CVE-2021-38402 – Delta Electronics DOPSoft 2 Stack-Based Buffer Overflow
https://notcve.org/view.php?id=CVE-2021-38402
Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could lead to a stack-based buffer overflow while trying to copy to a buffer during font string handling. An attacker could leverage this vulnerability to execute code in the context of the current process. Delta Electronic DOPSoft 2 (versiones 2.00.07 y anteriores), no comprueba apropiadamente los datos suministrados por el usuario cuando analiza archivos de proyecto específicos. Esto podría conllevar a un desbordamiento del búfer en la región stack de la memoria mientras se intenta copiar en un búfer durante el manejo de la cadena de fuentes. • https://us-cert.cisa.gov/ics/advisories/icsa-21-252-02 • CWE-121: Stack-based Buffer Overflow •
CVE-2021-38404 – Delta Electronics DOPSoft 2 Heap-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2021-38404
Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. Delta Electronic DOPSoft 2 (versiones 2.00.07 y anteriores) no comprueba apropiadamente los datos proporcionados por el usuario cuando analiza archivos de proyecto específicos. Esto podría resultar en un desbordamiento del búfer en la región heap de la memoria. • https://us-cert.cisa.gov/ics/advisories/icsa-21-252-02 • CWE-122: Heap-based Buffer Overflow •
CVE-2021-27412
https://notcve.org/view.php?id=CVE-2021-27412
Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code. Delta Electronics DOPSoft versiones 4.0.10.17 y anteriores son vulnerables a una lectura fuera de límites, lo que puede permitir a un atacante ejecutar código arbitrario • https://us-cert.cisa.gov/ics/advisories/icsa-21-182-03 • CWE-125: Out-of-bounds Read •
CVE-2021-27455
https://notcve.org/view.php?id=CVE-2021-27455
Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to disclose information. Delta Electronics DOPSoft versiones 4.0.10.17 y anteriores son vulnerables a una lectura fuera de límites al procesar archivos de proyectos, lo que podría permitir a un atacante revelar información • https://us-cert.cisa.gov/ics/advisories/icsa-21-182-03 • CWE-125: Out-of-bounds Read •
CVE-2020-27275 – Delta Industrial Automation DOPSoft XLS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-27275
Delta Electronics DOPSoft Version 4.0.8.21 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code. Delta Electronics DOPSoft versiones 4.0.8.21 y anteriores, es vulnerable a una escritura fuera de límites mientras procesa archivos de proyecto, lo que puede permitir a un atacante ejecutar código arbitrario This vulnerability allows remote atackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XLS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write before the start of a data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://us-cert.cisa.gov/ics/advisories/icsa-21-005-05 https://www.zerodayinitiative.com/advisories/ZDI-21-028 https://www.zerodayinitiative.com/advisories/ZDI-21-029 https://www.zerodayinitiative.com/advisories/ZDI-21-032 https://www.zerodayinitiative.com/advisories/ZDI-21-034 https://www.zerodayinitiative.com/advisories/ZDI-21-035 https://www.zerodayinitiative.com/advisories/ZDI-21-036 https://www.zerodayinitiative.com/advisories/ZDI-21-037 https://www.zerodayinitiative.com/advisories/ZDI-21& • CWE-787: Out-of-bounds Write •