CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-14824 – Delta Industrial Automation PMSoft rtl60 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-14824
Delta Electronics Delta Industrial Automation PMSoft v2.11 or prior has an out-of-bounds read vulnerability that can be executed when processing project files, which may allow an attacker to read confidential information. Delta Industrial Automation PMSoft v2.11 o anteriores, de Delta Electronics, tiene una vulnerabilidad de lectura fuera de límites que puede ejecutarse al procesar archivos de proyecto. Esto podría permitir que un atacante lea información confidencial. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Delta Industrial Automation PMSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PPM files. • http://www.deltaww.com/services/DownloadCenter2.aspx?secID=8&pid=2&tid=0&CID=06&itemID=060301&typeID=1&downloadID=%2C&title=--%20Select%20Product%20Series%20--&dataType=8%3B&check=1&hl=en-US http://www.securityfocus.com/bid/105409 https://ics-cert.us-cert.gov/advisories/ICSA-18-270-04 • CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: 1%CPEs: 2EXPL: 0CVE-2018-10636 – Delta Industrial Automation CNCSoft ScreenEditor DPB File wKPFString Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-10636
CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has multiple stack-based buffer overflow vulnerabilities that could cause the software to crash due to lacking user input validation before copying data from project files onto the stack. Which may allow an attacker to gain remote code execution with administrator privileges if exploited. CNCSoft en versiones 1.00.83 y anteriores con ScreenEditor 1.00.54 tiene múltiples vulnerabilidades de desbordamiento de búfer basado en pila que podría provocar el cierre inesperado del software debido a la falta de validación de entradas de usuario antes de copiar los datos del los archivos de proyecto a la pila. Esto puede permitir a un atacante ejecutar código remotamente con privilegios de administrador si se explota. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. • http://www.securityfocus.com/bid/105032 https://ics-cert.us-cert.gov/advisories/ICSA-18-219-01 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-10598 – Delta Industrial Automation CNCSoft ScreenEditor DPB Macro Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-10598
CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has two out-of-bounds read vulnerabilities could cause the software to crash due to lacking user input validation for processing project files. Which may allow an attacker to gain remote code execution with administrator privileges if exploited. CNCSoft en versiones 1.00.83 y anteriores con ScreenEditor 1.00.54 tiene dos vulnerabilidades de lectura fuera de límites que pueden causar que el software se cierre de manera inesperada debido a la falta de validación de entrada de datos del usuario para procesar los archivos de proyecto. Esto puede permitir a un atacante ejecutar código remotamente con privilegios de administrador si se explota. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. • http://www.securityfocus.com/bid/105032 https://ics-cert.us-cert.gov/advisories/ICSA-18-219-01 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 60%CPEs: 8EXPL: 2CVE-2018-10594 – Delta Industrial Automation COMMGR AHSIM_5x0 Simulator Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-10594
Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1) utilize a fixed-length stack buffer where an unverified length value can be read from the network packets via a specific network port, causing the buffer to be overwritten. This may allow remote code execution, cause the application to crash, or result in a denial-of-service condition in the application server. Delta Industrial Automation COMMGR de Delta Electronics en versiones 1.08 y anteriores con sus simuladores PLC (DVPSimulator EH2, EH3, ES2, SE, SS2 y AHSIM_5x0, AHSIM_5x1) utiliza un búfer de pila de longitud fija en el que se puede leer un valor de longitud no verificado desde los paquetes de red mediante un puerto de red específico, provocando la sobrescritura del búfer. Esto puede permitir la ejecución remota de código, provocando el cierre inesperado de la aplicación o resultando en una condición de denegación de servicio (DoS) en el servidor de la aplicación. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation COMMGR. • https://www.exploit-db.com/exploits/44965 https://www.exploit-db.com/exploits/45574 http://www.securityfocus.com/bid/104529 https://ics-cert.us-cert.gov/advisories/ICSA-18-172-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2018-10623 – Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-10623
Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. This may cause improper restriction of operations within the bounds of the memory buffer, allow remote code execution, alter the intended control flow, allow reading of sensitive information, or cause the application to crash. Delta Industrial Automation DOPSoft, de Delta Electronics, en versiones 4.00.04 y anteriores, realiza operaciones de lectura en un búfer de memoria en el que la posición puede ser determinada por una lectura de valor desde un archivo .dpa. Esto podría provocar la restricción incorrecta de operaciones en los límites del búfer de memoria, permitir la ejecución remota de código, alterar el flujo de control planeado, permitir la lectura de información sensible o hacer que la aplicación se cierre inesperadamente. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. • http://www.securityfocus.com/bid/104375 https://ics-cert.us-cert.gov/advisories/ICSA-18-151-01 • CWE-125: Out-of-bounds Read •