CVE-2018-5476 – Delta Industrial Automation DOPSoft DPA File SysKeyPwd Stack-based Buffer Overflow Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2018-5476

A Stack-based Buffer Overflow issue was discovered in Delta Electronics Delta Industrial Automation DOPSoft, Version 4.00.01 or prior. Stack-based buffer overflow vulnerabilities caused by processing specially crafted .dop or .dpb files may allow an attacker to remotely execute arbitrary code. Una vulnerabilidad de desbordamiento de búfer basado en pila se ha descubierto en Delta Electronics Delta Industrial Automation DOPSoft en sus versiones 4.00.01 y anteriores. Las vulnerabilidades de desbordamiento de búfer basado en pila provocadas por el procesamiento de archivos .dop y .dpb especialmente manipulados podrían permitir que un atacante ejecute código arbitrario remotamente. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. • http://www.securityfocus.com/bid/103195 https://ics-cert.us-cert.gov/advisories/ICSA-18-060-03 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •