CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43815 – Delta Electronics Delta Industrial Automation DOPSoft DPS File wScreenDESCTextLen Buffer Overflow Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-43815
A buffer overflow vulnerability exists in Delta Electronics Delta Industrial Automation DOPSoft version 2 when parsing the wScreenDESCTextLen field of a DPS file. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve code execution. Existe una vulnerabilidad de desbordamiento del búfer en Delta Electronics Delta Industrial Automation DOPSoft versión 2 al analizar el campo wScreenDESCTextLen de un archivo DPS. Un atacante anónimo puede aprovechar esta vulnerabilidad incitando a un usuario a abrir un archivo DPS especialmente manipulado para lograr la ejecución del código. • https://blog.exodusintel.com/2024/01/18/delta-electronics-delta-industrial-automation-dopsoft-dps-file-wscreendesctextlen-buffer-overflow-remote-code-execution • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5131 – Delta Electronics ISPSoft Heap Buffer-Overflow
https://notcve.org/view.php?id=CVE-2023-5131
A heap buffer-overflow exists in Delta Electronics ISPSoft. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DVP file to achieve code execution. Existe un desbordamiento de búfer de almacenamiento dinámico en Delta Electronics ISPSoft. Un atacante anónimo puede aprovechar esta vulnerabilidad incitando a un usuario a abrir un archivo DVP especialmente manipulado para lograr la ejecución del código. • https://blog.exodusintel.com/2024/01/18/delta-electronics-ispsoft-heap-buffer-overflow • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5130 – Delta Electronics WPLSoft Buffer-Overflow
https://notcve.org/view.php?id=CVE-2023-5130
A buffer overflow vulnerability exists in Delta Electronics WPLSoft. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DVP file to achieve code execution. Existe una vulnerabilidad de desbordamiento de búfer en Delta Electronics WPLSoft. Un atacante anónimo puede aprovechar esta vulnerabilidad incitando a un usuario a abrir un archivo DVP especialmente manipulado para lograr la ejecución del código. • https://blog.exodusintel.com/2024/01/18/delta-electronics-wplsoft-buffer-overflow • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5944 – Delta Electronics DOPSoft Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2023-5944
Delta Electronics DOPSoft is vulnerable to a stack-based buffer overflow, which may allow for arbitrary code execution if an attacker can lead a legitimate user to execute a specially crafted file. Delta Electronics DOPSoft es vulnerable a un desbordamiento del búfer basado en pila, lo que puede permitir la ejecución de código arbitrario si un atacante puede llevar a un usuario legítimo a ejecutar un archivo especialmente manipulado. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DPA files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. • https://diastudio.deltaww.com/home/downloads?sec=download#catalog https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-01 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47207 – Delta Electronics InfraSuite Device Master Deserialization of Untrusted Data
https://notcve.org/view.php?id=CVE-2023-47207
In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute code with local administrator privileges. En Delta Electronics InfraSuite Device Master v.1.0.7, existe una vulnerabilidad que permite a un atacante no autenticado ejecutar código con privilegios de administrador local. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Device-DataCollect service, which listens on TCP port 3000 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-331-01 • CWE-502: Deserialization of Untrusted Data •