July 28, 2020

CISA has updated this advisory with additional information on mitigation measures. Read the advisory at CISA.

July 1, 2020

CISA has published an advisory on out-of-bounds read and heap-based buffer overflow vulnerabilities in Delta Industrial Automation DOPSoft. Versions 4.00.08.15 and prior are affected. Successful exploitation of these vulnerabilities could allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. Delta Electronics is currently planning to release Version 4.00.08.17 (or later) that corrects these vulnerabilities in July 2020. Delta Electronics recommends affected users restrict the interaction with the application to trusted files until the update is available for release. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.