CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13540 – Delta Industrial Automation TPEditor TPE File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-13540
Delta Electronics TPEditor, Versions 1.94 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to remotely execute arbitrary code. Delta Electronics TPEditor, versiones 1.94 y anteriores. Múltiples vulnerabilidades de desbordamiento de búfer en la región stack de la memoria pueden ser explotadas mediante el procesamiento de archivos de proyecto especialmente diseñados, lo que puede permitir a un atacante ejecutar remotamente código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation TPEditor. • https://www.us-cert.gov/ics/advisories/icsa-19-253-01 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13544 – Delta Industrial Automation TPEditor TPE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-13544
Delta Electronics TPEditor, Versions 1.94 and prior. Multiple out-of-bounds write vulnerabilities may be exploited by processing specially crafted project files, which may allow remote code execution. Delta Electronics TPEditor, Versiones 1.94 y anteriores. Pueden ser explotadas múltiples vulnerabilidades de escritura fuera de límites mediante el procesamiento de archivos de proyecto especialmente diseñados, que pueden permitir una ejecución de código remota. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation TPEditor. • https://www.us-cert.gov/ics/advisories/icsa-19-253-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13514 – Delta Industrial Automation DOPSoft DPA File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-13514
In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, processing a specially crafted project file may trigger a use-after-free vulnerability, which may allow information disclosure, remote code execution, or crash of the application. En Delta Industrial Automation DOPSoft, Versión 4.00.06.15 y anteriores, el procesamiento de un archivo de proyecto especialmente diseñado puede desencadenar una vulnerabilidad de uso de memoria previamente liberada, que puede permitir la divulgación de información, la ejecución de código remota o el bloqueo de la aplicación. This vulnerability allows remote attackers to execute arbitrary code on affected instances of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DPA files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. • https://www.us-cert.gov/ics/advisories/icsa-19-225-01 https://www.zerodayinitiative.com/advisories/ZDI-19-717 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13513 – Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-13513
In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, processing a specially crafted project file may trigger multiple out-of-bounds read vulnerabilities, which may allow information disclosure, remote code execution, or crash of the application. En Delta Industrial Automation DOPSoft, Versión 4.00.06.15 y anteriores, el procesamiento de un archivo de proyecto especialmente diseñado puede desencadenar múltiples vulnerabilidades de lectura fuera de límites, lo que puede permitir una divulgación de información, la ejecución de código remota o el bloqueo de la aplicación. This vulnerability allows remote attackers to execute arbitrary code on affected instances of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of a DPA file. The issue results from the lack of proper validation of user-supplied data, which can result in a read after the end of an allocated buffer. • https://www.us-cert.gov/ics/advisories/icsa-19-225-01 https://www.zerodayinitiative.com/advisories/ZDI-19-718 https://www.zerodayinitiative.com/advisories/ZDI-19-719 https://www.zerodayinitiative.com/advisories/ZDI-19-720 https://www.zerodayinitiative.com/advisories/ZDI-19-721 https://www.zerodayinitiative.com/advisories/ZDI-19-722 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10992 – Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-10992
Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and prior. Multiple out-of-bounds read vulnerabilities may cause information disclosure due to lacking user input validation for processing project files. Delta Electronics CNCSoft ScreenEditor, versiones 1.00.89 y anteriores. Varias vulnerabilidades de lectura fuera de los límites pueden causar la divulgación de información debido a la falta de validación de entrada del usuario para procesar archivos de proyecto. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. • https://www.us-cert.gov/ics/advisories/icsa-19-192-01 • CWE-125: Out-of-bounds Read •