CVE-2024-1941
Delta Electronics CNCSoft-B Stack-based Buffer Overflow
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Delta Electronics CNCSoft-B versions 1.0.0.4 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.
Delta Electronics CNCSoft-B versiones 1.0.0.4 y anteriores son vulnerables a un desbordamiento de búfer en la región stack de la memoria, lo que puede permitir a un atacante ejecutar código arbitrario.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the processing of DPA files in the DOPSoft executable. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-02-27 CVE Reserved
- 2024-03-01 CVE Published
- 2024-03-10 EPSS Updated
- 2024-08-22 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-121: Stack-based Buffer Overflow
CAPEC
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Delta Electronics Search vendor "Delta Electronics" | CNCSoft-B Search vendor "Delta Electronics" for product "CNCSoft-B" | <= 1.0.0.4 Search vendor "Delta Electronics" for product "CNCSoft-B" and version " <= 1.0.0.4" | en |
Affected
| ||||||