CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27455
https://notcve.org/view.php?id=CVE-2021-27455
Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to disclose information. Delta Electronics DOPSoft versiones 4.0.10.17 y anteriores son vulnerables a una lectura fuera de límites al procesar archivos de proyectos, lo que podría permitir a un atacante revelar información • https://us-cert.cisa.gov/ics/advisories/icsa-21-182-03 • CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27275 – Delta Industrial Automation DOPSoft XLS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-27275
Delta Electronics DOPSoft Version 4.0.8.21 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code. Delta Electronics DOPSoft versiones 4.0.8.21 y anteriores, es vulnerable a una escritura fuera de límites mientras procesa archivos de proyecto, lo que puede permitir a un atacante ejecutar código arbitrario This vulnerability allows remote atackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XLS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write before the start of a data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://us-cert.cisa.gov/ics/advisories/icsa-21-005-05 https://www.zerodayinitiative.com/advisories/ZDI-21-028 https://www.zerodayinitiative.com/advisories/ZDI-21-029 https://www.zerodayinitiative.com/advisories/ZDI-21-032 https://www.zerodayinitiative.com/advisories/ZDI-21-034 https://www.zerodayinitiative.com/advisories/ZDI-21-035 https://www.zerodayinitiative.com/advisories/ZDI-21-036 https://www.zerodayinitiative.com/advisories/ZDI-21-037 https://www.zerodayinitiative.com/advisories/ZDI-21& • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27277 – Delta Industrial Automation DOPSoft XLS File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-27277
Delta Electronics DOPSoft Version 4.0.8.21 and prior has a null pointer dereference issue while processing project files, which may allow an attacker to execute arbitrary code. Delta Electronics DOPSoft versiones 4.0.8.21 y anteriores, presenta un problema de desreferencia de puntero null al procesar archivos de proyecto, lo que puede permitir a un atacante ejecutar código arbitrario This vulnerability allows remote atackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XLS files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://us-cert.cisa.gov/ics/advisories/icsa-21-005-05 https://www.zerodayinitiative.com/advisories/ZDI-21-033 • CWE-476: NULL Pointer Dereference CWE-822: Untrusted Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14482
https://notcve.org/view.php?id=CVE-2020-14482
Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Opening a specially crafted project file may overflow the heap, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. Delta Industrial Automation DOPSoft, Versión 4.00.08.15 y anteriores. La apertura de un archivo de proyecto especialmente diseñado puede desbordar la pila, lo que puede permitir una ejecución de código remota, una divulgación y modificación de información o causar que la aplicación se bloquee • https://www.us-cert.gov/ics/advisories/icsa-20-182-01 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10597
https://notcve.org/view.php?id=CVE-2020-10597
Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Multiple out-of-bounds read vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to read information and/or crash the application. Delta Industrial Automation DOPSoft versiones 4.00.08.15 y anteriores. Múltiples vulnerabilidades de lectura fuera de límites pueden ser explotadas procesando archivos de proyecto especialmente elaborados, que pueden permitir a un atacante leer información y/o bloquear la aplicación. • https://www.us-cert.gov/ics/advisories/icsa-20-182-01 • CWE-125: Out-of-bounds Read •