CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33003
https://notcve.org/view.php?id=CVE-2021-33003
Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm. Delta Electronics DIAEnergie Versión 1.7.5 y anteriores, pueden permitir a un atacante recuperar contraseñas en texto sin cifrar debido a un algoritmo de hashing débil. • https://us-cert.cisa.gov/ics/advisories/icsa-21-238-03 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33019 – Delta Industrial Automation DOPSoft TBK File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-33019
A stack-based buffer overflow vulnerability in Delta Electronics DOPSoft Version 4.00.11 and prior may be exploited by processing a specially crafted project file, which may allow an attacker to execute arbitrary code. Una vulnerabilidad de desbordamiento de búfer en la región stack de la memoria en Delta Electronics DOPSoft Versiones 4.00.11 y anteriores, puede ser explotada al procesar un archivo de proyecto especialmente diseñado, lo que puede permitir a un atacante ejecutar código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TBK files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. • https://us-cert.cisa.gov/ics/advisories/icsa-21-238-04 https://www.zerodayinitiative.com/advisories/ZDI-21-1059 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33007 – Delta Industrial Automation TPEditor TPE File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-33007
A heap-based buffer overflow in Delta Electronics TPEditor: v1.98.06 and prior may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code. Un desbordamiento del búfer en la región heap de la memoria en Delta Electronics TPEditor: versiones v1.98.06 y anteriores, puede ser explotado al procesar un archivo de proyecto especialmente diseñado. Una explotación con éxito de esta vulnerabilidad puede permitir a un atacante ejecutar código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation TPEditor. • https://us-cert.cisa.gov/ics/advisories/icsa-21-236-03 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2021-38402 – Delta Electronics DOPSoft 2 Stack-Based Buffer Overflow
https://notcve.org/view.php?id=CVE-2021-38402
Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could lead to a stack-based buffer overflow while trying to copy to a buffer during font string handling. An attacker could leverage this vulnerability to execute code in the context of the current process. Delta Electronic DOPSoft 2 (versiones 2.00.07 y anteriores), no comprueba apropiadamente los datos suministrados por el usuario cuando analiza archivos de proyecto específicos. Esto podría conllevar a un desbordamiento del búfer en la región stack de la memoria mientras se intenta copiar en un búfer durante el manejo de la cadena de fuentes. • https://us-cert.cisa.gov/ics/advisories/icsa-21-252-02 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2021-38404 – Delta Electronics DOPSoft 2 Heap-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2021-38404
Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. Delta Electronic DOPSoft 2 (versiones 2.00.07 y anteriores) no comprueba apropiadamente los datos proporcionados por el usuario cuando analiza archivos de proyecto específicos. Esto podría resultar en un desbordamiento del búfer en la región heap de la memoria. • https://us-cert.cisa.gov/ics/advisories/icsa-21-252-02 • CWE-122: Heap-based Buffer Overflow •