CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27293 – Delta Industrial Automation CNCSoft-B DOPSoft DPA File Parsing Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-27293
Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a type confusion issue while processing project files, which may allow an attacker to execute arbitrary code. Delta Electronics CNCSoft-B versiones 1.0.0.2 y anteriores, presenta un problema de confusión de tipos al procesar archivos de proyecto, lo que puede permitir a un atacante ejecutar código arbitrario This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DPA files by the DOPSoft program. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://us-cert.cisa.gov/ics/advisories/icsa-21-007-04 https://www.zerodayinitiative.com/advisories/ZDI-21-045 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27289 – Delta Industrial Automation CNCSoft-B DOPSoft DPA File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-27289
Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a null pointer dereference issue while processing project files, which may allow an attacker to execute arbitrary code. Delta Electronics CNCSoft-B versiones 1.0.0.2 y anteriores, presenta un problema de desreferencia de puntero null mientras procesa archivos de proyecto, lo que puede permitir a un atacante ejecutar código arbitrario This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DPA files in the DOPSoft application. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://us-cert.cisa.gov/ics/advisories/icsa-21-007-04 https://www.zerodayinitiative.com/advisories/ZDI-21-040 • CWE-476: NULL Pointer Dereference CWE-822: Untrusted Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27291 – Delta Industrial Automation CNCSoft-B DOPSoft XLS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-27291
Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior is vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code. Delta Electronics CNCSoft-B versiones 1.0.0.2 y anteriores, es vulnerable a una lectura fuera de límites mientras procesa archivos de proyecto, lo que puede permitir a un atacante ejecutar código arbitrario This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XLS files in the DOPSoft application. The issue results from the lack of proper validation of user-supplied data, which can result in a read before the start of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://us-cert.cisa.gov/ics/advisories/icsa-21-007-04 https://www.zerodayinitiative.com/advisories/ZDI-21-042 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27287 – Delta Industrial Automation CNCSoft-B DOPSoft XLS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-27287
Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code. Delta Electronics CNCSoft-B versiones 1.0.0.2 y anteriores es vulnerable a una escritura fuera de límites mientras procesa archivos de proyecto, lo que puede permitir a un atacante ejecutar código arbitrario This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XLS files in the DOPSoft application. The issue results from the lack of proper validation of user-supplied data, which can result in a write after the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://us-cert.cisa.gov/ics/advisories/icsa-21-007-04 https://www.zerodayinitiative.com/advisories/ZDI-21-030 https://www.zerodayinitiative.com/advisories/ZDI-21-031 https://www.zerodayinitiative.com/advisories/ZDI-21-041 https://www.zerodayinitiative.com/advisories/ZDI-21-043 https://www.zerodayinitiative.com/advisories/ZDI-21-044 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27275 – Delta Industrial Automation DOPSoft XLS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-27275
Delta Electronics DOPSoft Version 4.0.8.21 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code. Delta Electronics DOPSoft versiones 4.0.8.21 y anteriores, es vulnerable a una escritura fuera de límites mientras procesa archivos de proyecto, lo que puede permitir a un atacante ejecutar código arbitrario This vulnerability allows remote atackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XLS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write before the start of a data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://us-cert.cisa.gov/ics/advisories/icsa-21-005-05 https://www.zerodayinitiative.com/advisories/ZDI-21-028 https://www.zerodayinitiative.com/advisories/ZDI-21-029 https://www.zerodayinitiative.com/advisories/ZDI-21-032 https://www.zerodayinitiative.com/advisories/ZDI-21-034 https://www.zerodayinitiative.com/advisories/ZDI-21-035 https://www.zerodayinitiative.com/advisories/ZDI-21-036 https://www.zerodayinitiative.com/advisories/ZDI-21-037 https://www.zerodayinitiative.com/advisories/ZDI-21& • CWE-787: Out-of-bounds Write •