| Title | DELTA WPLSoft software heap overflow vulnerability |
|---|
| Description | Use man-in-the-middle attack methods to hijack the data flow between WPLSoft software and PLC equipment.
Distort the data packets replied by the PLC device and send them to the WPLSoft software.
This causes a heap overflow vulnerability in the WPLSoft software and causes the software to crash.
1. Use a man-in-the-middle hijacking script to hijack and forward data flows.
2. Set the WPLSoft software to specify the proxy IP.
3. When the software is normally operated to upload the PLC device program, and then it is found that the length of the modbus data packet is inconsistent with the length field, it will cause the software to crash.
4. Locate the recv position, track the data flow in the memory, and find that the source code memcpy modbus data to the heap, and the length is the length field in modbus.
5. Further debugging revealed that the cause of the WPLSoft software crash was that when the value of the length field was large enough, the memcpy process would copy the data in the memory to the .rdata read-only data segment, causing the program to abnormally crash and exit. |
|---|
| Source | ⚠️ https://drive.google.com/drive/folders/1oYxs_KxK4Ftd7OsexGk6upkxhJ3-m8M3?usp=drive_link |
|---|
| User | Anonymous User |
|---|
| Submission | 09/21/2023 14:13 (3 years ago) |
|---|
| Moderation | 10/09/2023 15:46 (18 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 241583 [Delta Electronics WPLSoft up to 2.51 Modbus Data Packet heap-based overflow] |
|---|
| Points | 20 |
|---|