CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13544 – Delta Industrial Automation TPEditor TPE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-13544
Delta Electronics TPEditor, Versions 1.94 and prior. Multiple out-of-bounds write vulnerabilities may be exploited by processing specially crafted project files, which may allow remote code execution. Delta Electronics TPEditor, Versiones 1.94 y anteriores. Pueden ser explotadas múltiples vulnerabilidades de escritura fuera de límites mediante el procesamiento de archivos de proyecto especialmente diseñados, que pueden permitir una ejecución de código remota. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation TPEditor. • https://www.us-cert.gov/ics/advisories/icsa-19-253-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17929 – Delta Industrial Automation TPEditor MRC File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-17929
In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and prior, multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files lacking user input validation before copying data from project files onto the stack and may allow an attacker to remotely execute arbitrary code. En TPEditor, de Delta Industrial Automation TPEditor, en versiones 1.90 y anteriores, podrían explotarse vulnerabilidades de desbordamiento de búfer basado en pila procesando archivos de proyecto especialmente manipulados que carecen de validación de entradas por parte del usuario antes de copiar los datos de los archivos de proyecto en la pila, lo que podría permitir que un atacante ejecute código arbitrario de forma remota. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation TPEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of MRC files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. • http://www.securityfocus.com/bid/105682 https://ics-cert.us-cert.gov/advisories/ICSA-18-284-03 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17927 – Delta Industrial Automation TPEditor TPE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-17927
In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and prior, multiple out-of-bounds write vulnerabilities may be exploited by processing specially crafted project files lacking user input validation, which may cause the system to write outside the intended buffer area and may allow remote code execution. En TPEditor, de Delta Industrial Automation TPEditor, en versiones 1.90 y anteriores, podrían explotarse múltiples vulnerabilidades de escritura fuera de límites procesando archivos de proyecto especialmente manipulados que carecen de validación de entradas por parte del usuario, lo que podría provocar que el sistema escriba fuera del área del búfer planeado y podría permitir la ejecución remota de código. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation TPEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TPE files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. • http://www.securityfocus.com/bid/105682 https://ics-cert.us-cert.gov/advisories/ICSA-18-284-03 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2018-8871
https://notcve.org/view.php?id=CVE-2018-8871
In Delta Electronics Automation TPEditor version 1.89 or prior, parsing a malformed program file may cause heap-based buffer overflow vulnerability, which may allow remote code execution. En Delta Electronics Automation TPEditor, en versiones 1.89 o anteriores, el análisis de un archivo de programa mal formado puede provocar una vulnerabilidad de desbordamiento de búfer basado en memoria dinámica (heap), lo que permite la ejecución remota de código. • http://www.securityfocus.com/bid/104216 https://ics-cert.us-cert.gov/advisories/ICSA-18-137-04 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •