Access of Resource Using Incompatible Type ('Type Confusion')

CVE-2017-16745

High

7.8/10

Summary

A Type Confusion issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. An access of resource using incompatible type ('type confusion') vulnerability may allow an attacker to execute remote code when processing specially crafted .dpb files.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

References

Advisory Timeline

Published Mar 15, 2018

Access of Resource Using Incompatible Type ('Type Confusion')

CVE-2017-16745

Summary

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS