CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-16219 – Delta Industrial Automation TPEditor TPE File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-16219
Delta Electronics TPEditor Versions 1.97 and prior. An out-of-bounds read may be exploited by processing specially crafted project files. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. Delta Electronics TPEditor Versiones 1.97 y anteriores. Una lectura fuera de límites puede explotarse procesando archivos de proyecto especialmente diseñados. • https://us-cert.cisa.gov/ics/advisories/icsa-20-219-04 https://www.zerodayinitiative.com/advisories/ZDI-20-961 https://www.zerodayinitiative.com/advisories/ZDI-20-963 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-16199 – Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-16199
Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. Delta Industrial Automation CNCSoft ScreenEditor, versiones 1.01.23 y anteriores. Múltiples vulnerabilidades de desbordamiento del búfer en la región stack de la memoria pueden ser explotadas al procesar archivos de proyecto especialmente diseñados, que pueden permitir a un atacante leer y modificar información, ejecutar código arbitrario y/o bloquear la aplicación This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DPB files. • https://us-cert.cisa.gov/ics/advisories/icsa-20-217-01 https://www.zerodayinitiative.com/advisories/ZDI-20-939 https://www.zerodayinitiative.com/advisories/ZDI-20-940 https://www.zerodayinitiative.com/advisories/ZDI-20-943 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-16201 – Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-16201
Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. Multiple out-of-bounds read vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to read information. Delta Industrial Automation CNCSoft ScreenEditor, versiones 1.01.23 y anteriores. Múltiples vulnerabilidades de lectura fuera de límites pueden ser explotadas al procesar archivos de proyecto especialmente diseñados, que pueden permitir a un atacante leer información This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DPB files. • https://us-cert.cisa.gov/ics/advisories/icsa-20-217-01 https://www.zerodayinitiative.com/advisories/ZDI-20-941 https://www.zerodayinitiative.com/advisories/ZDI-20-942 https://www.zerodayinitiative.com/advisories/ZDI-20-944 https://www.zerodayinitiative.com/advisories/ZDI-20-945 https://www.zerodayinitiative.com/advisories/ZDI-20-946 https://www.zerodayinitiative.com/advisories/ZDI-20-947 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-16203 – Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Uninitialized Pointer Dereference Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-16203
Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. An uninitialized pointer may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. Delta Industrial Automation CNCSoft ScreenEditor, versiones 1.01.23 y anteriores. Un puntero no inicializado puede ser explotado al procesar un archivo de proyecto especialmente diseñado. • https://us-cert.cisa.gov/ics/advisories/icsa-20-217-01 https://www.zerodayinitiative.com/advisories/ZDI-20-948 • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14482
https://notcve.org/view.php?id=CVE-2020-14482
Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Opening a specially crafted project file may overflow the heap, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. Delta Industrial Automation DOPSoft, Versión 4.00.08.15 y anteriores. La apertura de un archivo de proyecto especialmente diseñado puede desbordar la pila, lo que puede permitir una ejecución de código remota, una divulgación y modificación de información o causar que la aplicación se bloquee • https://www.us-cert.gov/ics/advisories/icsa-20-182-01 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •