Automation DOPSoft, de Delta Electronics, en versiones 4.00.04 y anteriores, realiza operaciones de lectura en un b\u00fafer de memoria en el que la posici\u00f3n puede ser determinada por una lectura de valor desde un archivo .dpa. Esto podr\u00eda provocar la restricci\u00f3n incorrecta de operaciones en los l\u00edmites del b\u00fafer de memoria, permitir la ejecuci\u00f3n remota de c\u00f3digo, alterar el flujo de control planeado, permitir la lectura de informaci\u00f3n sensible o hacer que la aplicaci\u00f3n se cierre inesperadamente."}], "lastModified": "2019-10-09T23:32:56.633", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:deltaww:delta_industrial_automation_dopsoft:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA105864-87DC-4A4A-90CF-A55CE057DE5F", "versionEndIncluding": "4.00.04"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}