CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32969 – Delta Electronics DIAScreen - Type Confusion, Out-of-bounds Write
https://notcve.org/view.php?id=CVE-2021-32969
Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to an out-of-bounds write condition, which may result in a system crash or allow an attacker to remotely execute arbitrary code. Delta Electronics DIAScreen versiones anteriores a 1.1.0, son vulnerables a una condición de escritura fuera de límites, lo que puede resultar en un bloqueo del sistema o permitir a un atacante una ejecución de código remota arbitrario This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XLS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write before the start of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/uscert/ics/advisories/icsa-21-208-05 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32965 – Delta Electronics DIAScreen - Type Confusion, Out-of-bounds Write
https://notcve.org/view.php?id=CVE-2021-32965
Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to type confusion, which may allow an attacker to remotely execute arbitrary code. Delta Electronics DIAScreen versiones anteriores a 1.1.0, son vulnerables a la confusión de tipos, lo que puede permitir a un atacante ejecutar remotamente código arbitrario This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XLS files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/uscert/ics/advisories/icsa-21-208-05 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43982 – Delta Electronics CNCSoft
https://notcve.org/view.php?id=CVE-2021-43982
Delta Electronics CNCSoft Versions 1.01.30 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. Delta Electronics CNCSoft versiones 1.01.30 y anteriores, son vulnerables a un desbordamiento del búfer en la región stack de la memoria, que puede permitir a un atacante ejecutar código arbitrario This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DPB files in the ScreenEditor module. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/uscert/ics/advisories/icsa-21-334-03 • CWE-121: Stack-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38488 – Delta Electronics DIALink
https://notcve.org/view.php?id=CVE-2021-38488
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter comment of the API events, which may allow an attacker to remotely execute code. Delta Electronics DIALink versiones 1.2.4.0 y anteriores, es vulnerable a un ataque de tipo cross-site scripting porque un atacante autenticado puede inyectar código JavaScript arbitrario en el comentario del parámetro de los eventos API, que puede permitir a un atacante ejecutar código de forma remota • https://us-cert.cisa.gov/ics/advisories/icsa-21-294-02 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38416 – Delta Electronics DIALink
https://notcve.org/view.php?id=CVE-2021-38416
Delta Electronics DIALink versions 1.2.4.0 and prior insecurely loads libraries, which may allow an attacker to use DLL hijacking and takeover the system where the software is installed. Delta Electronics DIALink versiones 1.2.4.0 y anteriores, cargan bibliotecas de forma no segura, lo que puede permitir a un atacante usar un secuestro de DLL y tomar el control del sistema donde está instalado el software • https://us-cert.cisa.gov/ics/advisories/icsa-21-294-02 • CWE-427: Uncontrolled Search Path Element •