CVSS: 7.8EPSS: 88%CPEs: 1EXPL: 0CVE-2021-38406 – Delta Electronics DOPSoft 2 Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2021-38406
Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in multiple out-of-bounds write instances. An attacker could leverage this vulnerability to execute code in the context of the current process. Delta Electronic DOPSoft 2 (versiones 2.00.07 y anteriores) no comprueban apropiadamente los datos suministrados por el usuario cuando analiza archivos de proyecto específicos. Esto podría resultar en múltiples instancias de escritura fuera de límites. • https://us-cert.cisa.gov/ics/advisories/icsa-21-252-02 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27412
https://notcve.org/view.php?id=CVE-2021-27412
Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code. Delta Electronics DOPSoft versiones 4.0.10.17 y anteriores son vulnerables a una lectura fuera de límites, lo que puede permitir a un atacante ejecutar código arbitrario • https://us-cert.cisa.gov/ics/advisories/icsa-21-182-03 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27455
https://notcve.org/view.php?id=CVE-2021-27455
Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to disclose information. Delta Electronics DOPSoft versiones 4.0.10.17 y anteriores son vulnerables a una lectura fuera de límites al procesar archivos de proyectos, lo que podría permitir a un atacante revelar información • https://us-cert.cisa.gov/ics/advisories/icsa-21-182-03 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22672 – Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22672
Delta Electronics' CNCSoft ScreenEditor in versions prior to v1.01.30 could allow the corruption of data, a denial-of-service condition, or code execution. The vulnerability may allow an attacker to remotely execute arbitrary code. CNCSoft ScreenEditor de Delta Electronics en versiones anteriores a v1.01.30, podría permitir la corrupción de datos, una condición de denegación de servicio o la ejecución de código. La vulnerabilidad puede permitir a un atacante ejecutar remotamente código arbitrario This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DPB files. • https://us-cert.cisa.gov/ics/advisories/icsa-21-124-02 https://www.zerodayinitiative.com/advisories/ZDI-21-524 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27480
https://notcve.org/view.php?id=CVE-2021-27480
Delta Industrial Automation COMMGR Versions 1.12 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute remote code. Delta Industrial Automation COMMGR versiones 1.12 y anteriores, son vulnerables a un desbordamiento de búfer en la región stack de la memoria, lo que puede permitir a un atacante ejecutar código remoto • https://us-cert.cisa.gov/ics/advisories/icsa-21-110-03 • CWE-121: Stack-based Buffer Overflow •