CVE-2024-28029 – Client-Side Enforcement of Server-Side Security in Delta Electronics DIAEnergie
https://notcve.org/view.php?id=CVE-2024-28029
Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality. Los privilegios no se verifican completamente en el lado del servidor, lo que puede ser abusado por un usuario con privilegios limitados para eludir la autorización y acceder a funciones privilegiadas. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12 • CWE-285: Improper Authorization CWE-602: Client-Side Enforcement of Server-Side Security •
CVE-2023-43824 – Delta Electronics Delta Industrial Automation DOPSoft DPS File wTitleTextLen Buffer Overflow Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-43824
A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wTitleTextLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution. Existe un desbordamiento de búfer en la región stack de la memoria en Delta Electronics Delta Industrial Automation DOPSoft al analizar el campo wTitleTextLen de un archivo DPS. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad incitando a un usuario a abrir un archivo DPS especialmente manipulado para lograr la ejecución remota de código. • https://blog.exodusintel.com/2024/01/18/delta-electronics-delta-industrial-automation-dopsoft-dps-file-wtitletextlen-buffer-overflow-remote-code-execution • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2023-43823 – Delta Electronics Delta Industrial Automation DOPSoft DPS File wTTitleLen Buffer Overflow Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-43823
A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wTTitleLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution. Existe un desbordamiento de búfer en la región stack de la memoria en Delta Electronics Delta Industrial Automation DOPSoft al analizar el campo wTTitleLen de un archivo DPS. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad incitando a un usuario a abrir un archivo DPS especialmente manipulado para lograr la ejecución remota de código. • https://blog.exodusintel.com/2024/01/18/delta-electronics-delta-industrial-automation-dopsoft-dps-file-wttitlelen-buffer-overflow-remote-code-execution • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2023-43822 – Delta Electronics Delta Industrial Automation DOPSoft DPS File wLogTitlesTimeLen Buffer Overflow Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-43822
A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wLogTitlesTimeLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution. Existe un desbordamiento de búfer en la región stack de la memoria en Delta Electronics Delta Industrial Automation DOPSoft al analizar el campo wLogTitlesTimeLen de un archivo DPS. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad incitando a un usuario a abrir un archivo DPS especialmente manipulado para lograr la ejecución remota de código. • https://blog.exodusintel.com/2024/01/18/delta-electronics-delta-industrial-automation-dopsoft-dps-file-wlogtitlestimelen-buffer-overflow-remote-code-execution • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2023-43821 – Delta Electronics Delta Industrial Automation DOPSoft DPS File wLogTitlesActionLen Buffer Overflow Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-43821
A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wLogTitlesActionLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution. Existe un desbordamiento de búfer en la región stack de la memoria en Delta Electronics Delta Industrial Automation DOPSoft al analizar el campo wLogTitlesActionLen de un archivo DPS. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad incitando a un usuario a abrir un archivo DPS especialmente manipulado para lograr la ejecución remota de código. • https://blog.exodusintel.com/2024/01/18/delta-electronics-delta-industrial-automation-dopsoft-dps-file-wlogtitlesactionlen-buffer-overflow-remote-code-execution • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •