CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-16199 – Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-16199
Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. Delta Industrial Automation CNCSoft ScreenEditor, versiones 1.01.23 y anteriores. Múltiples vulnerabilidades de desbordamiento del búfer en la región stack de la memoria pueden ser explotadas al procesar archivos de proyecto especialmente diseñados, que pueden permitir a un atacante leer y modificar información, ejecutar código arbitrario y/o bloquear la aplicación This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DPB files. • https://us-cert.cisa.gov/ics/advisories/icsa-20-217-01 https://www.zerodayinitiative.com/advisories/ZDI-20-939 https://www.zerodayinitiative.com/advisories/ZDI-20-940 https://www.zerodayinitiative.com/advisories/ZDI-20-943 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-16201 – Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-16201
Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. Multiple out-of-bounds read vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to read information. Delta Industrial Automation CNCSoft ScreenEditor, versiones 1.01.23 y anteriores. Múltiples vulnerabilidades de lectura fuera de límites pueden ser explotadas al procesar archivos de proyecto especialmente diseñados, que pueden permitir a un atacante leer información This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DPB files. • https://us-cert.cisa.gov/ics/advisories/icsa-20-217-01 https://www.zerodayinitiative.com/advisories/ZDI-20-941 https://www.zerodayinitiative.com/advisories/ZDI-20-942 https://www.zerodayinitiative.com/advisories/ZDI-20-944 https://www.zerodayinitiative.com/advisories/ZDI-20-945 https://www.zerodayinitiative.com/advisories/ZDI-20-946 https://www.zerodayinitiative.com/advisories/ZDI-20-947 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-16203 – Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Uninitialized Pointer Dereference Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-16203
Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. An uninitialized pointer may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. Delta Industrial Automation CNCSoft ScreenEditor, versiones 1.01.23 y anteriores. Un puntero no inicializado puede ser explotado al procesar un archivo de proyecto especialmente diseñado. • https://us-cert.cisa.gov/ics/advisories/icsa-20-217-01 https://www.zerodayinitiative.com/advisories/ZDI-20-948 • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2020-7002 – Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-7002
Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. Multiple stack-based buffer overflows can be exploited when a valid user opens a specially crafted, malicious input file. Delta Industrial Automation CNCSoft ScreenEditor, versiones v1.00.96 y anteriores. Múltiples desbordamientos de búfer en la región stack ??de la memoria pueden ser explotados cuando un usuario válido abre un archivo de entrada malicioso especialmente diseñado. • https://www.us-cert.gov/ics/advisories/icsa-20-077-01 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6976 – Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Giffile Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-6976
Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. An out-of-bounds read overflow can be exploited when a valid user opens a specially crafted, malicious input file due to the lack of validation. Delta Industrial Automation CNCSoft ScreenEditor, versiones v1.00.96 y anteriores. Un desbordamiento de lectura fuera de límites puede ser explotado cuando un usuario válido abre un archivo de entrada malicioso especialmente diseñado debido a la falta de comprobación. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. • https://www.us-cert.gov/ics/advisories/icsa-20-077-01 • CWE-125: Out-of-bounds Read •