CVE-2022-4634 – CVE-2022-4634
https://notcve.org/view.php?id=CVE-2022-4634
All versions prior to Delta Electronic’s CNCSoft version 1.01.34 (running ScreenEditor versions 1.01.5 and prior) are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DPB files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-01 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2021-44768 – Delta Electronics CNCSoft Out-of-bounds Read
https://notcve.org/view.php?id=CVE-2021-44768
Delta Electronics CNCSoft (Version 1.01.30) and prior) is vulnerable to an out-of-bounds read while processing a specific project file, which may allow an attacker to disclose information. Delta Electronics CNCSoft (Versión 1.01.30) y anteriores) es vulnerable a una lectura fuera de límites mientras es procesado un archivo de proyecto específico, lo que puede permitir a un atacante divulgar información • https://www.cisa.gov/uscert/ics/advisories/icsa-21-350-02 • CWE-125: Out-of-bounds Read •
CVE-2021-22672 – Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22672
Delta Electronics' CNCSoft ScreenEditor in versions prior to v1.01.30 could allow the corruption of data, a denial-of-service condition, or code execution. The vulnerability may allow an attacker to remotely execute arbitrary code. CNCSoft ScreenEditor de Delta Electronics en versiones anteriores a v1.01.30, podría permitir la corrupción de datos, una condición de denegación de servicio o la ejecución de código. La vulnerabilidad puede permitir a un atacante ejecutar remotamente código arbitrario This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DPB files. • https://us-cert.cisa.gov/ics/advisories/icsa-21-124-02 https://www.zerodayinitiative.com/advisories/ZDI-21-524 • CWE-787: Out-of-bounds Write •
CVE-2021-22668 – Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22668
Delta Industrial Automation CNCSoft ScreenEditor Versions 1.01.28 (with ScreenEditor Version 1.01.2) and prior are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code. Delta Industrial Automation CNCSoft ScreenEditor versiones 1.01.28 (con ScreenEditor Versiones 1.01.2) y anteriores, son vulnerables a una lectura fuera de límites durante el procesamiento de archivos de proyecto, lo que puede permitir a un atacante ejecutar código arbitrario This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DPB files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://us-cert.cisa.gov/ics/advisories/icsa-21-110-04 • CWE-125: Out-of-bounds Read •
CVE-2020-27281 – Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-27281
A stack-based buffer overflow may exist in Delta Electronics CNCSoft ScreenEditor versions 1.01.26 and prior when processing specially crafted project files, which may allow an attacker to execute arbitrary code. Es posible que se presente un desbordamiento del búfer en la región stack de la memoria en Delta Electronics CNCSoft ScreenEditor versiones 1.01.26 y anteriores al procesar archivos de proyecto especialmente diseñados, lo que puede permitir a un atacante ejecutar código arbitrario This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DPB files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://us-cert.cisa.gov/ics/advisories/icsa-21-005-06 https://www.zerodayinitiative.com/advisories/ZDI-21-039 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •