CVE-2023-4685 – CVE-2023-4685
https://notcve.org/view.php?id=CVE-2023-4685
Delta Electronics' CNCSoft-B version 1.0.0.4 and DOPSoft versions 4.0.0.82 and prior are vulnerable to stack-based buffer overflow, which could allow an attacker to execute arbitrary code. CNCSoft-B versión 1.0.0.4 de Delta Electronics y DOPSoft versiones 4.0.0.82 y anteriores son vulnerables al desbordamiento del búfer de memoria, lo que podría permitir a un atacante ejecutar código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DPA files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-157-01 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2023-24014 – Delta Electronics CNCSoft-B DOPSoft Heap-based buffer overflow
https://notcve.org/view.php?id=CVE-2023-24014
Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to heap-based buffer overflow, which could allow an attacker to execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DPA files by the DOPSoft component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-157-01 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2023-25177 – Delta Electronics CNCSoft-B DOPSoft Stack-based buffer overflow
https://notcve.org/view.php?id=CVE-2023-25177
Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to stack-based buffer overflow, which could allow an attacker to execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DPA files by the DOPSoft component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-157-01 • CWE-121: Stack-based Buffer Overflow •
CVE-2022-4634 – CVE-2022-4634
https://notcve.org/view.php?id=CVE-2022-4634
All versions prior to Delta Electronic’s CNCSoft version 1.01.34 (running ScreenEditor versions 1.01.5 and prior) are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DPB files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-01 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2022-1405 – Delta Electronics CNCSoft Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2022-1405
CNCSoft: All versions prior to 1.01.32 does not properly sanitize input while processing a specific project file, allowing a possible stack-based buffer overflow condition. CNCSoft: Todas las versiones anteriores a 1.01.32 no sanean correctamente la entrada mientras es procesado un archivo de proyecto específico, lo que permite una posible condición de desbordamiento de búfer en la región stack de la memoria • https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-01 • CWE-121: Stack-based Buffer Overflow •