CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27277 – Delta Industrial Automation DOPSoft XLS File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-27277
Delta Electronics DOPSoft Version 4.0.8.21 and prior has a null pointer dereference issue while processing project files, which may allow an attacker to execute arbitrary code. Delta Electronics DOPSoft versiones 4.0.8.21 y anteriores, presenta un problema de desreferencia de puntero null al procesar archivos de proyecto, lo que puede permitir a un atacante ejecutar código arbitrario This vulnerability allows remote atackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XLS files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://us-cert.cisa.gov/ics/advisories/icsa-21-005-05 https://www.zerodayinitiative.com/advisories/ZDI-21-033 • CWE-476: NULL Pointer Dereference CWE-822: Untrusted Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14482
https://notcve.org/view.php?id=CVE-2020-14482
Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Opening a specially crafted project file may overflow the heap, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. Delta Industrial Automation DOPSoft, Versión 4.00.08.15 y anteriores. La apertura de un archivo de proyecto especialmente diseñado puede desbordar la pila, lo que puede permitir una ejecución de código remota, una divulgación y modificación de información o causar que la aplicación se bloquee • https://www.us-cert.gov/ics/advisories/icsa-20-182-01 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •