CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25177 – Siemens JT2Go DXF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-25177
A Type Confusion issue exists when rendering malformed .DXF and .DWG files. ... Existe un problema de confusión de tipos al renderizar archivos .DXF y .DWG malformados. • https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf https://www.opendesign.com/security-advisories https://www.zerodayinitiative.com/advisories/ZDI-21-219 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2020-26990 – Siemens JT2Go ASM File Parsing Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-26990
A crafted ASM file could trigger a type confusion condition. ... Un archivo ASM diseñado puede desencadenar una condición de confusión de tipos. ... The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. • https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf https://www.zerodayinitiative.com/advisories/ZDI-21-055 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-26980 – Siemens JT2Go JT File Parsing Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-26980
A crafted JT file could trigger a type confusion condition. ... Un archivo JT diseñado puede desencadenar una condición de confusión de tipos. ... The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. • https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf https://www.zerodayinitiative.com/advisories/ZDI-21-046 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27293 – Delta Industrial Automation CNCSoft-B DOPSoft DPA File Parsing Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-27293
Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a type confusion issue while processing project files, which may allow an attacker to execute arbitrary code. Delta Electronics CNCSoft-B versiones 1.0.0.2 y anteriores, presenta un problema de confusión de tipos al procesar archivos de proyecto, lo que puede permitir a un atacante ejecutar código arbitrario This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft-B. ... The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. • https://us-cert.cisa.gov/ics/advisories/icsa-21-007-04 https://www.zerodayinitiative.com/advisories/ZDI-21-045 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6656 – File parsing Type Confusion Remote code execution vulerability
https://notcve.org/view.php?id=CVE-2020-6656
Eaton's easySoft software v7.xx prior to v7.22 are susceptible to file parsing type confusion remote code execution vulnerability. ... The vulnerability arises due to improper validation of user data supplied through E70 file which is causing Type Confusion. El software easySoft de Eaton versiones v7.xx y anteriores a la v7.22 es susceptible a la vulnerabilidad de ejecución remota de código por confusión de tipo de archivo. ... La vulnerabilidad surge debido a la incorrecta validación de los datos del usuario suministrados a través del archivo E70, lo que provoca una confusión de tipos • https://us-cert.cisa.gov/ics/advisories/icsa-21-007-03 https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/easySoft-eaton-vulnerability-advisory.pdf https://www.zerodayinitiative.com/advisories/ZDI-20-1441 https://www.zerodayinitiative.com/advisories/ZDI-20-1442 https://www.zerodayinitiative.com/advisories/ZDI-20-1444 • CWE-20: Improper Input Validation CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •