7 results (0.013 seconds)

CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0

A crafted DPA file could force Delta Electronics DIAScreen to overflow a stack-based buffer, which could allow an attacker to execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DPA files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-219-01 • CWE-121: Stack-based Buffer Overflow •

CVSS: 7.8EPSS: 15%CPEs: 1EXPL: 0

Delta Electronics DIAScreen may write past the end of an allocated buffer while parsing a specially crafted input file. This could allow an attacker to execute code in the context of the current process. Delta Electronics DIAScreen puede escribir más allá del final de un búfer asignado mientras analiza un archivo de entrada especialmente manipulado. Esto podría permitir a un atacante ejecutar código en el contexto del proceso actual. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. • https://diastudio.deltaww.com/home/downloads?sec=download#catalog https://www.cisa.gov/news-events/ics-advisories/icsa-23-264-03 • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a buffer overflow through improper restrictions of operations within memory, which could allow an attacker to remotely execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DPA files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/uscert/ics/advisories/icsa-23-033-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DPA files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/uscert/ics/advisories/icsa-23-033-01 • CWE-121: Stack-based Buffer Overflow •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DPA files. The issue results from the lack of proper validation of user-supplied data, which can result in a write before the start of a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/uscert/ics/advisories/icsa-23-033-01 • CWE-787: Out-of-bounds Write •