CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10951 – Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing wLanguageNameLen Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-10951
Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. There is a lack of user input validation before copying data from project files onto the heap. Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor versión 1.00.88 y anteriores. Se pueden aprovechar múltiples vulnerabilidades de desbordamiento de búfer en la región heap de la memoria, mediante el procesamiento de archivos de proyecto especialmente creados, lo que permite a un atacante ejecutar código arbitrario de forma remota. • http://www.securityfocus.com/bid/107989 https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01 https://www.zerodayinitiative.com/advisories/ZDI-19-405 https://www.zerodayinitiative.com/advisories/ZDI-19-408 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6547 – Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-6547
Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.84 and prior. An out-of-bounds read vulnerability may cause the software to crash due to lacking user input validation for processing project files. Delta Industrial Automation CNCSoft y CNCSoft ScreenEditor, en sus versiones 1.00.84 y anteriores. Una vulnerabilidad de lectura fuera de límites podría provocar el cierre inesperado del software debido a una falta de validación de entradas proporcionadas por el usuario para procesar archivos de proyecto. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. • http://www.securityfocus.com/bid/107086 https://ics-cert.us-cert.gov/advisories/ICSA-19-050-02 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17929 – Delta Industrial Automation TPEditor MRC File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-17929
In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and prior, multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files lacking user input validation before copying data from project files onto the stack and may allow an attacker to remotely execute arbitrary code. En TPEditor, de Delta Industrial Automation TPEditor, en versiones 1.90 y anteriores, podrían explotarse vulnerabilidades de desbordamiento de búfer basado en pila procesando archivos de proyecto especialmente manipulados que carecen de validación de entradas por parte del usuario antes de copiar los datos de los archivos de proyecto en la pila, lo que podría permitir que un atacante ejecute código arbitrario de forma remota. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation TPEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of MRC files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. • http://www.securityfocus.com/bid/105682 https://ics-cert.us-cert.gov/advisories/ICSA-18-284-03 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17927 – Delta Industrial Automation TPEditor TPE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-17927
In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and prior, multiple out-of-bounds write vulnerabilities may be exploited by processing specially crafted project files lacking user input validation, which may cause the system to write outside the intended buffer area and may allow remote code execution. En TPEditor, de Delta Industrial Automation TPEditor, en versiones 1.90 y anteriores, podrían explotarse múltiples vulnerabilidades de escritura fuera de límites procesando archivos de proyecto especialmente manipulados que carecen de validación de entradas por parte del usuario, lo que podría provocar que el sistema escriba fuera del área del búfer planeado y podría permitir la ejecución remota de código. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation TPEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TPE files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. • http://www.securityfocus.com/bid/105682 https://ics-cert.us-cert.gov/advisories/ICSA-18-284-03 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-14800 – Delta Industrial Automation ISPSoft DVP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-14800
Delta Electronics ISPSoft version 3.0.5 and prior allow an attacker, by opening a crafted file, to cause the application to read past the boundary allocated to a stack object, which could allow execution of code under the context of the application. Delta Electronics ISPSoft en versiones 3.0.5 y anteriores permite que un atacante, al abrir un archivo manipulado, provoque que la aplicación lea más allá de los límites asignados a un objeto de la pila, lo que podría permitir la ejecución de código bajo el contexto de la aplicación. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation ISPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of fields in DVP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. • http://www.securityfocus.com/bid/105485 https://ics-cert.us-cert.gov/advisories/ICSA-18-275-01 • CWE-121: Stack-based Buffer Overflow CWE-125: Out-of-bounds Read •