CVE-2020-27277 – Delta Industrial Automation DOPSoft XLS File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-27277
Delta Electronics DOPSoft Version 4.0.8.21 and prior has a null pointer dereference issue while processing project files, which may allow an attacker to execute arbitrary code. Delta Electronics DOPSoft versiones 4.0.8.21 y anteriores, presenta un problema de desreferencia de puntero null al procesar archivos de proyecto, lo que puede permitir a un atacante ejecutar código arbitrario This vulnerability allows remote atackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XLS files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://us-cert.cisa.gov/ics/advisories/icsa-21-005-05 https://www.zerodayinitiative.com/advisories/ZDI-21-033 • CWE-476: NULL Pointer Dereference CWE-822: Untrusted Pointer Dereference •
CVE-2020-16225 – Delta Industrial Automation TPEditor TPE File Parsing Write-what-where Condition Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-16225
Delta Electronics TPEditor Versions 1.97 and prior. A write-what-where condition may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. Delta Electronics TPEditor Versiones 1.97 y anteriores. Una condición de escribir qué y donde puede ser explotada al procesar un archivo de proyecto especialmente diseñado. • https://us-cert.cisa.gov/ics/advisories/icsa-20-219-04 https://www.zerodayinitiative.com/advisories/ZDI-20-964 • CWE-123: Write-what-where Condition CWE-787: Out-of-bounds Write •
CVE-2020-16227 – Delta Industrial Automation TPEditor TPE File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-16227
Delta Electronics TPEditor Versions 1.97 and prior. An improper input validation may be exploited by processing a specially crafted project file not validated when the data is entered by a user. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. Delta Electronics TPEditor Versiones 1.97 y anteriores. Una comprobación de entrada inapropiada puede ser explotada al procesar un archivo de proyecto especialmente diseñado que no se valida cuando un usuario ingresa los datos. • https://us-cert.cisa.gov/ics/advisories/icsa-20-219-04 https://www.zerodayinitiative.com/advisories/ZDI-20-965 • CWE-20: Improper Input Validation •
CVE-2020-16221 – Delta Industrial Automation TPEditor TPE File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-16221
Delta Electronics TPEditor Versions 1.97 and prior. A stack-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. Delta Electronics TPEditor Versiones 1.97 y anteriores. Un desbordamiento del búfer en la región stack de la memoria puede ser explotado al procesar un archivo de proyecto especialmente diseñado. • https://us-cert.cisa.gov/ics/advisories/icsa-20-219-04 https://www.zerodayinitiative.com/advisories/ZDI-20-962 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2020-16223 – Delta Industrial Automation TPEditor TPE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-16223
Delta Electronics TPEditor Versions 1.97 and prior. A heap-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. Delta Electronics TPEditor Versiones 1.97 y anteriores. Un desbordamiento del búfer en la región heap de la memoria puede ser explotado al procesar un archivo de proyecto especialmente diseñado. • https://us-cert.cisa.gov/ics/advisories/icsa-20-219-04 https://www.zerodayinitiative.com/advisories/ZDI-20-966 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •