Sign-up

ID

VAR-201704-1593


TITLE

Delta PLC software (Delta WPLSoft) handles memory corruption vulnerability in DVP format

Trust: 0.6

sources: CNVD: CNVD-2017-03787

DESCRIPTION

Delta PLC programming software (Delta WPLSoft) is a programming software. Delta PLC programming software (Delta WPLSoft) has a memory corruption vulnerability in processing DVP format files, allowing attackers to crash the program by constructing a malformed DVP format. If successfully exploited, it can cause arbitrary code execution

Trust: 0.9

sources: CNVD: CNVD-2017-03787 // IVD: a160e317-b65c-4079-adb3-8cdf8e1c623b // IVD: e300c4a0-39ab-11e9-aba3-000c29342cb1

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: a160e317-b65c-4079-adb3-8cdf8e1c623b // IVD: e300c4a0-39ab-11e9-aba3-000c29342cb1 // CNVD: CNVD-2017-03787

AFFECTED PRODUCTS

vendor:zhongda dentsumodel:delta plc programming softwarescope:eqversion:2.42.11

Trust: 1.0

sources: IVD: a160e317-b65c-4079-adb3-8cdf8e1c623b // IVD: e300c4a0-39ab-11e9-aba3-000c29342cb1 // CNVD: CNVD-2017-03787

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2017-03787
value: LOW

Trust: 0.6

IVD: a160e317-b65c-4079-adb3-8cdf8e1c623b
value: LOW

Trust: 0.2

IVD: e300c4a0-39ab-11e9-aba3-000c29342cb1
value: LOW

Trust: 0.2

CNVD: CNVD-2017-03787
severity: LOW
baseScore: 3.8
vectorString: AV:L/AC:H/AU:S/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 1.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: a160e317-b65c-4079-adb3-8cdf8e1c623b
severity: LOW
baseScore: 3.8
vectorString: AV:L/AC:H/AU:S/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 1.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: e300c4a0-39ab-11e9-aba3-000c29342cb1
severity: LOW
baseScore: 3.8
vectorString: AV:L/AC:H/AU:S/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 1.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: a160e317-b65c-4079-adb3-8cdf8e1c623b // IVD: e300c4a0-39ab-11e9-aba3-000c29342cb1 // CNVD: CNVD-2017-03787

TYPE

Resource management error

Trust: 0.4

sources: IVD: a160e317-b65c-4079-adb3-8cdf8e1c623b // IVD: e300c4a0-39ab-11e9-aba3-000c29342cb1

PATCH

title:Delta PLC software (Delta WPLSoft) handles memory corruption vulnerability in DVP formaturl:https://www.cnvd.org.cn/patchinfo/show/91305

Trust: 0.6

sources: CNVD: CNVD-2017-03787

EXTERNAL IDS

db:CNVDid:CNVD-2017-03787

Trust: 1.0

db:IVDid:A160E317-B65C-4079-ADB3-8CDF8E1C623B

Trust: 0.2

db:IVDid:E300C4A0-39AB-11E9-ABA3-000C29342CB1

Trust: 0.2

sources: IVD: a160e317-b65c-4079-adb3-8cdf8e1c623b // IVD: e300c4a0-39ab-11e9-aba3-000c29342cb1 // CNVD: CNVD-2017-03787

SOURCES

db:IVDid:a160e317-b65c-4079-adb3-8cdf8e1c623b
db:IVDid:e300c4a0-39ab-11e9-aba3-000c29342cb1
db:CNVDid:CNVD-2017-03787

LAST UPDATE DATE

2022-05-17T01:59:57.799000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-03787date:2018-11-06T00:00:00

SOURCES RELEASE DATE

db:IVDid:a160e317-b65c-4079-adb3-8cdf8e1c623bdate:2017-04-01T00:00:00
db:IVDid:e300c4a0-39ab-11e9-aba3-000c29342cb1date:2017-04-01T00:00:00
db:CNVDid:CNVD-2017-03787date:2017-05-15T00:00:00