CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-14824 – Delta Industrial Automation PMSoft rtl60 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-14824
Delta Electronics Delta Industrial Automation PMSoft v2.11 or prior has an out-of-bounds read vulnerability that can be executed when processing project files, which may allow an attacker to read confidential information. Delta Industrial Automation PMSoft v2.11 o anteriores, de Delta Electronics, tiene una vulnerabilidad de lectura fuera de límites que puede ejecutarse al procesar archivos de proyecto. Esto podría permitir que un atacante lea información confidencial. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Delta Industrial Automation PMSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PPM files. • http://www.deltaww.com/services/DownloadCenter2.aspx?secID=8&pid=2&tid=0&CID=06&itemID=060301&typeID=1&downloadID=%2C&title=--%20Select%20Product%20Series%20--&dataType=8%3B&check=1&hl=en-US http://www.securityfocus.com/bid/105409 https://ics-cert.us-cert.gov/advisories/ICSA-18-270-04 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8839
https://notcve.org/view.php?id=CVE-2018-8839
Delta PMSoft versions 2.10 and prior have multiple stack-based buffer overflow vulnerabilities where a .ppm file can introduce a value larger than is readable by PMSoft's fixed-length stack buffer. This can cause the buffer to be overwritten, which may allow arbitrary code execution or cause the application to crash. CVSS v3 base score: 7.1; CVSS vector string: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H. Delta Electronics recommends affected users update to at least PMSoft v2.11, which was made available as of March 22, 2018, or the latest available version. Delta PMSoft, en versiones 2.10 y anteriores, tiene múltiples vulnerabilidades de desbordamiento de búfer basado en pila en las que un archivo .ppm puede introducir un valor más grande del que el búfer de pila de tamaño fijo de PMSoft puede leer. • http://www.securityfocus.com/bid/104013 https://ics-cert.us-cert.gov/advisories/ICSA-18-116-01 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •