CVE-2020-10597

Опубликовано: 20 мар. 2020

Источник: nvd

CVSS3: 7.1

CVSS2: 5.8

EPSS Низкий

Описание

Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Multiple out-of-bounds read vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to read information and/or crash the application.

Ссылки

https://www.us-cert.gov/ics/advisories/icsa-20-182-01
Third Party Advisory
US Government Resource
https://www.us-cert.gov/ics/advisories/icsa-20-182-01
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:deltaww:delta_industrial_automation_dopsoft:*:*:*:*:*:*:*:*

Версия до 4.00.08.15 (включая)

EPSS

Процентиль: 37%

0.00156

Низкий

7.1 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

GHSA-xjhq-mcqp-qfx3

github

больше 3 лет назад

The affected insulin pump is designed to communicate using a wireless RF with an Insulet manufactured Personal Diabetes Manager device. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with access to one of the affected insulin pump models may be able to modify and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery.