Vulnerabilites related to Delta Industrial Automation - DOPSoft
var-201803-1810
Vulnerability from variot
A Stack-based Buffer Overflow issue was discovered in Delta Electronics Delta Industrial Automation DOPSoft, Version 4.00.01 or prior. Stack-based buffer overflow vulnerabilities caused by processing specially crafted .dop or .dpb files may allow an attacker to remotely execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of the BackgroundMacro structure in a DPA file. An attacker can leverage this vulnerability to execute code under the context of the current process
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "dopsoft",
"scope": null,
"trust": 9.1,
"vendor": "delta industrial automation",
"version": null
},
{
"_id": null,
"model": "delta industrial automation dopsoft",
"scope": "lte",
"trust": 1.0,
"vendor": "deltaww",
"version": "4.00.01"
},
{
"_id": null,
"model": "industrial automation dopsoft",
"scope": "lte",
"trust": 0.8,
"vendor": "delta",
"version": "4.00.01"
},
{
"_id": null,
"model": "electronics delta industrial automation dopsoft",
"scope": "lte",
"trust": 0.6,
"vendor": "delta",
"version": "\u003c=4.00.01"
},
{
"_id": null,
"model": "delta industrial automation dopsoft",
"scope": "eq",
"trust": 0.6,
"vendor": "deltaww",
"version": "4.00.01"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "delta industrial automation dopsoft",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2ff6511-39ab-11e9-8816-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-234"
},
{
"db": "ZDI",
"id": "ZDI-18-229"
},
{
"db": "ZDI",
"id": "ZDI-18-228"
},
{
"db": "ZDI",
"id": "ZDI-18-222"
},
{
"db": "ZDI",
"id": "ZDI-18-233"
},
{
"db": "ZDI",
"id": "ZDI-18-227"
},
{
"db": "ZDI",
"id": "ZDI-18-235"
},
{
"db": "ZDI",
"id": "ZDI-18-231"
},
{
"db": "ZDI",
"id": "ZDI-18-230"
},
{
"db": "ZDI",
"id": "ZDI-18-225"
},
{
"db": "ZDI",
"id": "ZDI-18-232"
},
{
"db": "ZDI",
"id": "ZDI-18-221"
},
{
"db": "ZDI",
"id": "ZDI-18-224"
},
{
"db": "CNVD",
"id": "CNVD-2018-04098"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003080"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-561"
},
{
"db": "NVD",
"id": "CVE-2018-5476"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:delta_electronics:delta_industrial_automation_dopsoft",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003080"
}
]
},
"credits": {
"_id": null,
"data": "Ghirmay Desta",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-234"
},
{
"db": "ZDI",
"id": "ZDI-18-229"
},
{
"db": "ZDI",
"id": "ZDI-18-228"
},
{
"db": "ZDI",
"id": "ZDI-18-222"
},
{
"db": "ZDI",
"id": "ZDI-18-233"
},
{
"db": "ZDI",
"id": "ZDI-18-227"
},
{
"db": "ZDI",
"id": "ZDI-18-235"
},
{
"db": "ZDI",
"id": "ZDI-18-231"
},
{
"db": "ZDI",
"id": "ZDI-18-230"
},
{
"db": "ZDI",
"id": "ZDI-18-225"
},
{
"db": "ZDI",
"id": "ZDI-18-232"
},
{
"db": "ZDI",
"id": "ZDI-18-221"
},
{
"db": "ZDI",
"id": "ZDI-18-224"
}
],
"trust": 9.1
},
"cve": "CVE-2018-5476",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-5476",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 10.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2018-04098",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "e2ff6511-39ab-11e9-8816-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2018-5476",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-5476",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2018-5476",
"trust": 9.1,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2018-5476",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-5476",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-04098",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-561",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2ff6511-39ab-11e9-8816-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2ff6511-39ab-11e9-8816-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-234"
},
{
"db": "ZDI",
"id": "ZDI-18-229"
},
{
"db": "ZDI",
"id": "ZDI-18-228"
},
{
"db": "ZDI",
"id": "ZDI-18-222"
},
{
"db": "ZDI",
"id": "ZDI-18-233"
},
{
"db": "ZDI",
"id": "ZDI-18-227"
},
{
"db": "ZDI",
"id": "ZDI-18-235"
},
{
"db": "ZDI",
"id": "ZDI-18-231"
},
{
"db": "ZDI",
"id": "ZDI-18-230"
},
{
"db": "ZDI",
"id": "ZDI-18-225"
},
{
"db": "ZDI",
"id": "ZDI-18-232"
},
{
"db": "ZDI",
"id": "ZDI-18-221"
},
{
"db": "ZDI",
"id": "ZDI-18-224"
},
{
"db": "CNVD",
"id": "CNVD-2018-04098"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003080"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-561"
},
{
"db": "NVD",
"id": "CVE-2018-5476"
}
]
},
"description": {
"_id": null,
"data": "A Stack-based Buffer Overflow issue was discovered in Delta Electronics Delta Industrial Automation DOPSoft, Version 4.00.01 or prior. Stack-based buffer overflow vulnerabilities caused by processing specially crafted .dop or .dpb files may allow an attacker to remotely execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of the BackgroundMacro structure in a DPA file. An attacker can leverage this vulnerability to execute code under the context of the current process",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5476"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003080"
},
{
"db": "ZDI",
"id": "ZDI-18-234"
},
{
"db": "ZDI",
"id": "ZDI-18-224"
},
{
"db": "ZDI",
"id": "ZDI-18-221"
},
{
"db": "ZDI",
"id": "ZDI-18-232"
},
{
"db": "ZDI",
"id": "ZDI-18-225"
},
{
"db": "ZDI",
"id": "ZDI-18-230"
},
{
"db": "ZDI",
"id": "ZDI-18-231"
},
{
"db": "ZDI",
"id": "ZDI-18-235"
},
{
"db": "ZDI",
"id": "ZDI-18-227"
},
{
"db": "ZDI",
"id": "ZDI-18-233"
},
{
"db": "ZDI",
"id": "ZDI-18-222"
},
{
"db": "ZDI",
"id": "ZDI-18-228"
},
{
"db": "ZDI",
"id": "ZDI-18-229"
},
{
"db": "CNVD",
"id": "CNVD-2018-04098"
},
{
"db": "IVD",
"id": "e2ff6511-39ab-11e9-8816-000c29342cb1"
}
],
"trust": 10.53
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2018-5476",
"trust": 12.3
},
{
"db": "ICS CERT",
"id": "ICSA-18-060-03",
"trust": 3.0
},
{
"db": "BID",
"id": "103195",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2018-04098",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-561",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003080",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5286",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-234",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5275",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-229",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5274",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-228",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5267",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-222",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5285",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-233",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5272",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-227",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5287",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-235",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5283",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-231",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5276",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-230",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5270",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-225",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5284",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-232",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5266",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-221",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5269",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-224",
"trust": 0.7
},
{
"db": "IVD",
"id": "E2FF6511-39AB-11E9-8816-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2ff6511-39ab-11e9-8816-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-234"
},
{
"db": "ZDI",
"id": "ZDI-18-229"
},
{
"db": "ZDI",
"id": "ZDI-18-228"
},
{
"db": "ZDI",
"id": "ZDI-18-222"
},
{
"db": "ZDI",
"id": "ZDI-18-233"
},
{
"db": "ZDI",
"id": "ZDI-18-227"
},
{
"db": "ZDI",
"id": "ZDI-18-235"
},
{
"db": "ZDI",
"id": "ZDI-18-231"
},
{
"db": "ZDI",
"id": "ZDI-18-230"
},
{
"db": "ZDI",
"id": "ZDI-18-225"
},
{
"db": "ZDI",
"id": "ZDI-18-232"
},
{
"db": "ZDI",
"id": "ZDI-18-221"
},
{
"db": "ZDI",
"id": "ZDI-18-224"
},
{
"db": "CNVD",
"id": "CNVD-2018-04098"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003080"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-561"
},
{
"db": "NVD",
"id": "CVE-2018-5476"
}
]
},
"id": "VAR-201803-1810",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2ff6511-39ab-11e9-8816-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-04098"
}
],
"trust": 1.7285714
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2ff6511-39ab-11e9-8816-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-04098"
}
]
},
"last_update_date": "2024-11-29T22:51:22.051000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Delta Industrial Automation has issued an update to correct this vulnerability.",
"trust": 9.1,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-060-03"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.deltaww.com/"
},
{
"title": "Delta Electronics Delta Industrial Automation patch for DOPSoft heap buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/120063"
},
{
"title": "Delta Electronics Delta Industrial Automation DOPSoft Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79197"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-234"
},
{
"db": "ZDI",
"id": "ZDI-18-229"
},
{
"db": "ZDI",
"id": "ZDI-18-228"
},
{
"db": "ZDI",
"id": "ZDI-18-222"
},
{
"db": "ZDI",
"id": "ZDI-18-233"
},
{
"db": "ZDI",
"id": "ZDI-18-227"
},
{
"db": "ZDI",
"id": "ZDI-18-235"
},
{
"db": "ZDI",
"id": "ZDI-18-231"
},
{
"db": "ZDI",
"id": "ZDI-18-230"
},
{
"db": "ZDI",
"id": "ZDI-18-225"
},
{
"db": "ZDI",
"id": "ZDI-18-232"
},
{
"db": "ZDI",
"id": "ZDI-18-221"
},
{
"db": "ZDI",
"id": "ZDI-18-224"
},
{
"db": "CNVD",
"id": "CNVD-2018-04098"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003080"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-561"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003080"
},
{
"db": "NVD",
"id": "CVE-2018-5476"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 12.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-060-03"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/103195"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5476"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5476"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-234"
},
{
"db": "ZDI",
"id": "ZDI-18-229"
},
{
"db": "ZDI",
"id": "ZDI-18-228"
},
{
"db": "ZDI",
"id": "ZDI-18-222"
},
{
"db": "ZDI",
"id": "ZDI-18-233"
},
{
"db": "ZDI",
"id": "ZDI-18-227"
},
{
"db": "ZDI",
"id": "ZDI-18-235"
},
{
"db": "ZDI",
"id": "ZDI-18-231"
},
{
"db": "ZDI",
"id": "ZDI-18-230"
},
{
"db": "ZDI",
"id": "ZDI-18-225"
},
{
"db": "ZDI",
"id": "ZDI-18-232"
},
{
"db": "ZDI",
"id": "ZDI-18-221"
},
{
"db": "ZDI",
"id": "ZDI-18-224"
},
{
"db": "CNVD",
"id": "CNVD-2018-04098"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003080"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-561"
},
{
"db": "NVD",
"id": "CVE-2018-5476"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "e2ff6511-39ab-11e9-8816-000c29342cb1",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-234",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-229",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-228",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-222",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-233",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-227",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-235",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-231",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-230",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-225",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-232",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-221",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-224",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2018-04098",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003080",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201803-561",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2018-5476",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2018-03-02T00:00:00",
"db": "IVD",
"id": "e2ff6511-39ab-11e9-8816-000c29342cb1",
"ident": null
},
{
"date": "2018-03-02T00:00:00",
"db": "ZDI",
"id": "ZDI-18-234",
"ident": null
},
{
"date": "2018-03-02T00:00:00",
"db": "ZDI",
"id": "ZDI-18-229",
"ident": null
},
{
"date": "2018-03-02T00:00:00",
"db": "ZDI",
"id": "ZDI-18-228",
"ident": null
},
{
"date": "2018-03-02T00:00:00",
"db": "ZDI",
"id": "ZDI-18-222",
"ident": null
},
{
"date": "2018-03-02T00:00:00",
"db": "ZDI",
"id": "ZDI-18-233",
"ident": null
},
{
"date": "2018-03-02T00:00:00",
"db": "ZDI",
"id": "ZDI-18-227",
"ident": null
},
{
"date": "2018-03-02T00:00:00",
"db": "ZDI",
"id": "ZDI-18-235",
"ident": null
},
{
"date": "2018-03-02T00:00:00",
"db": "ZDI",
"id": "ZDI-18-231",
"ident": null
},
{
"date": "2018-03-02T00:00:00",
"db": "ZDI",
"id": "ZDI-18-230",
"ident": null
},
{
"date": "2018-03-02T00:00:00",
"db": "ZDI",
"id": "ZDI-18-225",
"ident": null
},
{
"date": "2018-03-02T00:00:00",
"db": "ZDI",
"id": "ZDI-18-232",
"ident": null
},
{
"date": "2018-03-02T00:00:00",
"db": "ZDI",
"id": "ZDI-18-221",
"ident": null
},
{
"date": "2018-03-02T00:00:00",
"db": "ZDI",
"id": "ZDI-18-224",
"ident": null
},
{
"date": "2018-03-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-04098",
"ident": null
},
{
"date": "2018-05-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003080",
"ident": null
},
{
"date": "2018-03-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-561",
"ident": null
},
{
"date": "2018-03-15T23:29:00.470000",
"db": "NVD",
"id": "CVE-2018-5476",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2018-03-02T00:00:00",
"db": "ZDI",
"id": "ZDI-18-234",
"ident": null
},
{
"date": "2018-03-02T00:00:00",
"db": "ZDI",
"id": "ZDI-18-229",
"ident": null
},
{
"date": "2018-03-02T00:00:00",
"db": "ZDI",
"id": "ZDI-18-228",
"ident": null
},
{
"date": "2018-03-02T00:00:00",
"db": "ZDI",
"id": "ZDI-18-222",
"ident": null
},
{
"date": "2018-03-02T00:00:00",
"db": "ZDI",
"id": "ZDI-18-233",
"ident": null
},
{
"date": "2018-03-02T00:00:00",
"db": "ZDI",
"id": "ZDI-18-227",
"ident": null
},
{
"date": "2018-03-02T00:00:00",
"db": "ZDI",
"id": "ZDI-18-235",
"ident": null
},
{
"date": "2018-03-02T00:00:00",
"db": "ZDI",
"id": "ZDI-18-231",
"ident": null
},
{
"date": "2018-03-02T00:00:00",
"db": "ZDI",
"id": "ZDI-18-230",
"ident": null
},
{
"date": "2018-03-02T00:00:00",
"db": "ZDI",
"id": "ZDI-18-225",
"ident": null
},
{
"date": "2018-03-02T00:00:00",
"db": "ZDI",
"id": "ZDI-18-232",
"ident": null
},
{
"date": "2018-03-02T00:00:00",
"db": "ZDI",
"id": "ZDI-18-221",
"ident": null
},
{
"date": "2018-03-02T00:00:00",
"db": "ZDI",
"id": "ZDI-18-224",
"ident": null
},
{
"date": "2018-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-04098",
"ident": null
},
{
"date": "2018-05-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003080",
"ident": null
},
{
"date": "2020-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-561",
"ident": null
},
{
"date": "2024-11-21T04:08:52.697000",
"db": "NVD",
"id": "CVE-2018-5476",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-561"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Delta Electronics Delta Industrial Automation DOPSoft Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003080"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-561"
}
],
"trust": 1.4
},
"type": {
"_id": null,
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "e2ff6511-39ab-11e9-8816-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-561"
}
],
"trust": 0.8
}
}
var-201806-0553
Vulnerability from variot
Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. This may cause improper restriction of operations within the bounds of the memory buffer, allow remote code execution, alter the intended control flow, allow reading of sensitive information, or cause the application to crash. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of fields in DPA files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code under the context of the current process. Delta Electronics Delta Industrial Automation DOPSoft is a set of human interface applications from Delta Electronics. A remote code-execution vulnerability 2. A stack-based buffer-overflow vulnerability 3. Failed attacks will cause denial of service conditions. DOPSoft 4.00.04 and prior are vulnerable
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "dopsoft",
"scope": null,
"trust": 1.4,
"vendor": "delta industrial automation",
"version": null
},
{
"_id": null,
"model": "delta industrial automation dopsoft",
"scope": "lte",
"trust": 1.0,
"vendor": "deltaww",
"version": "4.00.04"
},
{
"_id": null,
"model": "industrial automation dopsoft",
"scope": "lte",
"trust": 0.8,
"vendor": "delta",
"version": "4.00.04"
},
{
"_id": null,
"model": "electronics delta industrial automation dopsoft",
"scope": "lte",
"trust": 0.6,
"vendor": "delta",
"version": "\u003c=4.00.04"
},
{
"_id": null,
"model": "delta industrial automation dopsoft",
"scope": "eq",
"trust": 0.6,
"vendor": "deltaww",
"version": "4.00.04"
},
{
"_id": null,
"model": "electronics inc dopsoft",
"scope": "eq",
"trust": 0.3,
"vendor": "delta",
"version": "4.0.4"
},
{
"_id": null,
"model": "electronics inc dopsoft",
"scope": "eq",
"trust": 0.3,
"vendor": "delta",
"version": "4.0.1"
},
{
"_id": null,
"model": "electronics inc dopsoft",
"scope": "eq",
"trust": 0.3,
"vendor": "delta",
"version": "2.0.5"
},
{
"_id": null,
"model": "electronics inc dopsoft",
"scope": "eq",
"trust": 0.3,
"vendor": "delta",
"version": "2.00.04.09"
},
{
"_id": null,
"model": "electronics inc dopsoft",
"scope": "ne",
"trust": 0.3,
"vendor": "delta",
"version": "4.00.04.22"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "delta industrial automation dopsoft",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e3007680-39ab-11e9-b812-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-537"
},
{
"db": "ZDI",
"id": "ZDI-18-535"
},
{
"db": "CNVD",
"id": "CNVD-2018-12141"
},
{
"db": "BID",
"id": "104375"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006534"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-809"
},
{
"db": "NVD",
"id": "CVE-2018-10623"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:delta_electronics:delta_industrial_automation_dopsoft",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006534"
}
]
},
"credits": {
"_id": null,
"data": "b0nd @garage4hackers",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-537"
},
{
"db": "ZDI",
"id": "ZDI-18-535"
}
],
"trust": 1.4
},
"cve": "CVE-2018-10623",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-10623",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-10623",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 1.4,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-12141",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e3007680-39ab-11e9-b812-000c29342cb1",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-10623",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2018-10623",
"trust": 1.4,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2018-10623",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-10623",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-12141",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201806-809",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e3007680-39ab-11e9-b812-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e3007680-39ab-11e9-b812-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-537"
},
{
"db": "ZDI",
"id": "ZDI-18-535"
},
{
"db": "CNVD",
"id": "CNVD-2018-12141"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006534"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-809"
},
{
"db": "NVD",
"id": "CVE-2018-10623"
}
]
},
"description": {
"_id": null,
"data": "Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. This may cause improper restriction of operations within the bounds of the memory buffer, allow remote code execution, alter the intended control flow, allow reading of sensitive information, or cause the application to crash. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of fields in DPA files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code under the context of the current process. Delta Electronics Delta Industrial Automation DOPSoft is a set of human interface applications from Delta Electronics. A remote code-execution vulnerability\n2. A stack-based buffer-overflow vulnerability\n3. Failed attacks will cause denial of service conditions. \nDOPSoft 4.00.04 and prior are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10623"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006534"
},
{
"db": "ZDI",
"id": "ZDI-18-537"
},
{
"db": "ZDI",
"id": "ZDI-18-535"
},
{
"db": "CNVD",
"id": "CNVD-2018-12141"
},
{
"db": "BID",
"id": "104375"
},
{
"db": "IVD",
"id": "e3007680-39ab-11e9-b812-000c29342cb1"
}
],
"trust": 3.87
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2018-10623",
"trust": 4.9
},
{
"db": "ICS CERT",
"id": "ICSA-18-151-01",
"trust": 3.3
},
{
"db": "BID",
"id": "104375",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2018-12141",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201806-809",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006534",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5975",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-537",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5973",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-535",
"trust": 0.7
},
{
"db": "IVD",
"id": "E3007680-39AB-11E9-B812-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e3007680-39ab-11e9-b812-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-537"
},
{
"db": "ZDI",
"id": "ZDI-18-535"
},
{
"db": "CNVD",
"id": "CNVD-2018-12141"
},
{
"db": "BID",
"id": "104375"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006534"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-809"
},
{
"db": "NVD",
"id": "CVE-2018-10623"
}
]
},
"id": "VAR-201806-0553",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "e3007680-39ab-11e9-b812-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12141"
}
],
"trust": 1.7285714
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e3007680-39ab-11e9-b812-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12141"
}
]
},
"last_update_date": "2024-11-23T22:41:49.953000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Delta Industrial Automation has issued an update to correct this vulnerability.",
"trust": 1.4,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-01"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.deltaww.com/"
},
{
"title": "Delta Industrial Automation DOPSoft cross-border read vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/132877"
},
{
"title": "Delta Industrial Automation DOPSoft Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81327"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-537"
},
{
"db": "ZDI",
"id": "ZDI-18-535"
},
{
"db": "CNVD",
"id": "CNVD-2018-12141"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006534"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-809"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-125",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006534"
},
{
"db": "NVD",
"id": "CVE-2018-10623"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 4.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-151-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/104375"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10623"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10623"
},
{
"trust": 0.3,
"url": "http://www.deltaww.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-537"
},
{
"db": "ZDI",
"id": "ZDI-18-535"
},
{
"db": "CNVD",
"id": "CNVD-2018-12141"
},
{
"db": "BID",
"id": "104375"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006534"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-809"
},
{
"db": "NVD",
"id": "CVE-2018-10623"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "e3007680-39ab-11e9-b812-000c29342cb1",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-537",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-535",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2018-12141",
"ident": null
},
{
"db": "BID",
"id": "104375",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006534",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201806-809",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2018-10623",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2018-06-27T00:00:00",
"db": "IVD",
"id": "e3007680-39ab-11e9-b812-000c29342cb1",
"ident": null
},
{
"date": "2018-06-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-537",
"ident": null
},
{
"date": "2018-06-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-535",
"ident": null
},
{
"date": "2018-06-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12141",
"ident": null
},
{
"date": "2018-05-31T00:00:00",
"db": "BID",
"id": "104375",
"ident": null
},
{
"date": "2018-08-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006534",
"ident": null
},
{
"date": "2018-06-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-809",
"ident": null
},
{
"date": "2018-06-18T19:29:00.293000",
"db": "NVD",
"id": "CVE-2018-10623",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2018-06-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-537",
"ident": null
},
{
"date": "2018-06-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-535",
"ident": null
},
{
"date": "2018-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12141",
"ident": null
},
{
"date": "2018-05-31T00:00:00",
"db": "BID",
"id": "104375",
"ident": null
},
{
"date": "2018-08-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006534",
"ident": null
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-809",
"ident": null
},
{
"date": "2024-11-21T03:41:41.207000",
"db": "NVD",
"id": "CVE-2018-10623",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-809"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-537"
},
{
"db": "ZDI",
"id": "ZDI-18-535"
}
],
"trust": 1.4
},
"type": {
"_id": null,
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "e3007680-39ab-11e9-b812-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-809"
}
],
"trust": 0.8
}
}
var-201908-0865
Vulnerability from variot
In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, processing a specially crafted project file may trigger multiple out-of-bounds read vulnerabilities, which may allow information disclosure, remote code execution, or crash of the application. Delta Industrial Automation DOPSoft Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected instances of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DPA files. The issue results from the lack of proper validation of user-supplied data, which can result in a read before the start of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics Industrial Automation DOPSoft is a set of human-machine interface (HMI) software from Taiwan's Delta Electronics (Delta Electronics) company. The vulnerability originated when the network system or product performed operations on the memory, and the data boundary was not correctly verified, resulting in an incorrect execution of the associated other memory location. For read and write operations, an attacker can use this vulnerability to cause a buffer overflow or heap overflow
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "dopsoft",
"scope": null,
"trust": 3.5,
"vendor": "delta industrial automation",
"version": null
},
{
"_id": null,
"model": "delta industrial automation dopsoft",
"scope": "lte",
"trust": 1.0,
"vendor": "deltaww",
"version": "4.00.06.15"
},
{
"_id": null,
"model": "industrial automation dopsoft",
"scope": "lte",
"trust": 0.8,
"vendor": "delta",
"version": "4.00.06.15"
},
{
"_id": null,
"model": "electronics delta industrial automation dopsoft",
"scope": "lte",
"trust": 0.6,
"vendor": "delta",
"version": "\u003c=4.00.06.15"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-722"
},
{
"db": "ZDI",
"id": "ZDI-19-720"
},
{
"db": "ZDI",
"id": "ZDI-19-718"
},
{
"db": "ZDI",
"id": "ZDI-19-719"
},
{
"db": "ZDI",
"id": "ZDI-19-721"
},
{
"db": "CNVD",
"id": "CNVD-2020-17022"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008435"
},
{
"db": "NVD",
"id": "CVE-2019-13513"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:delta_electronics:delta_industrial_automation_dopsoft",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008435"
}
]
},
"credits": {
"_id": null,
"data": "kimiya of 9SG Security Team - kimiya@9sgsec.com",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-722"
},
{
"db": "ZDI",
"id": "ZDI-19-720"
},
{
"db": "ZDI",
"id": "ZDI-19-718"
},
{
"db": "ZDI",
"id": "ZDI-19-719"
},
{
"db": "ZDI",
"id": "ZDI-19-721"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-939"
}
],
"trust": 4.1
},
"cve": "CVE-2019-13513",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-13513",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-17022",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-13513",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 3.5,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-13513",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-13513",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2019-13513",
"trust": 3.5,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2019-13513",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-13513",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-17022",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-939",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-722"
},
{
"db": "ZDI",
"id": "ZDI-19-720"
},
{
"db": "ZDI",
"id": "ZDI-19-718"
},
{
"db": "ZDI",
"id": "ZDI-19-719"
},
{
"db": "ZDI",
"id": "ZDI-19-721"
},
{
"db": "CNVD",
"id": "CNVD-2020-17022"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008435"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-939"
},
{
"db": "NVD",
"id": "CVE-2019-13513"
}
]
},
"description": {
"_id": null,
"data": "In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, processing a specially crafted project file may trigger multiple out-of-bounds read vulnerabilities, which may allow information disclosure, remote code execution, or crash of the application. Delta Industrial Automation DOPSoft Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected instances of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DPA files. The issue results from the lack of proper validation of user-supplied data, which can result in a read before the start of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics Industrial Automation DOPSoft is a set of human-machine interface (HMI) software from Taiwan\u0027s Delta Electronics (Delta Electronics) company. The vulnerability originated when the network system or product performed operations on the memory, and the data boundary was not correctly verified, resulting in an incorrect execution of the associated other memory location. For read and write operations, an attacker can use this vulnerability to cause a buffer overflow or heap overflow",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13513"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008435"
},
{
"db": "ZDI",
"id": "ZDI-19-722"
},
{
"db": "ZDI",
"id": "ZDI-19-720"
},
{
"db": "ZDI",
"id": "ZDI-19-718"
},
{
"db": "ZDI",
"id": "ZDI-19-719"
},
{
"db": "ZDI",
"id": "ZDI-19-721"
},
{
"db": "CNVD",
"id": "CNVD-2020-17022"
}
],
"trust": 5.31
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2019-13513",
"trust": 6.5
},
{
"db": "ICS CERT",
"id": "ICSA-19-225-01",
"trust": 3.0
},
{
"db": "ZDI",
"id": "ZDI-19-722",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-19-720",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-19-718",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-19-719",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-19-721",
"trust": 2.3
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008435",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8282",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8253",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8251",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8252",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8254",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-17022",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3104",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201908-939",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-722"
},
{
"db": "ZDI",
"id": "ZDI-19-720"
},
{
"db": "ZDI",
"id": "ZDI-19-718"
},
{
"db": "ZDI",
"id": "ZDI-19-719"
},
{
"db": "ZDI",
"id": "ZDI-19-721"
},
{
"db": "CNVD",
"id": "CNVD-2020-17022"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008435"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-939"
},
{
"db": "NVD",
"id": "CVE-2019-13513"
}
]
},
"id": "VAR-201908-0865",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17022"
}
],
"trust": 1.5285714000000001
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17022"
}
]
},
"last_update_date": "2024-11-23T21:59:47.164000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Delta Industrial Automation has issued an update to correct this vulnerability.",
"trust": 3.5,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-225-01"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.deltaww.com/"
},
{
"title": "Patch for Delta Industrial Automation DOPSoft buffer overflow vulnerability (CNVD-2020-17022)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/208771"
},
{
"title": "Delta Industrial Automation DOPSoft Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96622"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-722"
},
{
"db": "ZDI",
"id": "ZDI-19-720"
},
{
"db": "ZDI",
"id": "ZDI-19-718"
},
{
"db": "ZDI",
"id": "ZDI-19-719"
},
{
"db": "ZDI",
"id": "ZDI-19-721"
},
{
"db": "CNVD",
"id": "CNVD-2020-17022"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008435"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-939"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-125",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008435"
},
{
"db": "NVD",
"id": "CVE-2019-13513"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 7.1,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-225-01"
},
{
"trust": 2.2,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-722/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-719/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-718/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-720/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-721/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13513"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13513"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3104/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-722"
},
{
"db": "ZDI",
"id": "ZDI-19-720"
},
{
"db": "ZDI",
"id": "ZDI-19-718"
},
{
"db": "ZDI",
"id": "ZDI-19-719"
},
{
"db": "ZDI",
"id": "ZDI-19-721"
},
{
"db": "CNVD",
"id": "CNVD-2020-17022"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008435"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-939"
},
{
"db": "NVD",
"id": "CVE-2019-13513"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-19-722",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-720",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-718",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-719",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-721",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2020-17022",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008435",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201908-939",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2019-13513",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2019-08-16T00:00:00",
"db": "ZDI",
"id": "ZDI-19-722",
"ident": null
},
{
"date": "2019-08-16T00:00:00",
"db": "ZDI",
"id": "ZDI-19-720",
"ident": null
},
{
"date": "2019-08-16T00:00:00",
"db": "ZDI",
"id": "ZDI-19-718",
"ident": null
},
{
"date": "2019-08-16T00:00:00",
"db": "ZDI",
"id": "ZDI-19-719",
"ident": null
},
{
"date": "2019-08-16T00:00:00",
"db": "ZDI",
"id": "ZDI-19-721",
"ident": null
},
{
"date": "2020-03-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17022",
"ident": null
},
{
"date": "2019-08-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008435",
"ident": null
},
{
"date": "2019-08-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-939",
"ident": null
},
{
"date": "2019-08-15T19:15:11.090000",
"db": "NVD",
"id": "CVE-2019-13513",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2019-08-16T00:00:00",
"db": "ZDI",
"id": "ZDI-19-722",
"ident": null
},
{
"date": "2019-08-16T00:00:00",
"db": "ZDI",
"id": "ZDI-19-720",
"ident": null
},
{
"date": "2019-08-16T00:00:00",
"db": "ZDI",
"id": "ZDI-19-718",
"ident": null
},
{
"date": "2019-08-16T00:00:00",
"db": "ZDI",
"id": "ZDI-19-719",
"ident": null
},
{
"date": "2019-08-16T00:00:00",
"db": "ZDI",
"id": "ZDI-19-721",
"ident": null
},
{
"date": "2020-03-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17022",
"ident": null
},
{
"date": "2019-08-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008435",
"ident": null
},
{
"date": "2019-09-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-939",
"ident": null
},
{
"date": "2024-11-21T04:25:02.860000",
"db": "NVD",
"id": "CVE-2019-13513",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-939"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-722"
},
{
"db": "ZDI",
"id": "ZDI-19-720"
},
{
"db": "ZDI",
"id": "ZDI-19-718"
},
{
"db": "ZDI",
"id": "ZDI-19-719"
},
{
"db": "ZDI",
"id": "ZDI-19-721"
}
],
"trust": 3.5
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-939"
}
],
"trust": 0.6
}
}
var-202108-0771
Vulnerability from variot
A stack-based buffer overflow vulnerability in Delta Electronics DOPSoft Version 4.00.11 and prior may be exploited by processing a specially crafted project file, which may allow an attacker to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TBK files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. DOPSoft is a human-machine interface (HMI) programming software launched by Delta Electronics.
A stack buffer overflow vulnerability exists in DOPSoft 4.00.11 and earlier versions. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-0771",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dopsoft",
"scope": "lte",
"trust": 1.0,
"vendor": "deltaww",
"version": "4.00.11"
},
{
"model": "dopsoft",
"scope": null,
"trust": 0.7,
"vendor": "delta industrial automation",
"version": null
},
{
"model": "dopsoft",
"scope": "lte",
"trust": 0.6,
"vendor": "delta",
"version": "\u003c=4.00.11"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1059"
},
{
"db": "CNVD",
"id": "CNVD-2021-93912"
},
{
"db": "NVD",
"id": "CVE-2021-33019"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1059"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2379"
}
],
"trust": 1.3
},
"cve": "CVE-2021-33019",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-33019",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2021-93912",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-33019",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-33019",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-33019",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2021-33019",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-93912",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-2379",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-33019",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1059"
},
{
"db": "CNVD",
"id": "CNVD-2021-93912"
},
{
"db": "VULMON",
"id": "CVE-2021-33019"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2379"
},
{
"db": "NVD",
"id": "CVE-2021-33019"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A stack-based buffer overflow vulnerability in Delta Electronics DOPSoft Version 4.00.11 and prior may be exploited by processing a specially crafted project file, which may allow an attacker to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TBK files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. DOPSoft is a human-machine interface (HMI) programming software launched by Delta Electronics. \n\r\n\r\nA stack buffer overflow vulnerability exists in DOPSoft 4.00.11 and earlier versions. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33019"
},
{
"db": "ZDI",
"id": "ZDI-21-1059"
},
{
"db": "CNVD",
"id": "CNVD-2021-93912"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-33019"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-33019",
"trust": 3.0
},
{
"db": "ZDI",
"id": "ZDI-21-1059",
"trust": 2.4
},
{
"db": "ICS CERT",
"id": "ICSA-21-238-04",
"trust": 2.3
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-12877",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-93912",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2913",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021082704",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2379",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-33019",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1059"
},
{
"db": "CNVD",
"id": "CNVD-2021-93912"
},
{
"db": "VULMON",
"id": "CVE-2021-33019"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2379"
},
{
"db": "NVD",
"id": "CVE-2021-33019"
}
]
},
"id": "VAR-202108-0771",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-93912"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-93912"
}
]
},
"last_update_date": "2024-08-14T12:05:55.521000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Delta Industrial Automation has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-238-04"
},
{
"title": "CVE-2021-33019",
"trust": 0.1,
"url": "https://github.com/AlAIAL90/CVE-2021-33019 "
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1059"
},
{
"db": "VULMON",
"id": "CVE-2021-33019"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33019"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-238-04"
},
{
"trust": 2.4,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-1059/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021082704"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2913"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"trust": 0.1,
"url": "https://github.com/alaial90/cve-2021-33019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1059"
},
{
"db": "CNVD",
"id": "CNVD-2021-93912"
},
{
"db": "VULMON",
"id": "CVE-2021-33019"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2379"
},
{
"db": "NVD",
"id": "CVE-2021-33019"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-21-1059"
},
{
"db": "CNVD",
"id": "CNVD-2021-93912"
},
{
"db": "VULMON",
"id": "CVE-2021-33019"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2379"
},
{
"db": "NVD",
"id": "CVE-2021-33019"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-08T00:00:00",
"db": "ZDI",
"id": "ZDI-21-1059"
},
{
"date": "2021-12-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-93912"
},
{
"date": "2021-08-30T00:00:00",
"db": "VULMON",
"id": "CVE-2021-33019"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-08-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-2379"
},
{
"date": "2021-08-30T18:15:09.533000",
"db": "NVD",
"id": "CVE-2021-33019"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-08T00:00:00",
"db": "ZDI",
"id": "ZDI-21-1059"
},
{
"date": "2022-01-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-93912"
},
{
"date": "2021-09-16T00:00:00",
"db": "VULMON",
"id": "CVE-2021-33019"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-09-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-2379"
},
{
"date": "2021-09-16T12:37:40.923000",
"db": "NVD",
"id": "CVE-2021-33019"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-2379"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta Industrial Automation DOPSoft TBK File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1059"
}
],
"trust": 0.7
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-202101-0358
Vulnerability from variot
Delta Electronics DOPSoft Version 4.0.8.21 and prior has a null pointer dereference issue while processing project files, which may allow an attacker to execute arbitrary code. Delta Electronics Provides HMI Related product DOPSoft and CNCSoft ScreenEditor The following multiple vulnerabilities exist in. DOPSoft ‥ * Out-of-bounds writing (CWE-787) - CVE-2020-27275 ‥ * Untrusted pointer reference (CWE-822) - CVE-2020-27277 CNCSoft ScreenEditor ‥ * Buffer overflow (CWE-121) - CVE-2020-27281Both vulnerabilities could allow arbitrary code to be executed by processing a specially crafted project file. This vulnerability allows remote atackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of XLS files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. DOPSoft is a human-machine interface (HMI) programming software launched by Delta Electronics
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "dopsoft",
"scope": "lte",
"trust": 1.0,
"vendor": "deltaww",
"version": "4.0.8.21"
},
{
"_id": null,
"model": "cncsoft screeneditor",
"scope": "eq",
"trust": 0.8,
"vendor": "delta",
"version": "version 1.01.26"
},
{
"_id": null,
"model": "dopsoft",
"scope": "eq",
"trust": 0.8,
"vendor": "delta",
"version": "version 4.0.8.21"
},
{
"_id": null,
"model": "dopsoft",
"scope": null,
"trust": 0.7,
"vendor": "delta industrial automation",
"version": null
},
{
"_id": null,
"model": "electronics dopsoft",
"scope": "lte",
"trust": 0.6,
"vendor": "delta",
"version": "\u003c=4.0.8.21"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-033"
},
{
"db": "CNVD",
"id": "CNVD-2021-04429"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001001"
},
{
"db": "NVD",
"id": "CVE-2020-27277"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:deltaww:cncsoft_screeneditor",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:deltaww:dopsoft",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001001"
}
]
},
"credits": {
"_id": null,
"data": "kimiya",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-033"
}
],
"trust": 0.7
},
"cve": "CVE-2020-27277",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2020-27277",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2021-04429",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-001001",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 2.4,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-27277",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-27277",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2021-001001",
"trust": 2.4,
"value": "High"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2020-27277",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2020-27277",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-04429",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-254",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-27277",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-033"
},
{
"db": "CNVD",
"id": "CNVD-2021-04429"
},
{
"db": "VULMON",
"id": "CVE-2020-27277"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001001"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001001"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001001"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-254"
},
{
"db": "NVD",
"id": "CVE-2020-27277"
}
]
},
"description": {
"_id": null,
"data": "Delta Electronics DOPSoft Version 4.0.8.21 and prior has a null pointer dereference issue while processing project files, which may allow an attacker to execute arbitrary code. Delta Electronics Provides HMI Related product DOPSoft and CNCSoft ScreenEditor The following multiple vulnerabilities exist in. DOPSoft \u2025 * Out-of-bounds writing (CWE-787) - CVE-2020-27275 \u2025 * Untrusted pointer reference (CWE-822) - CVE-2020-27277 CNCSoft ScreenEditor \u2025 * Buffer overflow (CWE-121) - CVE-2020-27281Both vulnerabilities could allow arbitrary code to be executed by processing a specially crafted project file. This vulnerability allows remote atackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of XLS files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. DOPSoft is a human-machine interface (HMI) programming software launched by Delta Electronics",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-27277"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001001"
},
{
"db": "ZDI",
"id": "ZDI-21-033"
},
{
"db": "CNVD",
"id": "CNVD-2021-04429"
},
{
"db": "VULMON",
"id": "CVE-2020-27277"
}
],
"trust": 2.88
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-27277",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-21-005-05",
"trust": 3.1
},
{
"db": "ZDI",
"id": "ZDI-21-033",
"trust": 2.4
},
{
"db": "ICS CERT",
"id": "ICSA-21-005-06",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU91044574",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001001",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11663",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-04429",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0045",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202101-254",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-27277",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-033"
},
{
"db": "CNVD",
"id": "CNVD-2021-04429"
},
{
"db": "VULMON",
"id": "CVE-2020-27277"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001001"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-254"
},
{
"db": "NVD",
"id": "CVE-2020-27277"
}
]
},
"id": "VAR-202101-0358",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-04429"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-04429"
}
]
},
"last_update_date": "2024-11-23T21:51:06.243000Z",
"patch": {
"_id": null,
"data": [
{
"title": "CNCSoft - Delta | Download Center",
"trust": 0.8,
"url": "https://downloadcenter.deltaww.com/en-US/DownloadCenter?v=1\u0026CID=06\u0026itemID=060202\u0026dataType=8"
},
{
"title": "DOPSoft - Delta | Download Center",
"trust": 0.8,
"url": "https://downloadcenter.deltaww.com/en-US/DownloadCenter?v=1\u0026CID=06\u0026itemID=060302\u0026dataType=8\u0026q=DOPSoft"
},
{
"title": "",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-05"
},
{
"title": "Patch for DOPSoft Null Pointer Dereference Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/244813"
},
{
"title": "Delta Electronics Industrial Automation DOPSoft Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139261"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-033"
},
{
"db": "CNVD",
"id": "CNVD-2021-04429"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001001"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-254"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-822",
"trust": 1.8
},
{
"problemtype": "CWE-476",
"trust": 1.0
},
{
"problemtype": "CWE-121",
"trust": 0.8
},
{
"problemtype": "CWE-787",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001001"
},
{
"db": "NVD",
"id": "CVE-2020-27277"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 4.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-05"
},
{
"trust": 1.8,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-033/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27275"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27277"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27281"
},
{
"trust": 0.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-06"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu91044574"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0045/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27277"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-033"
},
{
"db": "CNVD",
"id": "CNVD-2021-04429"
},
{
"db": "VULMON",
"id": "CVE-2020-27277"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001001"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-254"
},
{
"db": "NVD",
"id": "CVE-2020-27277"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-21-033",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2021-04429",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2020-27277",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001001",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202101-254",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-27277",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-01-14T00:00:00",
"db": "ZDI",
"id": "ZDI-21-033",
"ident": null
},
{
"date": "2021-01-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-04429",
"ident": null
},
{
"date": "2021-01-11T00:00:00",
"db": "VULMON",
"id": "CVE-2020-27277",
"ident": null
},
{
"date": "2021-01-07T07:38:37",
"db": "JVNDB",
"id": "JVNDB-2021-001001",
"ident": null
},
{
"date": "2021-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-254",
"ident": null
},
{
"date": "2021-01-11T16:15:15.243000",
"db": "NVD",
"id": "CVE-2020-27277",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-01-14T00:00:00",
"db": "ZDI",
"id": "ZDI-21-033",
"ident": null
},
{
"date": "2021-01-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-04429",
"ident": null
},
{
"date": "2021-03-09T00:00:00",
"db": "VULMON",
"id": "CVE-2020-27277",
"ident": null
},
{
"date": "2021-01-07T07:38:37",
"db": "JVNDB",
"id": "JVNDB-2021-001001",
"ident": null
},
{
"date": "2021-01-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-254",
"ident": null
},
{
"date": "2024-11-21T05:20:59.040000",
"db": "NVD",
"id": "CVE-2020-27277",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-254"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Delta Electronics Made HMI Multiple vulnerabilities in software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001001"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-254"
}
],
"trust": 0.6
}
}
var-201908-0866
Vulnerability from variot
In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, processing a specially crafted project file may trigger a use-after-free vulnerability, which may allow information disclosure, remote code execution, or crash of the application. Delta Industrial Automation DOPSoft Contains a vulnerability in the use of freed memory.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DPA files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics Industrial Automation DOPSoft is a set of human-machine interface (HMI) software from Taiwan's Delta Electronics (Delta Electronics) company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-0866",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "delta industrial automation dopsoft",
"scope": "lte",
"trust": 1.0,
"vendor": "deltaww",
"version": "4.00.06.15"
},
{
"model": "industrial automation dopsoft",
"scope": "lte",
"trust": 0.8,
"vendor": "delta",
"version": "4.00.06.15"
},
{
"model": "dopsoft",
"scope": null,
"trust": 0.7,
"vendor": "delta industrial automation",
"version": null
},
{
"model": "electronics delta industrial automation dopsoft",
"scope": "lte",
"trust": 0.6,
"vendor": "delta",
"version": "\u003c=4.00.06.15"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-717"
},
{
"db": "CNVD",
"id": "CNVD-2020-17023"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008309"
},
{
"db": "NVD",
"id": "CVE-2019-13514"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:delta_electronics:delta_industrial_automation_dopsoft",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008309"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "kimiya of 9SG Security Team - kimiya@9sgsec.com",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-717"
}
],
"trust": 0.7
},
"cve": "CVE-2019-13514",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-13514",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-17023",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-13514",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-13514",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-13514",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-13514",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-13514",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2019-13514",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2020-17023",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-1052",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-13514",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-717"
},
{
"db": "CNVD",
"id": "CNVD-2020-17023"
},
{
"db": "VULMON",
"id": "CVE-2019-13514"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008309"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1052"
},
{
"db": "NVD",
"id": "CVE-2019-13514"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, processing a specially crafted project file may trigger a use-after-free vulnerability, which may allow information disclosure, remote code execution, or crash of the application. Delta Industrial Automation DOPSoft Contains a vulnerability in the use of freed memory.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DPA files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics Industrial Automation DOPSoft is a set of human-machine interface (HMI) software from Taiwan\u0027s Delta Electronics (Delta Electronics) company",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13514"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008309"
},
{
"db": "ZDI",
"id": "ZDI-19-717"
},
{
"db": "CNVD",
"id": "CNVD-2020-17023"
},
{
"db": "VULMON",
"id": "CVE-2019-13514"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-13514",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-19-225-01",
"trust": 3.1
},
{
"db": "ZDI",
"id": "ZDI-19-717",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008309",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8250",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-17023",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3104",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1052",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-13514",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-717"
},
{
"db": "CNVD",
"id": "CNVD-2020-17023"
},
{
"db": "VULMON",
"id": "CVE-2019-13514"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008309"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1052"
},
{
"db": "NVD",
"id": "CVE-2019-13514"
}
]
},
"id": "VAR-201908-0866",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17023"
}
],
"trust": 1.5285714000000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17023"
}
]
},
"last_update_date": "2024-11-23T21:59:47.126000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.deltaww.com/"
},
{
"title": "Delta Industrial Automation has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-225-01"
},
{
"title": "Patch for Delta Electronics Industrial Automation DOPSoft Resource Management Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/208773"
},
{
"title": "Delta Industrial Automation DOPSoft Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96729"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-717"
},
{
"db": "CNVD",
"id": "CNVD-2020-17023"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008309"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1052"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008309"
},
{
"db": "NVD",
"id": "CVE-2019-13514"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-225-01"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-717/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13514"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13514"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3104/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165328"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-717"
},
{
"db": "CNVD",
"id": "CNVD-2020-17023"
},
{
"db": "VULMON",
"id": "CVE-2019-13514"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008309"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1052"
},
{
"db": "NVD",
"id": "CVE-2019-13514"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-19-717"
},
{
"db": "CNVD",
"id": "CNVD-2020-17023"
},
{
"db": "VULMON",
"id": "CVE-2019-13514"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008309"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1052"
},
{
"db": "NVD",
"id": "CVE-2019-13514"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-16T00:00:00",
"db": "ZDI",
"id": "ZDI-19-717"
},
{
"date": "2020-03-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17023"
},
{
"date": "2019-08-15T00:00:00",
"db": "VULMON",
"id": "CVE-2019-13514"
},
{
"date": "2019-08-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008309"
},
{
"date": "2019-08-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-1052"
},
{
"date": "2019-08-15T19:15:11.153000",
"db": "NVD",
"id": "CVE-2019-13514"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-16T00:00:00",
"db": "ZDI",
"id": "ZDI-19-717"
},
{
"date": "2020-03-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17023"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2019-13514"
},
{
"date": "2019-08-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008309"
},
{
"date": "2019-09-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-1052"
},
{
"date": "2024-11-21T04:25:03.007000",
"db": "NVD",
"id": "CVE-2019-13514"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-1052"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta Electronics Industrial Automation DOPSoft Resource Management Error Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17023"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1052"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-1052"
}
],
"trust": 0.6
}
}
var-202101-0356
Vulnerability from variot
Delta Electronics DOPSoft Version 4.0.8.21 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code. Delta Electronics Provides HMI Related product DOPSoft and CNCSoft ScreenEditor The following multiple vulnerabilities exist in. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DPA files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. DOPSoft is a human-machine interface (HMI) programming software launched by Delta Electronics
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "dopsoft",
"scope": null,
"trust": 5.6,
"vendor": "delta industrial automation",
"version": null
},
{
"_id": null,
"model": "dopsoft",
"scope": "lte",
"trust": 1.0,
"vendor": "deltaww",
"version": "4.0.8.21"
},
{
"_id": null,
"model": "cncsoft screeneditor",
"scope": "eq",
"trust": 0.8,
"vendor": "delta",
"version": "version 1.01.26"
},
{
"_id": null,
"model": "dopsoft",
"scope": "eq",
"trust": 0.8,
"vendor": "delta",
"version": "version 4.0.8.21"
},
{
"_id": null,
"model": "electronics dopsoft",
"scope": "lte",
"trust": 0.6,
"vendor": "delta",
"version": "\u003c=4.0.8.21"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-038"
},
{
"db": "ZDI",
"id": "ZDI-21-037"
},
{
"db": "ZDI",
"id": "ZDI-21-036"
},
{
"db": "ZDI",
"id": "ZDI-21-035"
},
{
"db": "ZDI",
"id": "ZDI-21-034"
},
{
"db": "ZDI",
"id": "ZDI-21-032"
},
{
"db": "ZDI",
"id": "ZDI-21-029"
},
{
"db": "ZDI",
"id": "ZDI-21-028"
},
{
"db": "CNVD",
"id": "CNVD-2021-04430"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001001"
},
{
"db": "NVD",
"id": "CVE-2020-27275"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:deltaww:cncsoft_screeneditor",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:deltaww:dopsoft",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001001"
}
]
},
"credits": {
"_id": null,
"data": "kimiya",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-038"
},
{
"db": "ZDI",
"id": "ZDI-21-037"
},
{
"db": "ZDI",
"id": "ZDI-21-036"
},
{
"db": "ZDI",
"id": "ZDI-21-035"
},
{
"db": "ZDI",
"id": "ZDI-21-034"
},
{
"db": "ZDI",
"id": "ZDI-21-032"
},
{
"db": "ZDI",
"id": "ZDI-21-029"
},
{
"db": "ZDI",
"id": "ZDI-21-028"
}
],
"trust": 5.6
},
"cve": "CVE-2020-27275",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2020-27275",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2021-04430",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-27275",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 5.6,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-001001",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 2.4,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-27275",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2020-27275",
"trust": 5.6,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2021-001001",
"trust": 2.4,
"value": "High"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2020-27275",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-04430",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-255",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-038"
},
{
"db": "ZDI",
"id": "ZDI-21-037"
},
{
"db": "ZDI",
"id": "ZDI-21-036"
},
{
"db": "ZDI",
"id": "ZDI-21-035"
},
{
"db": "ZDI",
"id": "ZDI-21-034"
},
{
"db": "ZDI",
"id": "ZDI-21-032"
},
{
"db": "ZDI",
"id": "ZDI-21-029"
},
{
"db": "ZDI",
"id": "ZDI-21-028"
},
{
"db": "CNVD",
"id": "CNVD-2021-04430"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001001"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001001"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001001"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-255"
},
{
"db": "NVD",
"id": "CVE-2020-27275"
}
]
},
"description": {
"_id": null,
"data": "Delta Electronics DOPSoft Version 4.0.8.21 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code. Delta Electronics Provides HMI Related product DOPSoft and CNCSoft ScreenEditor The following multiple vulnerabilities exist in. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DPA files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. DOPSoft is a human-machine interface (HMI) programming software launched by Delta Electronics",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-27275"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001001"
},
{
"db": "ZDI",
"id": "ZDI-21-038"
},
{
"db": "ZDI",
"id": "ZDI-21-037"
},
{
"db": "ZDI",
"id": "ZDI-21-036"
},
{
"db": "ZDI",
"id": "ZDI-21-035"
},
{
"db": "ZDI",
"id": "ZDI-21-034"
},
{
"db": "ZDI",
"id": "ZDI-21-032"
},
{
"db": "ZDI",
"id": "ZDI-21-029"
},
{
"db": "ZDI",
"id": "ZDI-21-028"
},
{
"db": "CNVD",
"id": "CNVD-2021-04430"
}
],
"trust": 7.2
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-27275",
"trust": 8.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-005-05",
"trust": 3.0
},
{
"db": "ZDI",
"id": "ZDI-21-038",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-21-037",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-21-036",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-21-035",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-21-034",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-21-032",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-21-029",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-21-028",
"trust": 2.3
},
{
"db": "ICS CERT",
"id": "ICSA-21-005-06",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU91044574",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001001",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11662",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11660",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11666",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11658",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11664",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11661",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11645",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11644",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-04430",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0045",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202101-255",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-038"
},
{
"db": "ZDI",
"id": "ZDI-21-037"
},
{
"db": "ZDI",
"id": "ZDI-21-036"
},
{
"db": "ZDI",
"id": "ZDI-21-035"
},
{
"db": "ZDI",
"id": "ZDI-21-034"
},
{
"db": "ZDI",
"id": "ZDI-21-032"
},
{
"db": "ZDI",
"id": "ZDI-21-029"
},
{
"db": "ZDI",
"id": "ZDI-21-028"
},
{
"db": "CNVD",
"id": "CNVD-2021-04430"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001001"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-255"
},
{
"db": "NVD",
"id": "CVE-2020-27275"
}
]
},
"id": "VAR-202101-0356",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-04430"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-04430"
}
]
},
"last_update_date": "2024-11-23T21:51:06.283000Z",
"patch": {
"_id": null,
"data": [
{
"title": "",
"trust": 5.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-05"
},
{
"title": "CNCSoft - Delta | Download Center",
"trust": 0.8,
"url": "https://downloadcenter.deltaww.com/en-US/DownloadCenter?v=1\u0026CID=06\u0026itemID=060202\u0026dataType=8"
},
{
"title": "DOPSoft - Delta | Download Center",
"trust": 0.8,
"url": "https://downloadcenter.deltaww.com/en-US/DownloadCenter?v=1\u0026CID=06\u0026itemID=060302\u0026dataType=8\u0026q=DOPSoft"
},
{
"title": "Patch for DOPSoft out-of-bounds write vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/244816"
},
{
"title": "Delta Electronics Industrial Automation DOPSoft Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138909"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-038"
},
{
"db": "ZDI",
"id": "ZDI-21-037"
},
{
"db": "ZDI",
"id": "ZDI-21-036"
},
{
"db": "ZDI",
"id": "ZDI-21-035"
},
{
"db": "ZDI",
"id": "ZDI-21-034"
},
{
"db": "ZDI",
"id": "ZDI-21-032"
},
{
"db": "ZDI",
"id": "ZDI-21-029"
},
{
"db": "ZDI",
"id": "ZDI-21-028"
},
{
"db": "CNVD",
"id": "CNVD-2021-04430"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001001"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-255"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-787",
"trust": 1.8
},
{
"problemtype": "CWE-121",
"trust": 0.8
},
{
"problemtype": "CWE-822",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001001"
},
{
"db": "NVD",
"id": "CVE-2020-27275"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 9.2,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-05"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-028/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-038/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-029/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-035/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-034/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-037/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-036/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-032/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27275"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27277"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27281"
},
{
"trust": 0.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-06"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu91044574"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0045/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27275"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-038"
},
{
"db": "ZDI",
"id": "ZDI-21-037"
},
{
"db": "ZDI",
"id": "ZDI-21-036"
},
{
"db": "ZDI",
"id": "ZDI-21-035"
},
{
"db": "ZDI",
"id": "ZDI-21-034"
},
{
"db": "ZDI",
"id": "ZDI-21-032"
},
{
"db": "ZDI",
"id": "ZDI-21-029"
},
{
"db": "ZDI",
"id": "ZDI-21-028"
},
{
"db": "CNVD",
"id": "CNVD-2021-04430"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001001"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-255"
},
{
"db": "NVD",
"id": "CVE-2020-27275"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-21-038",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-21-037",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-21-036",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-21-035",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-21-034",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-21-032",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-21-029",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-21-028",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2021-04430",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001001",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202101-255",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-27275",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-01-14T00:00:00",
"db": "ZDI",
"id": "ZDI-21-038",
"ident": null
},
{
"date": "2021-01-14T00:00:00",
"db": "ZDI",
"id": "ZDI-21-037",
"ident": null
},
{
"date": "2021-01-14T00:00:00",
"db": "ZDI",
"id": "ZDI-21-036",
"ident": null
},
{
"date": "2021-01-14T00:00:00",
"db": "ZDI",
"id": "ZDI-21-035",
"ident": null
},
{
"date": "2021-01-14T00:00:00",
"db": "ZDI",
"id": "ZDI-21-034",
"ident": null
},
{
"date": "2021-01-14T00:00:00",
"db": "ZDI",
"id": "ZDI-21-032",
"ident": null
},
{
"date": "2021-01-14T00:00:00",
"db": "ZDI",
"id": "ZDI-21-029",
"ident": null
},
{
"date": "2021-01-14T00:00:00",
"db": "ZDI",
"id": "ZDI-21-028",
"ident": null
},
{
"date": "2021-01-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-04430",
"ident": null
},
{
"date": "2021-01-07T07:38:37",
"db": "JVNDB",
"id": "JVNDB-2021-001001",
"ident": null
},
{
"date": "2021-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-255",
"ident": null
},
{
"date": "2021-01-11T16:15:15.147000",
"db": "NVD",
"id": "CVE-2020-27275",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-01-14T00:00:00",
"db": "ZDI",
"id": "ZDI-21-038",
"ident": null
},
{
"date": "2021-01-14T00:00:00",
"db": "ZDI",
"id": "ZDI-21-037",
"ident": null
},
{
"date": "2021-01-14T00:00:00",
"db": "ZDI",
"id": "ZDI-21-036",
"ident": null
},
{
"date": "2021-01-14T00:00:00",
"db": "ZDI",
"id": "ZDI-21-035",
"ident": null
},
{
"date": "2021-01-14T00:00:00",
"db": "ZDI",
"id": "ZDI-21-034",
"ident": null
},
{
"date": "2021-01-14T00:00:00",
"db": "ZDI",
"id": "ZDI-21-032",
"ident": null
},
{
"date": "2021-01-14T00:00:00",
"db": "ZDI",
"id": "ZDI-21-029",
"ident": null
},
{
"date": "2021-01-14T00:00:00",
"db": "ZDI",
"id": "ZDI-21-028",
"ident": null
},
{
"date": "2021-01-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-04430",
"ident": null
},
{
"date": "2021-01-07T07:38:37",
"db": "JVNDB",
"id": "JVNDB-2021-001001",
"ident": null
},
{
"date": "2021-01-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-255",
"ident": null
},
{
"date": "2024-11-21T05:20:58.840000",
"db": "NVD",
"id": "CVE-2020-27275",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-255"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Delta Industrial Automation DOPSoft XLS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-038"
},
{
"db": "ZDI",
"id": "ZDI-21-037"
},
{
"db": "ZDI",
"id": "ZDI-21-036"
},
{
"db": "ZDI",
"id": "ZDI-21-035"
},
{
"db": "ZDI",
"id": "ZDI-21-034"
},
{
"db": "ZDI",
"id": "ZDI-21-032"
},
{
"db": "ZDI",
"id": "ZDI-21-029"
}
],
"trust": 4.9
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-255"
}
],
"trust": 0.6
}
}
var-202109-1255
Vulnerability from variot
Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in multiple out-of-bounds write instances. An attacker could leverage this vulnerability to execute code in the context of the current process. Delta Electronics Provided by the company DOPSoft 2 The following multiple vulnerabilities exist in. * Stack-based buffer overflow ( CWE-121 ) - CVE-2021-38402 ‥ * Out-of-bounds writing ( CWE-787 ) - CVE-2021-38406 ‥ * Heap-based buffer overflow ( CWE-122 ) - CVE-2021-38404When loading a specially crafted project file, malicious code is executed with the privileges of the process in which the product runs. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of XLS files. Delta Electronics DOPSoft is a set of Human-Machine Interface (HMI) software of Taiwan Delta Electronics (Delta Electronics). Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-1255",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dopsoft",
"scope": "lte",
"trust": 1.0,
"vendor": "deltaww",
"version": "2.00.07"
},
{
"model": "dopsoft",
"scope": "gte",
"trust": 1.0,
"vendor": "deltaww",
"version": "2.00"
},
{
"model": "dopsoft 2",
"scope": "lte",
"trust": 0.8,
"vendor": "delta",
"version": "2.00.07 and earlier"
},
{
"model": "dopsoft 2",
"scope": "eq",
"trust": 0.8,
"vendor": "delta",
"version": null
},
{
"model": "dopsoft",
"scope": null,
"trust": 0.7,
"vendor": "delta industrial automation",
"version": null
},
{
"model": "electronics dopsoft",
"scope": "eq",
"trust": 0.6,
"vendor": "delta",
"version": "2\u003c=2.00.07"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-960"
},
{
"db": "CNVD",
"id": "CNVD-2021-70155"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002380"
},
{
"db": "NVD",
"id": "CVE-2021-38406"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "kimiya",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-960"
}
],
"trust": 0.7
},
"cve": "CVE-2021-38406",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-38406",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2021-70155",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-38406",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-002380",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-38406",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-38406",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2021-38406",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2021-002380",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2021-38406",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-70155",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202109-541",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-38406",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-960"
},
{
"db": "CNVD",
"id": "CNVD-2021-70155"
},
{
"db": "VULMON",
"id": "CVE-2021-38406"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002380"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-541"
},
{
"db": "NVD",
"id": "CVE-2021-38406"
},
{
"db": "NVD",
"id": "CVE-2021-38406"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in multiple out-of-bounds write instances. An attacker could leverage this vulnerability to execute code in the context of the current process. Delta Electronics Provided by the company DOPSoft 2 The following multiple vulnerabilities exist in. * Stack-based buffer overflow ( CWE-121 ) - CVE-2021-38402 \u2025 * Out-of-bounds writing ( CWE-787 ) - CVE-2021-38406 \u2025 * Heap-based buffer overflow ( CWE-122 ) - CVE-2021-38404When loading a specially crafted project file, malicious code is executed with the privileges of the process in which the product runs. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of XLS files. Delta Electronics DOPSoft is a set of Human-Machine Interface (HMI) software of Taiwan Delta Electronics (Delta Electronics). Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-38406"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002380"
},
{
"db": "ZDI",
"id": "ZDI-21-960"
},
{
"db": "CNVD",
"id": "CNVD-2021-70155"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-38406"
}
],
"trust": 3.42
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-38406",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-21-252-02",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU95804712",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002380",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-13127",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-21-960",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-70155",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021091004",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3042",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202109-541",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-38406",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-960"
},
{
"db": "CNVD",
"id": "CNVD-2021-70155"
},
{
"db": "VULMON",
"id": "CVE-2021-38406"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002380"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-541"
},
{
"db": "NVD",
"id": "CVE-2021-38406"
}
]
},
"id": "VAR-202109-1255",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-70155"
}
],
"trust": 1.5642857000000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-70155"
}
]
},
"last_update_date": "2024-08-14T12:24:55.079000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Contact\u00a0Us",
"trust": 0.8,
"url": "https://www.deltaww.com/en/customerService"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002380"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Heap-based buffer overflow (CWE-122) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002380"
},
{
"db": "NVD",
"id": "CVE-2021-38406"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-252-02"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95804712/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-38406"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3042"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021091004"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-70155"
},
{
"db": "VULMON",
"id": "CVE-2021-38406"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002380"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-541"
},
{
"db": "NVD",
"id": "CVE-2021-38406"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-21-960"
},
{
"db": "CNVD",
"id": "CNVD-2021-70155"
},
{
"db": "VULMON",
"id": "CVE-2021-38406"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002380"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-541"
},
{
"db": "NVD",
"id": "CVE-2021-38406"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-09T00:00:00",
"db": "ZDI",
"id": "ZDI-21-960"
},
{
"date": "2021-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-70155"
},
{
"date": "2021-09-17T00:00:00",
"db": "VULMON",
"id": "CVE-2021-38406"
},
{
"date": "2021-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002380"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-09-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-541"
},
{
"date": "2021-09-17T19:15:08.710000",
"db": "NVD",
"id": "CVE-2021-38406"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-09T00:00:00",
"db": "ZDI",
"id": "ZDI-21-960"
},
{
"date": "2022-01-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-70155"
},
{
"date": "2021-10-04T00:00:00",
"db": "VULMON",
"id": "CVE-2021-38406"
},
{
"date": "2021-09-13T06:46:00",
"db": "JVNDB",
"id": "JVNDB-2021-002380"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-541"
},
{
"date": "2021-10-04T18:13:12.250000",
"db": "NVD",
"id": "CVE-2021-38406"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-541"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta\u00a0Electronics\u00a0 Made \u00a0DOPSoft\u00a02\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002380"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-201806-0552
Vulnerability from variot
Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length stack buffer where a value larger than the buffer can be read from a .dpa file into the buffer, causing the buffer to be overwritten. This may allow remote code execution or cause the application to crash. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of fields in DPA files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Delta Electronics Delta Industrial Automation DOPSoft is a set of human interface applications from Delta Electronics. A remote code-execution vulnerability 2. A stack-based buffer-overflow vulnerability 3. Failed attacks will cause denial of service conditions. DOPSoft 4.00.04 and prior are vulnerable
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "delta industrial automation dopsoft",
"scope": "lte",
"trust": 1.0,
"vendor": "deltaww",
"version": "4.00.04"
},
{
"_id": null,
"model": "industrial automation dopsoft",
"scope": "lte",
"trust": 0.8,
"vendor": "delta",
"version": "4.00.04"
},
{
"_id": null,
"model": "dopsoft",
"scope": null,
"trust": 0.7,
"vendor": "delta industrial automation",
"version": null
},
{
"_id": null,
"model": "electronics delta industrial automation dopsoft",
"scope": "lte",
"trust": 0.6,
"vendor": "delta",
"version": "\u003c=4.00.04"
},
{
"_id": null,
"model": "delta industrial automation dopsoft",
"scope": "eq",
"trust": 0.6,
"vendor": "deltaww",
"version": "4.00.04"
},
{
"_id": null,
"model": "electronics inc dopsoft",
"scope": "eq",
"trust": 0.3,
"vendor": "delta",
"version": "4.0.4"
},
{
"_id": null,
"model": "electronics inc dopsoft",
"scope": "eq",
"trust": 0.3,
"vendor": "delta",
"version": "4.0.1"
},
{
"_id": null,
"model": "electronics inc dopsoft",
"scope": "eq",
"trust": 0.3,
"vendor": "delta",
"version": "2.0.5"
},
{
"_id": null,
"model": "electronics inc dopsoft",
"scope": "eq",
"trust": 0.3,
"vendor": "delta",
"version": "2.00.04.09"
},
{
"_id": null,
"model": "electronics inc dopsoft",
"scope": "ne",
"trust": 0.3,
"vendor": "delta",
"version": "4.00.04.22"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "delta industrial automation dopsoft",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2ff8c21-39ab-11e9-a399-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-538"
},
{
"db": "CNVD",
"id": "CNVD-2018-12139"
},
{
"db": "BID",
"id": "104375"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006532"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-811"
},
{
"db": "NVD",
"id": "CVE-2018-10621"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:delta_electronics:delta_industrial_automation_dopsoft",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006532"
}
]
},
"credits": {
"_id": null,
"data": "B0nd @garagehackers",
"sources": [
{
"db": "BID",
"id": "104375"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-811"
}
],
"trust": 0.9
},
"cve": "CVE-2018-10621",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-10621",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-10621",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-12139",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e2ff8c21-39ab-11e9-a399-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-10621",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-10621",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-10621",
"trust": 0.8,
"value": "Critical"
},
{
"author": "ZDI",
"id": "CVE-2018-10621",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-12139",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201806-811",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2ff8c21-39ab-11e9-a399-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2ff8c21-39ab-11e9-a399-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-538"
},
{
"db": "CNVD",
"id": "CNVD-2018-12139"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006532"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-811"
},
{
"db": "NVD",
"id": "CVE-2018-10621"
}
]
},
"description": {
"_id": null,
"data": "Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length stack buffer where a value larger than the buffer can be read from a .dpa file into the buffer, causing the buffer to be overwritten. This may allow remote code execution or cause the application to crash. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of fields in DPA files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Delta Electronics Delta Industrial Automation DOPSoft is a set of human interface applications from Delta Electronics. A remote code-execution vulnerability\n2. A stack-based buffer-overflow vulnerability\n3. Failed attacks will cause denial of service conditions. \nDOPSoft 4.00.04 and prior are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10621"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006532"
},
{
"db": "ZDI",
"id": "ZDI-18-538"
},
{
"db": "CNVD",
"id": "CNVD-2018-12139"
},
{
"db": "BID",
"id": "104375"
},
{
"db": "IVD",
"id": "e2ff8c21-39ab-11e9-a399-000c29342cb1"
}
],
"trust": 3.24
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2018-10621",
"trust": 4.2
},
{
"db": "ICS CERT",
"id": "ICSA-18-151-01",
"trust": 3.3
},
{
"db": "BID",
"id": "104375",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2018-12139",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201806-811",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006532",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-6057",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-538",
"trust": 0.7
},
{
"db": "IVD",
"id": "E2FF8C21-39AB-11E9-A399-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2ff8c21-39ab-11e9-a399-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-538"
},
{
"db": "CNVD",
"id": "CNVD-2018-12139"
},
{
"db": "BID",
"id": "104375"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006532"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-811"
},
{
"db": "NVD",
"id": "CVE-2018-10621"
}
]
},
"id": "VAR-201806-0552",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2ff8c21-39ab-11e9-a399-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12139"
}
],
"trust": 1.7285714
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2ff8c21-39ab-11e9-a399-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12139"
}
]
},
"last_update_date": "2024-11-23T22:41:49.910000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.deltaww.com/"
},
{
"title": "Delta Industrial Automation has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-01"
},
{
"title": "Delta Industrial Automation DOPSoft Buffer Overflow Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/132873"
},
{
"title": "Delta Industrial Automation DOPSoft Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81329"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-538"
},
{
"db": "CNVD",
"id": "CNVD-2018-12139"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006532"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-811"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
},
{
"problemtype": "CWE-121",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006532"
},
{
"db": "NVD",
"id": "CVE-2018-10621"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 4.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-151-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/104375"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10621"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10621"
},
{
"trust": 0.3,
"url": "http://www.deltaww.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-538"
},
{
"db": "CNVD",
"id": "CNVD-2018-12139"
},
{
"db": "BID",
"id": "104375"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006532"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-811"
},
{
"db": "NVD",
"id": "CVE-2018-10621"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "e2ff8c21-39ab-11e9-a399-000c29342cb1",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-538",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2018-12139",
"ident": null
},
{
"db": "BID",
"id": "104375",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006532",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201806-811",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2018-10621",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2018-06-27T00:00:00",
"db": "IVD",
"id": "e2ff8c21-39ab-11e9-a399-000c29342cb1",
"ident": null
},
{
"date": "2018-06-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-538",
"ident": null
},
{
"date": "2018-06-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12139",
"ident": null
},
{
"date": "2018-05-31T00:00:00",
"db": "BID",
"id": "104375",
"ident": null
},
{
"date": "2018-08-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006532",
"ident": null
},
{
"date": "2018-06-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-811",
"ident": null
},
{
"date": "2018-06-18T19:29:00.247000",
"db": "NVD",
"id": "CVE-2018-10621",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2018-06-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-538",
"ident": null
},
{
"date": "2018-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12139",
"ident": null
},
{
"date": "2018-05-31T00:00:00",
"db": "BID",
"id": "104375",
"ident": null
},
{
"date": "2018-08-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006532",
"ident": null
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-811",
"ident": null
},
{
"date": "2024-11-21T03:41:40.947000",
"db": "NVD",
"id": "CVE-2018-10621",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-811"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Delta Industrial Automation DOPSoft Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2ff8c21-39ab-11e9-a399-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12139"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "e2ff8c21-39ab-11e9-a399-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-811"
}
],
"trust": 0.8
}
}
var-201806-0576
Vulnerability from variot
Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length heap buffer where a value larger than the buffer can be read from a .dpa file into the buffer, causing the buffer to be overwritten. This may allow remote code execution or cause the application to crash. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of fields in DPA files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Delta Electronics Delta Industrial Automation DOPSoft is a set of human interface applications from Delta Electronics. A remote code-execution vulnerability 2. A stack-based buffer-overflow vulnerability 3. Failed attacks will cause denial of service conditions. DOPSoft 4.00.04 and prior are vulnerable
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "delta industrial automation dopsoft",
"scope": "lte",
"trust": 1.0,
"vendor": "deltaww",
"version": "4.00.04"
},
{
"_id": null,
"model": "industrial automation dopsoft",
"scope": "lte",
"trust": 0.8,
"vendor": "delta",
"version": "4.00.04"
},
{
"_id": null,
"model": "dopsoft",
"scope": null,
"trust": 0.7,
"vendor": "delta industrial automation",
"version": null
},
{
"_id": null,
"model": "electronics delta industrial automation dopsoft",
"scope": "lte",
"trust": 0.6,
"vendor": "delta",
"version": "\u003c=4.00.04"
},
{
"_id": null,
"model": "delta industrial automation dopsoft",
"scope": "eq",
"trust": 0.6,
"vendor": "deltaww",
"version": "4.00.04"
},
{
"_id": null,
"model": "electronics inc dopsoft",
"scope": "eq",
"trust": 0.3,
"vendor": "delta",
"version": "4.0.4"
},
{
"_id": null,
"model": "electronics inc dopsoft",
"scope": "eq",
"trust": 0.3,
"vendor": "delta",
"version": "4.0.1"
},
{
"_id": null,
"model": "electronics inc dopsoft",
"scope": "eq",
"trust": 0.3,
"vendor": "delta",
"version": "2.0.5"
},
{
"_id": null,
"model": "electronics inc dopsoft",
"scope": "eq",
"trust": 0.3,
"vendor": "delta",
"version": "2.00.04.09"
},
{
"_id": null,
"model": "electronics inc dopsoft",
"scope": "ne",
"trust": 0.3,
"vendor": "delta",
"version": "4.00.04.22"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "delta industrial automation dopsoft",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e3007681-39ab-11e9-9ce6-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-536"
},
{
"db": "CNVD",
"id": "CNVD-2018-12140"
},
{
"db": "BID",
"id": "104375"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006533"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-810"
},
{
"db": "NVD",
"id": "CVE-2018-10617"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:delta_electronics:delta_industrial_automation_dopsoft",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006533"
}
]
},
"credits": {
"_id": null,
"data": "B0nd @garagehackers",
"sources": [
{
"db": "BID",
"id": "104375"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-810"
}
],
"trust": 0.9
},
"cve": "CVE-2018-10617",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-10617",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-10617",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-12140",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e3007681-39ab-11e9-9ce6-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-10617",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-10617",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-10617",
"trust": 0.8,
"value": "Critical"
},
{
"author": "ZDI",
"id": "CVE-2018-10617",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-12140",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201806-810",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e3007681-39ab-11e9-9ce6-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e3007681-39ab-11e9-9ce6-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-536"
},
{
"db": "CNVD",
"id": "CNVD-2018-12140"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006533"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-810"
},
{
"db": "NVD",
"id": "CVE-2018-10617"
}
]
},
"description": {
"_id": null,
"data": "Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length heap buffer where a value larger than the buffer can be read from a .dpa file into the buffer, causing the buffer to be overwritten. This may allow remote code execution or cause the application to crash. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of fields in DPA files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Delta Electronics Delta Industrial Automation DOPSoft is a set of human interface applications from Delta Electronics. A remote code-execution vulnerability\n2. A stack-based buffer-overflow vulnerability\n3. Failed attacks will cause denial of service conditions. \nDOPSoft 4.00.04 and prior are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10617"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006533"
},
{
"db": "ZDI",
"id": "ZDI-18-536"
},
{
"db": "CNVD",
"id": "CNVD-2018-12140"
},
{
"db": "BID",
"id": "104375"
},
{
"db": "IVD",
"id": "e3007681-39ab-11e9-9ce6-000c29342cb1"
}
],
"trust": 3.24
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2018-10617",
"trust": 4.2
},
{
"db": "ICS CERT",
"id": "ICSA-18-151-01",
"trust": 3.3
},
{
"db": "BID",
"id": "104375",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2018-12140",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201806-810",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006533",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-5974",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-536",
"trust": 0.7
},
{
"db": "IVD",
"id": "E3007681-39AB-11E9-9CE6-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e3007681-39ab-11e9-9ce6-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-536"
},
{
"db": "CNVD",
"id": "CNVD-2018-12140"
},
{
"db": "BID",
"id": "104375"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006533"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-810"
},
{
"db": "NVD",
"id": "CVE-2018-10617"
}
]
},
"id": "VAR-201806-0576",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "e3007681-39ab-11e9-9ce6-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12140"
}
],
"trust": 1.7285714
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e3007681-39ab-11e9-9ce6-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12140"
}
]
},
"last_update_date": "2024-11-23T22:41:49.999000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.deltaww.com/"
},
{
"title": "Delta Industrial Automation has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-01"
},
{
"title": "Patch for Delta Industrial Automation DOPSoft Heap Buffer Overflow Vulnerability (CNVD-2018-12140)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/132875"
},
{
"title": "Delta Industrial Automation DOPSoft Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81328"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-536"
},
{
"db": "CNVD",
"id": "CNVD-2018-12140"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006533"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-810"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
},
{
"problemtype": "CWE-122",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006533"
},
{
"db": "NVD",
"id": "CVE-2018-10617"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 4.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-151-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/104375"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10617"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10617"
},
{
"trust": 0.3,
"url": "http://www.deltaww.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-536"
},
{
"db": "CNVD",
"id": "CNVD-2018-12140"
},
{
"db": "BID",
"id": "104375"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006533"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-810"
},
{
"db": "NVD",
"id": "CVE-2018-10617"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "e3007681-39ab-11e9-9ce6-000c29342cb1",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-536",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2018-12140",
"ident": null
},
{
"db": "BID",
"id": "104375",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006533",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201806-810",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2018-10617",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2018-06-27T00:00:00",
"db": "IVD",
"id": "e3007681-39ab-11e9-9ce6-000c29342cb1",
"ident": null
},
{
"date": "2018-06-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-536",
"ident": null
},
{
"date": "2018-06-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12140",
"ident": null
},
{
"date": "2018-05-31T00:00:00",
"db": "BID",
"id": "104375",
"ident": null
},
{
"date": "2018-08-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006533",
"ident": null
},
{
"date": "2018-06-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-810",
"ident": null
},
{
"date": "2018-06-18T19:29:00.217000",
"db": "NVD",
"id": "CVE-2018-10617",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2018-06-05T00:00:00",
"db": "ZDI",
"id": "ZDI-18-536",
"ident": null
},
{
"date": "2018-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12140",
"ident": null
},
{
"date": "2018-05-31T00:00:00",
"db": "BID",
"id": "104375",
"ident": null
},
{
"date": "2018-08-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006533",
"ident": null
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-810",
"ident": null
},
{
"date": "2024-11-21T03:41:40.460000",
"db": "NVD",
"id": "CVE-2018-10617",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-810"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Delta Electronics Delta Industrial Automation DOPSoft Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006533"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "e3007681-39ab-11e9-9ce6-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-810"
}
],
"trust": 0.8
}
}
cve-2023-0123
Vulnerability from cvelistv5
Published
2023-02-02 22:57
Modified
2025-01-16 21:58
Severity ?
EPSS score ?
Summary
Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Delta Industrial Automation | DOPSoft |
Version: all versions < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:02:43.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-031-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0123",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T20:32:04.009740Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:58:05.233Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DOPSoft",
"vendor": "Delta Industrial Automation",
"versions": [
{
"lessThanOrEqual": "4.00.16.22",
"status": "affected",
"version": "all versions",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Natnael Samson (@NattiSamson), working with Trend Micro\u2019s Zero Day Initiative"
}
],
"datePublic": "2023-01-31T15:45:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDelta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software.\u003c/p\u003e"
}
],
"value": "Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-02T22:57:48.508Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-031-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDelta Electronics released \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://deltaiastudio.b2clogin.com/deltaiastudio.onmicrosoft.com/oauth2/v2.0/authorize?p=b2c_1_diastudiosigninup\u0026amp;client_id=9092aab8-5ccc-4a8a-a76a-59b00b7d0d52\u0026amp;redirect_uri=https%3a%2f%2fdiastudio.deltaww.com%2f\u0026amp;response_mode=form_post\u0026amp;response_type=id_token\u0026amp;scope=openid\u0026amp;state=OpenIdConnect.AuthenticationProperties%3dtSXw0hKpEQ9vkkvdbqbshwzywJBnOgHxqapYQrEFN1e07YOvSVHV4JuCnsD_u70KLfNuS1hKhM-fxE-PWfcOiK5DvJawVerhuz5N06I2xkJWLrZ0yh9PwixawgeMnt-gu8pNLCmqRH8jRkrirPp2XMz3lu8Qd1AmJGdk9xRhIziSEbdEjF0X8r2D4klk7yno\u0026amp;nonce=638084927799189443.NTVmNmFmNDMtYjNmMC00ZWY0LWI3ZjQtYzA0NTI0NTE5MTVmODE0MGU5ZGItNDhhMy00MDI5LTk4NWQtYzUxNjJkOGJiYmI1\u0026amp;ui_locales=en-US\u0026amp;x-client-SKU=ID_NET\u0026amp;x-client-ver=1.0.40306.1554#catalog\"\u003eversion 1.3.0 of DIAScreen\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;(login required) and recommends users to use DIAScreen instead of DOPSoft. \u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nDelta Electronics released version 1.3.0 of DIAScreen https://deltaiastudio.b2clogin.com/deltaiastudio.onmicrosoft.com/oauth2/v2.0/authorize \u00a0(login required) and recommends users to use DIAScreen instead of DOPSoft. \n\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "CVE-2023-0123",
"x_generator": {
"engine": "VINCE 2.0.6",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-0123"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-0123",
"datePublished": "2023-02-02T22:57:48.508Z",
"dateReserved": "2023-01-09T19:11:48.371Z",
"dateUpdated": "2025-01-16T21:58:05.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0124
Vulnerability from cvelistv5
Published
2023-02-02 22:59
Modified
2025-01-16 21:57
Severity ?
EPSS score ?
Summary
Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to an out-of-bounds write, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Delta Industrial Automation | DOPSoft |
Version: all versions < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:02:43.633Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-031-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0124",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T20:31:59.899586Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:57:57.817Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DOPSoft",
"vendor": "Delta Industrial Automation",
"versions": [
{
"lessThanOrEqual": "4.00.16.22",
"status": "affected",
"version": "all versions",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Natnael Samson (@NattiSamson), working with Trend Micro\u2019s Zero Day Initiative"
}
],
"datePublic": "2023-01-31T15:48:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDelta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to an out-of-bounds write, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software.\u003c/p\u003e"
}
],
"value": "Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to an out-of-bounds write, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-02T22:59:15.110Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-031-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDelta Electronics released \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://deltaiastudio.b2clogin.com/deltaiastudio.onmicrosoft.com/oauth2/v2.0/authorize?p=b2c_1_diastudiosigninup\u0026amp;client_id=9092aab8-5ccc-4a8a-a76a-59b00b7d0d52\u0026amp;redirect_uri=https%3a%2f%2fdiastudio.deltaww.com%2f\u0026amp;response_mode=form_post\u0026amp;response_type=id_token\u0026amp;scope=openid\u0026amp;state=OpenIdConnect.AuthenticationProperties%3dtSXw0hKpEQ9vkkvdbqbshwzywJBnOgHxqapYQrEFN1e07YOvSVHV4JuCnsD_u70KLfNuS1hKhM-fxE-PWfcOiK5DvJawVerhuz5N06I2xkJWLrZ0yh9PwixawgeMnt-gu8pNLCmqRH8jRkrirPp2XMz3lu8Qd1AmJGdk9xRhIziSEbdEjF0X8r2D4klk7yno\u0026amp;nonce=638084927799189443.NTVmNmFmNDMtYjNmMC00ZWY0LWI3ZjQtYzA0NTI0NTE5MTVmODE0MGU5ZGItNDhhMy00MDI5LTk4NWQtYzUxNjJkOGJiYmI1\u0026amp;ui_locales=en-US\u0026amp;x-client-SKU=ID_NET\u0026amp;x-client-ver=1.0.40306.1554#catalog\"\u003eversion 1.3.0 of DIAScreen\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;(login required) and recommends users to use DIAScreen instead of DOPSoft. \u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nDelta Electronics released version 1.3.0 of DIAScreen https://deltaiastudio.b2clogin.com/deltaiastudio.onmicrosoft.com/oauth2/v2.0/authorize \u00a0(login required) and recommends users to use DIAScreen instead of DOPSoft. \n\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "CVE-2023-0124",
"x_generator": {
"engine": "VINCE 2.0.6",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-0124"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-0124",
"datePublished": "2023-02-02T22:59:15.110Z",
"dateReserved": "2023-01-09T19:11:50.213Z",
"dateUpdated": "2025-01-16T21:57:57.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}