关键信息 Alert Code: ICSA-18-004-01 Vendor: Delta Electronics, Incorporated (Delta Electronics) Equipment: Delta Industrial Automation Screen Editor Vulnerabilities: - Stack-Based Buffer Overflow (CWE-121) - Use-after-Free (CWE-416) - Out-of-bounds Write (CWE-787) - Type Confusion (CWE-843) CVSS v3 Score: 5.5 Attention: Low skill level to exploit Affected Products: Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior Impact: Successful exploitation may allow an attacker to remotely execute arbitrary code Mitigation: Update to the latest version of DOPSoft Version 2 Vulnerability Overview Stack-Based Buffer Overflow (CWE-121): - CVE: CVE-2017-16751 - CVSS v3 Base Score: 5.5 - CVSS Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Use-after-Free (CWE-416): - CVE: CVE-2017-16749 - CVSS v3 Base Score: 5.5 - CVSS Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Out-of-bounds Write (CWE-787): - CVE: CVE-2017-16747 - CVSS v3 Base Score: 5.5 - CVSS Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Access of Resource Using Incompatible Type ('type confusion') (CWE-843): - CVE: CVE-2017-16745 - CVSS v3 Base Score: 5.5 - CVSS Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Researcher Steven Seeley of Source Incite reported these vulnerabilities to ICS-CERT