Page 3 of 22 results (0.008 seconds)

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

Delta Electronics' CNCSoft-B version 1.0.0.4 and DOPSoft versions 4.0.0.82 and prior are vulnerable to stack-based buffer overflow, which could allow an attacker to execute arbitrary code. CNCSoft-B versión 1.0.0.4 de Delta Electronics y DOPSoft versiones 4.0.0.82 y anteriores son vulnerables al desbordamiento del búfer de memoria, lo que podría permitir a un atacante ejecutar código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DPA files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-157-01 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to an out-of-bounds write, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DPA files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/uscert/ics/advisories/icsa-23-031-01 • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DPA files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/uscert/ics/advisories/icsa-23-031-01 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

A stack-based buffer overflow vulnerability in Delta Electronics DOPSoft Version 4.00.11 and prior may be exploited by processing a specially crafted project file, which may allow an attacker to execute arbitrary code. Una vulnerabilidad de desbordamiento de búfer en la región stack de la memoria en Delta Electronics DOPSoft Versiones 4.00.11 y anteriores, puede ser explotada al procesar un archivo de proyecto especialmente diseñado, lo que puede permitir a un atacante ejecutar código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TBK files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. • https://us-cert.cisa.gov/ics/advisories/icsa-21-238-04 https://www.zerodayinitiative.com/advisories/ZDI-21-1059 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 86%CPEs: 1EXPL: 0

Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in multiple out-of-bounds write instances. An attacker could leverage this vulnerability to execute code in the context of the current process. Delta Electronic DOPSoft 2 (versiones 2.00.07 y anteriores) no comprueban apropiadamente los datos suministrados por el usuario cuando analiza archivos de proyecto específicos. Esto podría resultar en múltiples instancias de escritura fuera de límites. • https://us-cert.cisa.gov/ics/advisories/icsa-21-252-02 • CWE-787: Out-of-bounds Write •