Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    49 vulnerabilities by Delta Industrial Automation

    VAR-201803-1810

    Vulnerability from variot - Updated: 2024-07-23 22:41

    A Stack-based Buffer Overflow issue was discovered in Delta Electronics Delta Industrial Automation DOPSoft, Version 4.00.01 or prior. Stack-based buffer overflow vulnerabilities caused by processing specially crafted .dop or .dpb files may allow an attacker to remotely execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of the BackgroundMacro structure in a DPA file. An attacker can leverage this vulnerability to execute code under the context of the current process. Failed exploit attempts will likely cause a denial-of-service condition. Versions prior to DOPSoft 4.00.04 are vulnerable

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "dopsoft",
            "scope": null,
            "trust": 9.1,
            "vendor": "delta industrial automation",
            "version": null
          },
          {
            "_id": null,
            "model": "delta industrial automation dopsoft",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "deltaww",
            "version": "4.00.01"
          },
          {
            "_id": null,
            "model": "industrial automation dopsoft",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "delta",
            "version": "4.00.01"
          },
          {
            "_id": null,
            "model": "electronics delta industrial automation dopsoft",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "delta",
            "version": "\u003c=4.00.01"
          },
          {
            "_id": null,
            "model": "delta industrial automation dopsoft",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "deltaww",
            "version": "4.00.01"
          },
          {
            "_id": null,
            "model": "electronics inc dopsoft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "4.0.1"
          },
          {
            "_id": null,
            "model": "electronics inc dopsoft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "2.0.5"
          },
          {
            "_id": null,
            "model": "electronics inc dopsoft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "2.00.04.09"
          },
          {
            "_id": null,
            "model": "electronics inc dopsoft",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "delta",
            "version": "4.0.4"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "delta industrial automation dopsoft",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2ff6511-39ab-11e9-8816-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-234"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-229"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-228"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-222"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-233"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-227"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-220"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-231"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-226"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-230"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-232"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-221"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-224"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-04098"
          },
          {
            "db": "BID",
            "id": "103195"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003080"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-561"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5476"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:deltaww:delta_industrial_automation_dopsoft:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.00.01",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-5476"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Ghirmay Desta",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-234"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-229"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-228"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-222"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-233"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-227"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-220"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-231"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-226"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-230"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-232"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-221"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-224"
          }
        ],
        "trust": 9.1
      },
      "cve": "CVE-2018-5476",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-5476",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 9.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2018-04098",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "e2ff6511-39ab-11e9-8816-000c29342cb1",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-5476",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2018-5476",
                "trust": 9.1,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-5476",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-04098",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201803-561",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "e2ff6511-39ab-11e9-8816-000c29342cb1",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2ff6511-39ab-11e9-8816-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-234"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-229"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-228"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-222"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-233"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-227"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-220"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-231"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-226"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-230"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-232"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-221"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-224"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-04098"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003080"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-561"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5476"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "A Stack-based Buffer Overflow issue was discovered in Delta Electronics Delta Industrial Automation DOPSoft, Version 4.00.01 or prior. Stack-based buffer overflow vulnerabilities caused by processing specially crafted .dop or .dpb files may allow an attacker to remotely execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of the BackgroundMacro structure in a DPA file. An attacker can leverage this vulnerability to execute code under the context of the current process. Failed exploit attempts will likely cause a denial-of-service condition. \nVersions prior to DOPSoft 4.00.04 are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-5476"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003080"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-231"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-224"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-221"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-232"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-230"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-234"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-226"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-220"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-227"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-233"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-222"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-228"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-229"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-04098"
          },
          {
            "db": "BID",
            "id": "103195"
          },
          {
            "db": "IVD",
            "id": "e2ff6511-39ab-11e9-8816-000c29342cb1"
          }
        ],
        "trust": 10.8
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-5476",
            "trust": 12.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-060-03",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "103195",
            "trust": 1.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-04098",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-561",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003080",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5286",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-234",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5275",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-229",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5274",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-228",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5267",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-222",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5285",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-233",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5272",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-227",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5265",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-220",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5283",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-231",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5271",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-226",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5276",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-230",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5284",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-232",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5266",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-221",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5269",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-224",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "E2FF6511-39AB-11E9-8816-000C29342CB1",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2ff6511-39ab-11e9-8816-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-234"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-229"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-228"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-222"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-233"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-227"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-220"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-231"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-226"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-230"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-232"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-221"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-224"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-04098"
          },
          {
            "db": "BID",
            "id": "103195"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003080"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-561"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5476"
          }
        ]
      },
      "id": "VAR-201803-1810",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2ff6511-39ab-11e9-8816-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-04098"
          }
        ],
        "trust": 1.7285714
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2ff6511-39ab-11e9-8816-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-04098"
          }
        ]
      },
      "last_update_date": "2024-07-23T22:41:17.171000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Delta Industrial Automation has issued an update to correct this vulnerability.",
            "trust": 9.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-060-03"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.deltaww.com/"
          },
          {
            "title": "Delta Electronics Delta Industrial Automation patch for DOPSoft heap buffer overflow vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/120063"
          },
          {
            "title": "Delta Electronics Delta Industrial Automation DOPSoft Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79197"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-234"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-229"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-228"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-222"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-233"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-227"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-220"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-231"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-226"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-230"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-232"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-221"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-224"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-04098"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003080"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-561"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-119",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003080"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5476"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 12.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-060-03"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/103195"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5476"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5476"
          },
          {
            "trust": 0.3,
            "url": "http://www.deltaww.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-234"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-229"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-228"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-222"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-233"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-227"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-220"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-231"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-226"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-230"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-232"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-221"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-224"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-04098"
          },
          {
            "db": "BID",
            "id": "103195"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003080"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-561"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5476"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "IVD",
            "id": "e2ff6511-39ab-11e9-8816-000c29342cb1",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-234",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-229",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-228",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-222",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-233",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-227",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-220",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-231",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-226",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-230",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-232",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-221",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-224",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-04098",
            "ident": null
          },
          {
            "db": "BID",
            "id": "103195",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003080",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-561",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5476",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2018-03-02T00:00:00",
            "db": "IVD",
            "id": "e2ff6511-39ab-11e9-8816-000c29342cb1",
            "ident": null
          },
          {
            "date": "2018-03-02T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-234",
            "ident": null
          },
          {
            "date": "2018-03-02T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-229",
            "ident": null
          },
          {
            "date": "2018-03-02T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-228",
            "ident": null
          },
          {
            "date": "2018-03-02T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-222",
            "ident": null
          },
          {
            "date": "2018-03-02T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-233",
            "ident": null
          },
          {
            "date": "2018-03-02T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-227",
            "ident": null
          },
          {
            "date": "2018-03-02T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-220",
            "ident": null
          },
          {
            "date": "2018-03-02T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-231",
            "ident": null
          },
          {
            "date": "2018-03-02T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-226",
            "ident": null
          },
          {
            "date": "2018-03-02T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-230",
            "ident": null
          },
          {
            "date": "2018-03-02T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-232",
            "ident": null
          },
          {
            "date": "2018-03-02T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-221",
            "ident": null
          },
          {
            "date": "2018-03-02T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-224",
            "ident": null
          },
          {
            "date": "2018-03-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-04098",
            "ident": null
          },
          {
            "date": "2018-03-01T00:00:00",
            "db": "BID",
            "id": "103195",
            "ident": null
          },
          {
            "date": "2018-05-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-003080",
            "ident": null
          },
          {
            "date": "2018-03-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-561",
            "ident": null
          },
          {
            "date": "2018-03-15T23:29:00.470000",
            "db": "NVD",
            "id": "CVE-2018-5476",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2018-03-02T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-234",
            "ident": null
          },
          {
            "date": "2018-03-02T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-229",
            "ident": null
          },
          {
            "date": "2018-03-02T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-228",
            "ident": null
          },
          {
            "date": "2018-03-02T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-222",
            "ident": null
          },
          {
            "date": "2018-03-02T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-233",
            "ident": null
          },
          {
            "date": "2018-03-02T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-227",
            "ident": null
          },
          {
            "date": "2018-03-02T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-220",
            "ident": null
          },
          {
            "date": "2018-03-02T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-231",
            "ident": null
          },
          {
            "date": "2018-03-02T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-226",
            "ident": null
          },
          {
            "date": "2018-03-02T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-230",
            "ident": null
          },
          {
            "date": "2018-03-02T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-232",
            "ident": null
          },
          {
            "date": "2018-03-02T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-221",
            "ident": null
          },
          {
            "date": "2018-03-02T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-224",
            "ident": null
          },
          {
            "date": "2018-11-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-04098",
            "ident": null
          },
          {
            "date": "2018-03-01T00:00:00",
            "db": "BID",
            "id": "103195",
            "ident": null
          },
          {
            "date": "2018-05-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-003080",
            "ident": null
          },
          {
            "date": "2020-09-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-561",
            "ident": null
          },
          {
            "date": "2020-09-18T16:08:42.277000",
            "db": "NVD",
            "id": "CVE-2018-5476",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-561"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Delta Electronics Delta Industrial Automation DOPSoft Buffer error vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003080"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-561"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "_id": null,
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "e2ff6511-39ab-11e9-8816-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-561"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201702-0423

    Vulnerability from variot - Updated: 2024-07-23 22:40

    An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to2.10.10. There are multiple instances of heap-based buffer overflows that may allow malicious files to cause the execution of arbitrary code or a denial of service. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of data from a LAD file. A crafted length element can trigger an overflow of a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Delta Electronics WPLSoft and others are software control platforms used by Delta Electronics to edit the Delta DVP series of programmable logic controllers (PLCs). A heap buffer overflow vulnerability exists in several Delta Electronics products

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201702-0423",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wplsoft",
            "scope": null,
            "trust": 6.3,
            "vendor": "delta industrial automation",
            "version": null
          },
          {
            "model": "ispsoft",
            "scope": null,
            "trust": 2.1,
            "vendor": "delta industrial automation",
            "version": null
          },
          {
            "model": "ispsoft",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "delta",
            "version": null
          },
          {
            "model": "pmsoft",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "delta",
            "version": null
          },
          {
            "model": "wplsoft",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "delta",
            "version": null
          },
          {
            "model": "electronics inc ispsoft",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "delta",
            "version": "3.0"
          },
          {
            "model": "electronics inc pmsoft",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "delta",
            "version": "2.0"
          },
          {
            "model": "electronics inc wplsoft",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "delta",
            "version": "2.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "ispsoft",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "pmsoft",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "wplsoft",
            "version": null
          },
          {
            "model": "electronics inc wplsoft",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "delta",
            "version": "2.42.11"
          },
          {
            "model": "electronics inc pmsoft",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "delta",
            "version": "2.10.10"
          },
          {
            "model": "electronics inc ispsoft",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "delta",
            "version": "3.02.11"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "c1b2c178-9e7c-41ad-b334-53f292b6a7f0"
          },
          {
            "db": "IVD",
            "id": "e300285f-39ab-11e9-9115-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-661"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-648"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-653"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-659"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-649"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-651"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-656"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-650"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-654"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-658"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-662"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-657"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-12683"
          },
          {
            "db": "BID",
            "id": "94887"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-509"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5805"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:delta_electronics:pmsoft:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:delta_electronics:ispsoft:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:delta_electronics:wplsoft:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-5805"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "axt",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-661"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-648"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-653"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-659"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-649"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-651"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-656"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-650"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-654"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-658"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-662"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-657"
          }
        ],
        "trust": 8.4
      },
      "cve": "CVE-2016-5805",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2016-5805",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 7.0,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2016-5805",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.1,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 4.9,
                "id": "CVE-2016-5805",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2016-12683",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "c1b2c178-9e7c-41ad-b334-53f292b6a7f0",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "e300285f-39ab-11e9-9115-000c29342cb1",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-94624",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2016-5805",
                "trust": 7.7,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-5805",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "ZDI",
                "id": "CVE-2016-5805",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-12683",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201612-509",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "c1b2c178-9e7c-41ad-b334-53f292b6a7f0",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "e300285f-39ab-11e9-9115-000c29342cb1",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-94624",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "c1b2c178-9e7c-41ad-b334-53f292b6a7f0"
          },
          {
            "db": "IVD",
            "id": "e300285f-39ab-11e9-9115-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-661"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-648"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-653"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-659"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-649"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-651"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-656"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-650"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-654"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-658"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-662"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-657"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-12683"
          },
          {
            "db": "VULHUB",
            "id": "VHN-94624"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-509"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5805"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to2.10.10. There are multiple instances of heap-based buffer overflows that may allow malicious files to cause the execution of arbitrary code or a denial of service. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft.  User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of data from a LAD file.  A crafted length element can trigger an overflow of a fixed-length heap-based buffer.  An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Delta Electronics WPLSoft and others are software control platforms used by Delta Electronics to edit the Delta DVP series of programmable logic controllers (PLCs). A heap buffer overflow vulnerability exists in several Delta Electronics products",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-5805"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-651"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-657"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-662"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-658"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-654"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-656"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-650"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-649"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-659"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-653"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-648"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-661"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-12683"
          },
          {
            "db": "BID",
            "id": "94887"
          },
          {
            "db": "IVD",
            "id": "e300285f-39ab-11e9-9115-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "c1b2c178-9e7c-41ad-b334-53f292b6a7f0"
          },
          {
            "db": "VULHUB",
            "id": "VHN-94624"
          }
        ],
        "trust": 9.72
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-5805",
            "trust": 11.4
          },
          {
            "db": "BID",
            "id": "94887",
            "trust": 2.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-16-348-03",
            "trust": 2.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-509",
            "trust": 1.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-12683",
            "trust": 1.0
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3915",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-661",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3865",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-648",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3930",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-653",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3916",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-659",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3859",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-649",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3909",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-651",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3911",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-656",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3860",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-650",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3931",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-654",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3913",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-658",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-4016",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-662",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3912",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-657",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "C1B2C178-9E7C-41AD-B334-53F292B6A7F0",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "E300285F-39AB-11E9-9115-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-94624",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "c1b2c178-9e7c-41ad-b334-53f292b6a7f0"
          },
          {
            "db": "IVD",
            "id": "e300285f-39ab-11e9-9115-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-661"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-648"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-653"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-659"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-649"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-651"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-656"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-650"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-654"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-658"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-662"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-657"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-12683"
          },
          {
            "db": "VULHUB",
            "id": "VHN-94624"
          },
          {
            "db": "BID",
            "id": "94887"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-509"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5805"
          }
        ]
      },
      "id": "VAR-201702-0423",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "c1b2c178-9e7c-41ad-b334-53f292b6a7f0"
          },
          {
            "db": "IVD",
            "id": "e300285f-39ab-11e9-9115-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-12683"
          },
          {
            "db": "VULHUB",
            "id": "VHN-94624"
          }
        ],
        "trust": 1.7291666650000002
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "c1b2c178-9e7c-41ad-b334-53f292b6a7f0"
          },
          {
            "db": "IVD",
            "id": "e300285f-39ab-11e9-9115-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-12683"
          }
        ]
      },
      "last_update_date": "2024-07-23T22:40:53.160000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Delta Industrial Automation has issued an update to correct this vulnerability.",
            "trust": 8.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-348-03"
          },
          {
            "title": "Patches for Multiple Delta Electronics Product Heap Buffer Overflow Vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/86302"
          },
          {
            "title": "Multiple Delta Electronics Product security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=66543"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-661"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-648"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-653"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-659"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-649"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-651"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-656"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-650"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-654"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-658"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-662"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-657"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-12683"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-509"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-94624"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5805"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 10.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-348-03"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/94887"
          },
          {
            "trust": 0.6,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-348-03#footnotea_6tkr584"
          },
          {
            "trust": 0.3,
            "url": "http://www.deltaww.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-661"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-648"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-653"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-659"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-649"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-651"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-656"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-650"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-654"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-658"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-662"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-657"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-12683"
          },
          {
            "db": "VULHUB",
            "id": "VHN-94624"
          },
          {
            "db": "BID",
            "id": "94887"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-509"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5805"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "c1b2c178-9e7c-41ad-b334-53f292b6a7f0"
          },
          {
            "db": "IVD",
            "id": "e300285f-39ab-11e9-9115-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-661"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-648"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-653"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-659"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-649"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-651"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-656"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-650"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-654"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-658"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-662"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-657"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-12683"
          },
          {
            "db": "VULHUB",
            "id": "VHN-94624"
          },
          {
            "db": "BID",
            "id": "94887"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-509"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5805"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-12-21T00:00:00",
            "db": "IVD",
            "id": "c1b2c178-9e7c-41ad-b334-53f292b6a7f0"
          },
          {
            "date": "2016-12-21T00:00:00",
            "db": "IVD",
            "id": "e300285f-39ab-11e9-9115-000c29342cb1"
          },
          {
            "date": "2016-12-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-661"
          },
          {
            "date": "2016-12-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-648"
          },
          {
            "date": "2016-12-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-653"
          },
          {
            "date": "2016-12-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-659"
          },
          {
            "date": "2016-12-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-649"
          },
          {
            "date": "2016-12-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-651"
          },
          {
            "date": "2016-12-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-656"
          },
          {
            "date": "2016-12-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-650"
          },
          {
            "date": "2016-12-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-654"
          },
          {
            "date": "2016-12-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-658"
          },
          {
            "date": "2016-12-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-662"
          },
          {
            "date": "2016-12-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-657"
          },
          {
            "date": "2016-12-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-12683"
          },
          {
            "date": "2017-02-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-94624"
          },
          {
            "date": "2016-12-14T00:00:00",
            "db": "BID",
            "id": "94887"
          },
          {
            "date": "2016-12-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201612-509"
          },
          {
            "date": "2017-02-13T21:59:00.393000",
            "db": "NVD",
            "id": "CVE-2016-5805"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-12-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-661"
          },
          {
            "date": "2016-12-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-648"
          },
          {
            "date": "2016-12-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-653"
          },
          {
            "date": "2016-12-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-659"
          },
          {
            "date": "2016-12-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-649"
          },
          {
            "date": "2016-12-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-651"
          },
          {
            "date": "2016-12-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-656"
          },
          {
            "date": "2016-12-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-650"
          },
          {
            "date": "2016-12-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-654"
          },
          {
            "date": "2016-12-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-658"
          },
          {
            "date": "2016-12-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-662"
          },
          {
            "date": "2016-12-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-657"
          },
          {
            "date": "2018-11-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-12683"
          },
          {
            "date": "2017-03-14T00:00:00",
            "db": "VULHUB",
            "id": "VHN-94624"
          },
          {
            "date": "2016-12-20T01:09:00",
            "db": "BID",
            "id": "94887"
          },
          {
            "date": "2016-12-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201612-509"
          },
          {
            "date": "2017-03-14T19:01:27.053000",
            "db": "NVD",
            "id": "CVE-2016-5805"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-509"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Delta Industrial Automation WPLSoft DVP File Parsing Heap-Based Buffer Overflow Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-648"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-656"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-657"
          }
        ],
        "trust": 2.1
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer overflow",
        "sources": [
          {
            "db": "IVD",
            "id": "c1b2c178-9e7c-41ad-b334-53f292b6a7f0"
          },
          {
            "db": "IVD",
            "id": "e300285f-39ab-11e9-9115-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-509"
          }
        ],
        "trust": 1.0
      }
    }

    VAR-201805-1147

    Vulnerability from variot - Updated: 2024-07-23 22:32

    WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length heap buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash. Delta Electronics WPLSoft Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of dvp files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. Delta Industrial Automation is the industry automation vendor for power management and cooling solutions worldwide. The length of the data provided by the user is not verified. WPLSoft (Delta PLC programming software) is a PLC program programming software used by Delta Electronics in the WINDOWS operating system environment. Delta Electronics WPLSoft has a heap buffer overflow vulnerability. Execute or cause the application to crash. A stack-based buffer-overflow vulnerability 2. A heap-based buffer-overflow vulnerability 3. Delta Industrial WPLSoft Version 2.45.0 and prior versions are vulnerable

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "wplsoft",
            "scope": null,
            "trust": 3.5,
            "vendor": "delta industrial automation",
            "version": null
          },
          {
            "_id": null,
            "model": "industrial automation wplsoft",
            "scope": null,
            "trust": 1.2,
            "vendor": "delta",
            "version": null
          },
          {
            "_id": null,
            "model": "wplsoft",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "deltaww",
            "version": "2.45.0"
          },
          {
            "_id": null,
            "model": "electronics wplsoft",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "delta",
            "version": "\u003c=2.45.0"
          },
          {
            "_id": null,
            "model": "industrial automation wplsoft",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "delta",
            "version": "*"
          },
          {
            "_id": null,
            "model": "wplsoft",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "delta",
            "version": "2.45.0"
          },
          {
            "_id": null,
            "model": "wplsoft",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "deltaww",
            "version": "2.45.0"
          },
          {
            "_id": null,
            "model": "electronics inc wplsoft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "2.45.0"
          },
          {
            "_id": null,
            "model": "electronics inc wplsoft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "2.42.11"
          },
          {
            "_id": null,
            "model": "electronics inc wplsoft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "electronics inc wplsoft",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "delta",
            "version": "2.46.0"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e3004f6e-39ab-11e9-a5a2-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "e3000150-39ab-11e9-9ca4-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "e4e1f909-5d49-466d-ac98-cdbbb329c50d"
          },
          {
            "db": "IVD",
            "id": "e8dd53be-8850-484e-ab8a-bc308c7f1c64"
          },
          {
            "db": "IVD",
            "id": "e300285e-39ab-11e9-83a1-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-705"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-703"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-704"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-699"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-702"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22821"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22824"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03768"
          },
          {
            "db": "BID",
            "id": "103179"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004571"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-768"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7507"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:deltaww:wplsoft:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.45.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-7507"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "axt",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-705"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-703"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-704"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-699"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-702"
          }
        ],
        "trust": 3.5
      },
      "cve": "CVE-2018-7507",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-7507",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 2.3,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-7507",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 1.4,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.1,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 4.9,
                "id": "CVE-2018-7507",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-22821",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2017-22824",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.7,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-03768",
                "impactScore": 9.5,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.7,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "e3004f6e-39ab-11e9-a5a2-000c29342cb1",
                "impactScore": 9.5,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "e3000150-39ab-11e9-9ca4-000c29342cb1",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "e4e1f909-5d49-466d-ac98-cdbbb329c50d",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "e8dd53be-8850-484e-ab8a-bc308c7f1c64",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "e300285e-39ab-11e9-83a1-000c29342cb1",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-7507",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2018-7507",
                "trust": 2.1,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-7507",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "ZDI",
                "id": "CVE-2018-7507",
                "trust": 1.4,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-22821",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-22824",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-03768",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201803-768",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "e3004f6e-39ab-11e9-a5a2-000c29342cb1",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "e3000150-39ab-11e9-9ca4-000c29342cb1",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "e4e1f909-5d49-466d-ac98-cdbbb329c50d",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "e8dd53be-8850-484e-ab8a-bc308c7f1c64",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "e300285e-39ab-11e9-83a1-000c29342cb1",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-7507",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e3004f6e-39ab-11e9-a5a2-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "e3000150-39ab-11e9-9ca4-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "e4e1f909-5d49-466d-ac98-cdbbb329c50d"
          },
          {
            "db": "IVD",
            "id": "e8dd53be-8850-484e-ab8a-bc308c7f1c64"
          },
          {
            "db": "IVD",
            "id": "e300285e-39ab-11e9-83a1-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-705"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-703"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-704"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-699"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-702"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22821"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22824"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03768"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-7507"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004571"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-768"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7507"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length heap buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash. Delta Electronics WPLSoft Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of dvp files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. Delta Industrial Automation is the industry automation vendor for power management and cooling solutions worldwide. The length of the data provided by the user is not verified. WPLSoft (Delta PLC programming software) is a PLC program programming software used by Delta Electronics in the WINDOWS operating system environment. Delta Electronics WPLSoft has a heap buffer overflow vulnerability. Execute or cause the application to crash. A stack-based buffer-overflow vulnerability\n2. A heap-based buffer-overflow vulnerability\n3. \nDelta Industrial WPLSoft  Version 2.45.0 and prior versions are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-7507"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004571"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-703"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-702"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-704"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-699"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-705"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22821"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22824"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03768"
          },
          {
            "db": "BID",
            "id": "103179"
          },
          {
            "db": "IVD",
            "id": "e300285e-39ab-11e9-83a1-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "e3000150-39ab-11e9-9ca4-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "e8dd53be-8850-484e-ab8a-bc308c7f1c64"
          },
          {
            "db": "IVD",
            "id": "e4e1f909-5d49-466d-ac98-cdbbb329c50d"
          },
          {
            "db": "IVD",
            "id": "e3004f6e-39ab-11e9-a5a2-000c29342cb1"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-7507"
          }
        ],
        "trust": 7.65
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-7507",
            "trust": 7.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-058-02",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "103179",
            "trust": 2.0
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-705",
            "trust": 1.3
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-702",
            "trust": 1.3
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22821",
            "trust": 1.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22824",
            "trust": 1.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03768",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-768",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004571",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-4442",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-4436",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-703",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-4441",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-704",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-4439",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-699",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-4440",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "E3004F6E-39AB-11E9-A5A2-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "E3000150-39AB-11E9-9CA4-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "E4E1F909-5D49-466D-AC98-CDBBB329C50D",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "E8DD53BE-8850-484E-AB8A-BC308C7F1C64",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "E300285E-39AB-11E9-83A1-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-7507",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e3004f6e-39ab-11e9-a5a2-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "e3000150-39ab-11e9-9ca4-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "e4e1f909-5d49-466d-ac98-cdbbb329c50d"
          },
          {
            "db": "IVD",
            "id": "e8dd53be-8850-484e-ab8a-bc308c7f1c64"
          },
          {
            "db": "IVD",
            "id": "e300285e-39ab-11e9-83a1-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-705"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-703"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-704"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-699"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-702"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22821"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22824"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03768"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-7507"
          },
          {
            "db": "BID",
            "id": "103179"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004571"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-768"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7507"
          }
        ]
      },
      "id": "VAR-201805-1147",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e3004f6e-39ab-11e9-a5a2-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "e3000150-39ab-11e9-9ca4-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "e4e1f909-5d49-466d-ac98-cdbbb329c50d"
          },
          {
            "db": "IVD",
            "id": "e8dd53be-8850-484e-ab8a-bc308c7f1c64"
          },
          {
            "db": "IVD",
            "id": "e300285e-39ab-11e9-83a1-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22821"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22824"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03768"
          }
        ],
        "trust": 3.7166666666666663
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 2.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e3004f6e-39ab-11e9-a5a2-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "e3000150-39ab-11e9-9ca4-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "e4e1f909-5d49-466d-ac98-cdbbb329c50d"
          },
          {
            "db": "IVD",
            "id": "e8dd53be-8850-484e-ab8a-bc308c7f1c64"
          },
          {
            "db": "IVD",
            "id": "e300285e-39ab-11e9-83a1-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22821"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22824"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03768"
          }
        ]
      },
      "last_update_date": "2024-07-23T22:32:10.966000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Delta Industrial Automation has issued an update to correct this vulnerability.        This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.02/01/17 - ZDI disclosed reports to ICS-CERT02/07/17 - ICS-CERT provided ZDI with an ICS-VU # ICS-VU-97456803/16/17 - ICS-CERT asked ZDI questions about reproduction03/27/17 - ICS-CERT asked ZDI again some questions about reproduction06/07/17 - ICS-CERT offered ZDI a pre-release patch to test06/07/17 - ZDI replied that we cannot do the testing for the vendor07/20/17 - ZDI sent a mail to ICS-CERT asking the status07/26/17 - ICS-CERT advised that the vendor has a new version they believe addressed the reports (though to ZDI knowledge, no advisory was released)08/02/17 - ZDI advised ICS-CERT that our finder indicated that the vulnerabilities are still present08/11/17 - ZDI wrote ICS-CERT to indicate the intention to move these reports to 0-day on 8/24-- Mitigation:Given the nature of the vulnerability the only salient mitigation strategy is to restrict interaction with the application to trusted files.",
            "trust": 3.5,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-058-02"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.deltaww.com/"
          },
          {
            "title": "Patch for Delta Industrial Automation WPLSoft dvp File Buffer Buffer Overflow Vulnerability (CNVD-2017-228214)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/143677"
          },
          {
            "title": "Delta Industrial Automation WPLSoft dvp file heap buffer overflow vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/143683"
          },
          {
            "title": "Patch for Delta Electronics WPLSoft Heap Buffer Overflow Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/119165"
          },
          {
            "title": "Delta Electronics WPLSoft Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79354"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-705"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-703"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-704"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-699"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-702"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22821"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22824"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03768"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004571"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-768"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004571"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7507"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 7.0,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-058-02"
          },
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/103179"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7507"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7507"
          },
          {
            "trust": 0.6,
            "url": "http://www.zerodayinitiative.com/advisories/zdi-17-702/"
          },
          {
            "trust": 0.6,
            "url": "http://www.zerodayinitiative.com/advisories/zdi-17-705/"
          },
          {
            "trust": 0.3,
            "url": "http://www.deltaww.com/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/119.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-705"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-703"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-704"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-699"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-702"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22821"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22824"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03768"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-7507"
          },
          {
            "db": "BID",
            "id": "103179"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004571"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-768"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7507"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "IVD",
            "id": "e3004f6e-39ab-11e9-a5a2-000c29342cb1",
            "ident": null
          },
          {
            "db": "IVD",
            "id": "e3000150-39ab-11e9-9ca4-000c29342cb1",
            "ident": null
          },
          {
            "db": "IVD",
            "id": "e4e1f909-5d49-466d-ac98-cdbbb329c50d",
            "ident": null
          },
          {
            "db": "IVD",
            "id": "e8dd53be-8850-484e-ab8a-bc308c7f1c64",
            "ident": null
          },
          {
            "db": "IVD",
            "id": "e300285e-39ab-11e9-83a1-000c29342cb1",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-705",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-703",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-704",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-699",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-702",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22821",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22824",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03768",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-7507",
            "ident": null
          },
          {
            "db": "BID",
            "id": "103179",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004571",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-768",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7507",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2018-02-28T00:00:00",
            "db": "IVD",
            "id": "e3004f6e-39ab-11e9-a5a2-000c29342cb1",
            "ident": null
          },
          {
            "date": "2017-08-25T00:00:00",
            "db": "IVD",
            "id": "e3000150-39ab-11e9-9ca4-000c29342cb1",
            "ident": null
          },
          {
            "date": "2017-08-25T00:00:00",
            "db": "IVD",
            "id": "e4e1f909-5d49-466d-ac98-cdbbb329c50d",
            "ident": null
          },
          {
            "date": "2017-08-25T00:00:00",
            "db": "IVD",
            "id": "e8dd53be-8850-484e-ab8a-bc308c7f1c64",
            "ident": null
          },
          {
            "date": "2017-08-25T00:00:00",
            "db": "IVD",
            "id": "e300285e-39ab-11e9-83a1-000c29342cb1",
            "ident": null
          },
          {
            "date": "2017-08-24T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-705",
            "ident": null
          },
          {
            "date": "2017-08-24T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-703",
            "ident": null
          },
          {
            "date": "2017-08-24T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-704",
            "ident": null
          },
          {
            "date": "2017-08-24T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-699",
            "ident": null
          },
          {
            "date": "2017-08-24T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-702",
            "ident": null
          },
          {
            "date": "2017-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-22821",
            "ident": null
          },
          {
            "date": "2017-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-22824",
            "ident": null
          },
          {
            "date": "2018-02-28T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-03768",
            "ident": null
          },
          {
            "date": "2018-05-04T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-7507",
            "ident": null
          },
          {
            "date": "2018-02-27T00:00:00",
            "db": "BID",
            "id": "103179",
            "ident": null
          },
          {
            "date": "2018-06-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-004571",
            "ident": null
          },
          {
            "date": "2018-03-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-768",
            "ident": null
          },
          {
            "date": "2018-05-04T19:29:00.313000",
            "db": "NVD",
            "id": "CVE-2018-7507",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2018-03-28T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-705",
            "ident": null
          },
          {
            "date": "2018-03-28T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-703",
            "ident": null
          },
          {
            "date": "2018-03-28T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-704",
            "ident": null
          },
          {
            "date": "2018-03-28T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-699",
            "ident": null
          },
          {
            "date": "2018-03-28T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-702",
            "ident": null
          },
          {
            "date": "2018-11-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-22821",
            "ident": null
          },
          {
            "date": "2018-11-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-22824",
            "ident": null
          },
          {
            "date": "2018-11-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-03768",
            "ident": null
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-7507",
            "ident": null
          },
          {
            "date": "2018-02-27T00:00:00",
            "db": "BID",
            "id": "103179",
            "ident": null
          },
          {
            "date": "2018-06-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-004571",
            "ident": null
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-768",
            "ident": null
          },
          {
            "date": "2019-10-09T23:42:20.707000",
            "db": "NVD",
            "id": "CVE-2018-7507",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-768"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "(0Day) Delta Industrial Automation WPLSoft dvp File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-705"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-703"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-704"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-702"
          }
        ],
        "trust": 2.8
      },
      "type": {
        "_id": null,
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "e3004f6e-39ab-11e9-a5a2-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-768"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201904-1019

    Vulnerability from variot - Updated: 2024-01-20 23:04

    Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple out-of-bounds read vulnerabilities may be exploited, allowing information disclosure due to a lack of user input validation for processing specially crafted project files. Delta CNCSoft ScreenEditor Contains an out-of-bounds vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of DPB files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the Administrator. Multiple stack-based buffer-overflow vulnerabilities 2. Multiple heap-based buffer-overflow vulnerabilities 3

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201904-1019",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "cncsoft",
            "scope": null,
            "trust": 3.5,
            "vendor": "delta industrial automation",
            "version": null
          },
          {
            "model": "cncsoft screeneditor",
            "scope": null,
            "trust": 2.8,
            "vendor": "delta industrial automation",
            "version": null
          },
          {
            "model": "cncsoft screeneditor",
            "scope": null,
            "trust": 1.4,
            "vendor": "delta",
            "version": null
          },
          {
            "model": "cncsoft screeneditor",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "deltaww",
            "version": "1.00.88"
          },
          {
            "model": "screeneditor",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "delta",
            "version": "1.00.88"
          },
          {
            "model": "electronics inc cncsoft screeneditor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "1.0.88"
          },
          {
            "model": "electronics inc cncsoft screeneditor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "1.0.84"
          },
          {
            "model": "electronics inc cncsoft screeneditor",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "delta",
            "version": "1.0.89"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-406"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-407"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-419"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-411"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-412"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-409"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-416"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-418"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-413"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-415"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-414"
          },
          {
            "db": "BID",
            "id": "107989"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003484"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10949"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:deltaww:cncsoft_screeneditor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.00.88",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-10949"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Natnael Samson (@NattiSamson)",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-406"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-407"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-419"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-411"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-412"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-409"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-418"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-413"
          }
        ],
        "trust": 5.6
      },
      "cve": "CVE-2019-10949",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2019-10949",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.8,
                "id": "CVE-2019-10949",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 7.7,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-10949",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2019-10949",
                "trust": 7.7,
                "value": "LOW"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-10949",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201904-788",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-406"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-407"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-419"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-411"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-412"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-409"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-416"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-418"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-413"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-415"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-414"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003484"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-788"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10949"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple out-of-bounds read vulnerabilities may be exploited, allowing information disclosure due to a lack of user input validation for processing specially crafted project files. Delta CNCSoft ScreenEditor Contains an out-of-bounds vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of DPB files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the Administrator. Multiple stack-based buffer-overflow vulnerabilities\n2. Multiple heap-based buffer-overflow vulnerabilities\n3",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-10949"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003484"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-406"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-407"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-419"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-411"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-412"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-409"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-416"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-418"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-413"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-415"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-414"
          },
          {
            "db": "BID",
            "id": "107989"
          }
        ],
        "trust": 8.82
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-10949",
            "trust": 10.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-106-01",
            "trust": 2.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-406",
            "trust": 2.3
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-407",
            "trust": 2.3
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-419",
            "trust": 2.3
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-411",
            "trust": 2.3
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-412",
            "trust": 2.3
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-409",
            "trust": 2.3
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-416",
            "trust": 2.3
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-418",
            "trust": 2.3
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-413",
            "trust": 2.3
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-415",
            "trust": 2.3
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-414",
            "trust": 2.3
          },
          {
            "db": "BID",
            "id": "107989",
            "trust": 1.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003484",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-7814",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-7826",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-8061",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-7827",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-7945",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-7815",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-7962",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-8059",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-7947",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-7961",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-7960",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.1319",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-788",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-406"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-407"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-419"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-411"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-412"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-409"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-416"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-418"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-413"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-415"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-414"
          },
          {
            "db": "BID",
            "id": "107989"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003484"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-788"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10949"
          }
        ]
      },
      "id": "VAR-201904-1019",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.3
      },
      "last_update_date": "2024-01-20T23:04:51.324000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Delta Industrial Automation has issued an update to correct this vulnerability.",
            "trust": 7.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-106-01"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.deltaww.com/"
          },
          {
            "title": "Delta Electronics Delta Industrial Automation CNCSoft Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=91584"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-406"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-407"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-419"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-411"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-412"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-409"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-416"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-418"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-413"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-415"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-414"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003484"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-788"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-125",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003484"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10949"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 11.0,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-106-01"
          },
          {
            "trust": 2.2,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-19-419/"
          },
          {
            "trust": 2.2,
            "url": "http://www.securityfocus.com/bid/107989"
          },
          {
            "trust": 1.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-19-414/"
          },
          {
            "trust": 1.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-19-413/"
          },
          {
            "trust": 1.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-19-412/"
          },
          {
            "trust": 1.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-19-411/"
          },
          {
            "trust": 1.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-19-407/"
          },
          {
            "trust": 1.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-19-418/"
          },
          {
            "trust": 1.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-19-406/"
          },
          {
            "trust": 1.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-19-416/"
          },
          {
            "trust": 1.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-19-415/"
          },
          {
            "trust": 1.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-19-409/"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10949"
          },
          {
            "trust": 0.9,
            "url": "http://www.deltaww.com/services/downloadcenter2.aspx?secid=8\u0026pid=2\u0026tid=0\u0026cid=06\u0026itemid=060202\u0026typeid=1\u0026downloadid=\u0026title=\u0026datatype=8;\u0026check=1\u0026hl=en-us"
          },
          {
            "trust": 0.9,
            "url": "http://www.deltaww.com/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10949"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/79202"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-406"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-407"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-419"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-411"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-412"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-409"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-416"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-418"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-413"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-415"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-414"
          },
          {
            "db": "BID",
            "id": "107989"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003484"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-788"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10949"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-19-406"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-407"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-419"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-411"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-412"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-409"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-416"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-418"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-413"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-415"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-414"
          },
          {
            "db": "BID",
            "id": "107989"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003484"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-788"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10949"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-04-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-406"
          },
          {
            "date": "2019-04-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-407"
          },
          {
            "date": "2019-04-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-419"
          },
          {
            "date": "2019-04-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-411"
          },
          {
            "date": "2019-04-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-412"
          },
          {
            "date": "2019-04-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-409"
          },
          {
            "date": "2019-04-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-416"
          },
          {
            "date": "2019-04-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-418"
          },
          {
            "date": "2019-04-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-413"
          },
          {
            "date": "2019-04-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-415"
          },
          {
            "date": "2019-04-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-414"
          },
          {
            "date": "2019-04-16T00:00:00",
            "db": "BID",
            "id": "107989"
          },
          {
            "date": "2019-05-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-003484"
          },
          {
            "date": "2019-04-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201904-788"
          },
          {
            "date": "2019-04-17T15:29:00.783000",
            "db": "NVD",
            "id": "CVE-2019-10949"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-04-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-406"
          },
          {
            "date": "2019-04-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-407"
          },
          {
            "date": "2019-04-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-419"
          },
          {
            "date": "2019-04-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-411"
          },
          {
            "date": "2019-04-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-412"
          },
          {
            "date": "2019-04-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-409"
          },
          {
            "date": "2019-04-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-416"
          },
          {
            "date": "2019-04-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-418"
          },
          {
            "date": "2019-04-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-413"
          },
          {
            "date": "2024-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-415"
          },
          {
            "date": "2024-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-414"
          },
          {
            "date": "2019-04-16T00:00:00",
            "db": "BID",
            "id": "107989"
          },
          {
            "date": "2019-05-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-003484"
          },
          {
            "date": "2019-04-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201904-788"
          },
          {
            "date": "2019-10-09T23:45:04.290000",
            "db": "NVD",
            "id": "CVE-2019-10949"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "BID",
            "id": "107989"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-788"
          }
        ],
        "trust": 0.9
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Delta Industrial Automation CNCSoft ScreenEditor DPB Parsing Out-Of-Bounds Read Information Disclosure Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-416"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-415"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-414"
          }
        ],
        "trust": 2.1
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-788"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201806-0554

    Vulnerability from variot - Updated: 2023-12-18 13:52

    Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1) utilize a fixed-length stack buffer where an unverified length value can be read from the network packets via a specific network port, causing the buffer to be overwritten. This may allow remote code execution, cause the application to crash, or result in a denial-of-service condition in the application server. Delta Industrial Automation COMMGR Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation COMMGR. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of TCP packets sent to COMMGR. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of the COMMGR process. Delta Industrial Automation COMMGR is a communications management software from Delta Electronics. Failed exploit attempts will likely cause a denial-of-service condition. Industrial Automation COMMGR 1.08 and prior are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201806-0554",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "commgr",
            "scope": null,
            "trust": 2.8,
            "vendor": "delta industrial automation",
            "version": null
          },
          {
            "model": "commgr",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "deltaww",
            "version": "1.08"
          },
          {
            "model": "commgr",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "delta",
            "version": "1.08"
          },
          {
            "model": "electronics delta industrial automation commgr",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "delta",
            "version": "\u003c=1.08"
          },
          {
            "model": "electronics delta industrial automation commgr ahsim 5x0",
            "scope": null,
            "trust": 0.6,
            "vendor": "delta",
            "version": null
          },
          {
            "model": "electronics delta industrial automation commgr ahsim 5x1",
            "scope": null,
            "trust": 0.6,
            "vendor": "delta",
            "version": null
          },
          {
            "model": "electronics delta industrial automation commgr dvpsimulator eh2",
            "scope": null,
            "trust": 0.6,
            "vendor": "delta",
            "version": null
          },
          {
            "model": "electronics delta industrial automation commgr dvpsimulator eh3",
            "scope": null,
            "trust": 0.6,
            "vendor": "delta",
            "version": null
          },
          {
            "model": "electronics delta industrial automation commgr dvpsimulator es2",
            "scope": null,
            "trust": 0.6,
            "vendor": "delta",
            "version": null
          },
          {
            "model": "electronics delta industrial automation commgr dvpsimulator se",
            "scope": null,
            "trust": 0.6,
            "vendor": "delta",
            "version": null
          },
          {
            "model": "electronics delta industrial automation commgr dvpsimulator ss2",
            "scope": null,
            "trust": 0.6,
            "vendor": "delta",
            "version": null
          },
          {
            "model": "commgr",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "deltaww",
            "version": "1.08"
          },
          {
            "model": "electronics inc industrial automation commgr",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "1.08"
          },
          {
            "model": "electronics inc dvpsimulator ss2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "0"
          },
          {
            "model": "electronics inc dvpsimulator se",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "0"
          },
          {
            "model": "electronics inc dvpsimulator es2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "0"
          },
          {
            "model": "electronics inc dvpsimulator eh3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "0"
          },
          {
            "model": "electronics inc dvpsimulator eh2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "0"
          },
          {
            "model": "electronics inc ahsim",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "5x1"
          },
          {
            "model": "electronics inc ahsim",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "5x0"
          },
          {
            "model": "electronics inc industrial automation commgr",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "delta",
            "version": "1.09"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "commgr",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2ff3e01-39ab-11e9-a6a4-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-587"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-586"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-588"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-585"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12128"
          },
          {
            "db": "BID",
            "id": "104529"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006826"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10594"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-1170"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:a:deltaww:commgr:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.08",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:deltaww:dvpsimulator_h3:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:deltaww:dvpsimulator_es2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:deltaww:dvpsimulator_se:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:deltaww:dvpsimulator_ss2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:deltaww:dvpsimulator_ahsim_5x1:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:deltaww:dvpsimulator_eh2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:deltaww:dvpsimulator_ahsim_5x0:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-10594"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Anonymous",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-587"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-586"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-588"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-585"
          }
        ],
        "trust": 2.8
      },
      "cve": "CVE-2018-10594",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-10594",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 3.6,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-12128",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "e2ff3e01-39ab-11e9-a6a4-000c29342cb1",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-10594",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2018-10594",
                "trust": 2.8,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-10594",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-12128",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201806-1170",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "e2ff3e01-39ab-11e9-a6a4-000c29342cb1",
                "trust": 0.2,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2ff3e01-39ab-11e9-a6a4-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-587"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-586"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-588"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-585"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12128"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006826"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10594"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-1170"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1) utilize a fixed-length stack buffer where an unverified length value can be read from the network packets via a specific network port, causing the buffer to be overwritten. This may allow remote code execution, cause the application to crash, or result in a denial-of-service condition in the application server. Delta Industrial Automation COMMGR Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code  on vulnerable installations of Delta Industrial Automation COMMGR. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of TCP packets sent to COMMGR. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of the COMMGR process. Delta Industrial Automation COMMGR is a communications management software from Delta Electronics. Failed exploit attempts will likely cause a denial-of-service condition. \nIndustrial Automation COMMGR 1.08 and prior are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-10594"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006826"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-587"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-586"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-588"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-585"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12128"
          },
          {
            "db": "BID",
            "id": "104529"
          },
          {
            "db": "IVD",
            "id": "e2ff3e01-39ab-11e9-a6a4-000c29342cb1"
          }
        ],
        "trust": 5.13
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-10594",
            "trust": 6.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-172-01",
            "trust": 2.7
          },
          {
            "db": "BID",
            "id": "104529",
            "trust": 2.5
          },
          {
            "db": "EXPLOIT-DB",
            "id": "45574",
            "trust": 1.6
          },
          {
            "db": "EXPLOIT-DB",
            "id": "44965",
            "trust": 1.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12128",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-1170",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006826",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5668",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-587",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5666",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-586",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5667",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-588",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5665",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-585",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "E2FF3E01-39AB-11E9-A6A4-000C29342CB1",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2ff3e01-39ab-11e9-a6a4-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-587"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-586"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-588"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-585"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12128"
          },
          {
            "db": "BID",
            "id": "104529"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006826"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10594"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-1170"
          }
        ]
      },
      "id": "VAR-201806-0554",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2ff3e01-39ab-11e9-a6a4-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12128"
          }
        ],
        "trust": 1.8
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2ff3e01-39ab-11e9-a6a4-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12128"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:52:39.996000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Delta Industrial Automation has issued an update to correct this vulnerability.",
            "trust": 2.8,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-172-01"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.deltaww.com/"
          },
          {
            "title": "Patch for Delta Electronics Delta Industrial Automation COMMGR Buffer Overflow Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/132857"
          },
          {
            "title": "Delta Industrial Automation COMMGR Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=81478"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-587"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-586"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-588"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-585"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12128"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006826"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-1170"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006826"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10594"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 5.5,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-172-01"
          },
          {
            "trust": 2.8,
            "url": "http://www.securityfocus.com/bid/104529"
          },
          {
            "trust": 1.6,
            "url": "https://www.exploit-db.com/exploits/44965/"
          },
          {
            "trust": 1.6,
            "url": "https://www.exploit-db.com/exploits/45574/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10594"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10594"
          },
          {
            "trust": 0.3,
            "url": "http://www.deltaww.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-587"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-586"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-588"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-585"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12128"
          },
          {
            "db": "BID",
            "id": "104529"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006826"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10594"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-1170"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2ff3e01-39ab-11e9-a6a4-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-587"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-586"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-588"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-585"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12128"
          },
          {
            "db": "BID",
            "id": "104529"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006826"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10594"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-1170"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-06-27T00:00:00",
            "db": "IVD",
            "id": "e2ff3e01-39ab-11e9-a6a4-000c29342cb1"
          },
          {
            "date": "2018-06-26T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-587"
          },
          {
            "date": "2018-06-26T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-586"
          },
          {
            "date": "2018-06-26T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-588"
          },
          {
            "date": "2018-06-26T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-585"
          },
          {
            "date": "2018-06-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-12128"
          },
          {
            "date": "2018-06-21T00:00:00",
            "db": "BID",
            "id": "104529"
          },
          {
            "date": "2018-08-31T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-006826"
          },
          {
            "date": "2018-06-26T20:29:00.227000",
            "db": "NVD",
            "id": "CVE-2018-10594"
          },
          {
            "date": "2018-06-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201806-1170"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-06-26T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-587"
          },
          {
            "date": "2018-06-26T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-586"
          },
          {
            "date": "2018-06-26T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-588"
          },
          {
            "date": "2018-06-26T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-585"
          },
          {
            "date": "2018-11-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-12128"
          },
          {
            "date": "2018-06-21T00:00:00",
            "db": "BID",
            "id": "104529"
          },
          {
            "date": "2018-08-31T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-006826"
          },
          {
            "date": "2019-10-09T23:32:52.087000",
            "db": "NVD",
            "id": "CVE-2018-10594"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201806-1170"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-1170"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Delta Industrial Automation COMMGR Buffer error vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006826"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-1170"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "e2ff3e01-39ab-11e9-a6a4-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-1170"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201907-1460

    Vulnerability from variot - Updated: 2023-12-18 13:13

    Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and prior. Multiple out-of-bounds read vulnerabilities may cause information disclosure due to lacking user input validation for processing project files. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DPB files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of an administrator. Multiple heap-based buffer-overflow vulnerabilities 2. Multiple information disclosure vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201907-1460",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "cncsoft screeneditor",
            "scope": null,
            "trust": 1.4,
            "vendor": "delta industrial automation",
            "version": null
          },
          {
            "model": "cnssoft screeneditor",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "deltaww",
            "version": "1.00.89"
          },
          {
            "model": "screeneditor",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "delta",
            "version": "1.00.89"
          },
          {
            "model": "electronics inc cncsoft screeneditor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "1.0.89"
          },
          {
            "model": "electronics inc cncsoft screeneditor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "1.0.88"
          },
          {
            "model": "electronics inc cncsoft screeneditor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "1.0.84"
          },
          {
            "model": "electronics inc cncsoft screeneditor",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "delta",
            "version": "1.0.94"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-674"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-675"
          },
          {
            "db": "BID",
            "id": "109154"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006979"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10992"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:deltaww:cnssoft_screeneditor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.00.89",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-10992"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Natnael Samson (@NattiSamson)",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-674"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-675"
          }
        ],
        "trust": 1.4
      },
      "cve": "CVE-2019-10992",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2019-10992",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.8,
                "id": "CVE-2019-10992",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.4,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-10992",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2019-10992",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "ZDI",
                "id": "CVE-2019-10992",
                "trust": 1.4,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201907-711",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-674"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-675"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006979"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10992"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-711"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and prior. Multiple out-of-bounds read vulnerabilities may cause information disclosure due to lacking user input validation for processing project files. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DPB files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of an administrator. Multiple heap-based buffer-overflow vulnerabilities\n2. Multiple information disclosure vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-10992"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006979"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-674"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-675"
          },
          {
            "db": "BID",
            "id": "109154"
          }
        ],
        "trust": 3.15
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-10992",
            "trust": 4.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-192-01",
            "trust": 2.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-675",
            "trust": 1.3
          },
          {
            "db": "BID",
            "id": "109154",
            "trust": 0.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006979",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-8634",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-674",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-8648",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.2578",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-711",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-674"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-675"
          },
          {
            "db": "BID",
            "id": "109154"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006979"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10992"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-711"
          }
        ]
      },
      "id": "VAR-201907-1460",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.3
      },
      "last_update_date": "2023-12-18T13:13:21.527000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Delta Industrial Automation has issued an update to correct this vulnerability.",
            "trust": 1.4,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-192-01"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.deltaww.com/"
          },
          {
            "title": "Delta Electronics CNCSoft ScreenEditor Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=94737"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-674"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-675"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006979"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-711"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-125",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006979"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10992"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 4.1,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-192-01"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10992"
          },
          {
            "trust": 0.9,
            "url": "http://www.deltaww.com/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10992"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.2578/"
          },
          {
            "trust": 0.6,
            "url": "https://www.securityfocus.com/bid/109154"
          },
          {
            "trust": 0.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-19-675/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-674"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-675"
          },
          {
            "db": "BID",
            "id": "109154"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006979"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10992"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-711"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-19-674"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-675"
          },
          {
            "db": "BID",
            "id": "109154"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006979"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10992"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-711"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-07-22T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-674"
          },
          {
            "date": "2019-07-22T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-675"
          },
          {
            "date": "2019-07-11T00:00:00",
            "db": "BID",
            "id": "109154"
          },
          {
            "date": "2019-07-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-006979"
          },
          {
            "date": "2019-07-24T15:15:12.057000",
            "db": "NVD",
            "id": "CVE-2019-10992"
          },
          {
            "date": "2019-07-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-711"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-07-22T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-674"
          },
          {
            "date": "2019-07-22T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-675"
          },
          {
            "date": "2019-07-11T00:00:00",
            "db": "BID",
            "id": "109154"
          },
          {
            "date": "2019-07-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-006979"
          },
          {
            "date": "2019-10-09T23:45:10.027000",
            "db": "NVD",
            "id": "CVE-2019-10992"
          },
          {
            "date": "2019-07-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-711"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-711"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-674"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-675"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-711"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201907-1458

    Vulnerability from variot - Updated: 2023-12-18 13:13

    Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. There is a lack of user input validation before copying data from project files onto the heap. Delta Electronics CNCSoft ScreenEditor Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DPB files. An attacker can leverage this vulnerability to execute code in the context of an administrator. Multiple heap-based buffer-overflow vulnerabilities 2. Multiple information disclosure vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201907-1458",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "cncsoft screeneditor",
            "scope": null,
            "trust": 1.4,
            "vendor": "delta industrial automation",
            "version": null
          },
          {
            "model": "cnssoft screeneditor",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "deltaww",
            "version": "1.00.89"
          },
          {
            "model": "screeneditor",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "delta",
            "version": "1.00.89"
          },
          {
            "model": "electronics inc cncsoft screeneditor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "1.0.89"
          },
          {
            "model": "electronics inc cncsoft screeneditor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "1.0.88"
          },
          {
            "model": "electronics inc cncsoft screeneditor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "1.0.84"
          },
          {
            "model": "electronics inc cncsoft screeneditor",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "delta",
            "version": "1.0.94"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-673"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-672"
          },
          {
            "db": "BID",
            "id": "109154"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006980"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10982"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:deltaww:cnssoft_screeneditor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.00.89",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-10982"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Natnael Samson (@NattiSamson)",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-673"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-672"
          }
        ],
        "trust": 1.4
      },
      "cve": "CVE-2019-10982",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2019-10982",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2019-10982",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.4,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-10982",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2019-10982",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "ZDI",
                "id": "CVE-2019-10982",
                "trust": 1.4,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201907-693",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-673"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-672"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006980"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10982"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-693"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. There is a lack of user input validation before copying data from project files onto the heap. Delta Electronics CNCSoft ScreenEditor Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DPB files. An attacker can leverage this vulnerability to execute code in the context of an administrator. Multiple heap-based buffer-overflow vulnerabilities\n2. Multiple information disclosure vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-10982"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006980"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-673"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-672"
          },
          {
            "db": "BID",
            "id": "109154"
          }
        ],
        "trust": 3.15
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-10982",
            "trust": 4.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-192-01",
            "trust": 2.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-673",
            "trust": 1.3
          },
          {
            "db": "BID",
            "id": "109154",
            "trust": 0.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006980",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-8633",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-8629",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-672",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.2578",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-693",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-673"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-672"
          },
          {
            "db": "BID",
            "id": "109154"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006980"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10982"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-693"
          }
        ]
      },
      "id": "VAR-201907-1458",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.3
      },
      "last_update_date": "2023-12-18T13:13:21.493000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Delta Industrial Automation has issued an update to correct this vulnerability.",
            "trust": 1.4,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-192-01"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.deltaww.com/"
          },
          {
            "title": "Delta Electronics CNCSoft ScreenEditor Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=95227"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-673"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-672"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006980"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-693"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-119",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006980"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10982"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 4.1,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-192-01"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10982"
          },
          {
            "trust": 0.9,
            "url": "http://www.deltaww.com/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10982"
          },
          {
            "trust": 0.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-19-673/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.2578/"
          },
          {
            "trust": 0.6,
            "url": "https://www.securityfocus.com/bid/109154"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-673"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-672"
          },
          {
            "db": "BID",
            "id": "109154"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006980"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10982"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-693"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-19-673"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-672"
          },
          {
            "db": "BID",
            "id": "109154"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006980"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10982"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-693"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-07-22T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-673"
          },
          {
            "date": "2019-07-22T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-672"
          },
          {
            "date": "2019-07-11T00:00:00",
            "db": "BID",
            "id": "109154"
          },
          {
            "date": "2019-07-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-006980"
          },
          {
            "date": "2019-07-24T15:15:11.993000",
            "db": "NVD",
            "id": "CVE-2019-10982"
          },
          {
            "date": "2019-07-11T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-693"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-07-22T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-673"
          },
          {
            "date": "2019-07-22T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-672"
          },
          {
            "date": "2019-07-11T00:00:00",
            "db": "BID",
            "id": "109154"
          },
          {
            "date": "2019-07-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-006980"
          },
          {
            "date": "2020-10-02T13:57:59.227000",
            "db": "NVD",
            "id": "CVE-2019-10982"
          },
          {
            "date": "2020-10-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-693"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-693"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-673"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-672"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-693"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201808-0176

    Vulnerability from variot - Updated: 2023-12-18 13:02

    CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has multiple stack-based buffer overflow vulnerabilities that could cause the software to crash due to lacking user input validation before copying data from project files onto the stack. Which may allow an attacker to gain remote code execution with administrator privileges if exploited. CNCSoft and ScreenEditor Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of DPB files. When parsing the wFont attribute of the UserVARComment element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. Delta Electronics CNCSoft and ScreenEditor are products of Delta Electronics. Delta Electronics CNCSoft is a set of simulation software for CNC machine tools. ScreenEditor is a set of human-machine interface programming software.

    A stack buffer overflow vulnerability exists in Delta Electronics CNCSoft 1.00.83 and earlier and ScreenEditor 1.00.54. An attacker could use this vulnerability to cause software to crash. Multiple stack-based buffer-overflow vulnerabilities 2

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201808-0176",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "cncsoft",
            "scope": null,
            "trust": 7.0,
            "vendor": "delta industrial automation",
            "version": null
          },
          {
            "model": "screeneditor",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "deltaww",
            "version": "1.00.54"
          },
          {
            "model": "cncsoft",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "deltaww",
            "version": "1.00.83"
          },
          {
            "model": "cncsoft",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "delta",
            "version": "1.00.83"
          },
          {
            "model": "screeneditor",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "delta",
            "version": "1.00.54"
          },
          {
            "model": "electronics cncsoft",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "delta",
            "version": "\u003c=1.00.83"
          },
          {
            "model": "electronics screeneditor",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "delta",
            "version": "1.00.54"
          },
          {
            "model": "cncsoft",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "deltaww",
            "version": "1.00.83"
          },
          {
            "model": "electronics inc screeneditor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "1.0.54"
          },
          {
            "model": "electronics inc cncsoft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "1.0.83"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1071"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-984"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1070"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-985"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-986"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-981"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-982"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-979"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-980"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-983"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-17874"
          },
          {
            "db": "BID",
            "id": "105032"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-009204"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10636"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-308"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:deltaww:cncsoft:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.00.83",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:deltaww:screeneditor:1.00.54:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-10636"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Natnael Samson(Natti)",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1071"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-984"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1070"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-985"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-986"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-981"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-982"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-979"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-980"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-983"
          }
        ],
        "trust": 7.0
      },
      "cve": "CVE-2018-10636",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 9.3,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2018-10636",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 7.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-17874",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-10636",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2018-10636",
                "trust": 7.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-10636",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-17874",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201808-308",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1071"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-984"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1070"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-985"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-986"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-981"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-982"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-979"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-980"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-983"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-17874"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-009204"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10636"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-308"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has multiple stack-based buffer overflow vulnerabilities that could cause the software to crash due to lacking user input validation before copying data from project files onto the stack. Which may allow an attacker to gain remote code execution with administrator privileges if exploited. CNCSoft and ScreenEditor Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of DPB files. When parsing the wFont attribute of the UserVARComment element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. Delta Electronics CNCSoft and ScreenEditor are products of Delta Electronics. Delta Electronics CNCSoft is a set of simulation software for CNC machine tools. ScreenEditor is a set of human-machine interface programming software. \n\nA stack buffer overflow vulnerability exists in Delta Electronics CNCSoft 1.00.83 and earlier and ScreenEditor 1.00.54. An attacker could use this vulnerability to cause software to crash. Multiple  stack-based buffer-overflow vulnerabilities\n2",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-10636"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-009204"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1071"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-984"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1070"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-985"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-986"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-981"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-982"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-979"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-980"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-983"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-17874"
          },
          {
            "db": "BID",
            "id": "105032"
          }
        ],
        "trust": 8.73
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-10636",
            "trust": 10.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-219-01",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "105032",
            "trust": 1.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-009204",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6359",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1071",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6273",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-984",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6358",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1070",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6275",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-985",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6276",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-986",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6270",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-981",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6271",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-982",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6310",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-979",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6269",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-980",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6272",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-983",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-17874",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-308",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1071"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-984"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1070"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-985"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-986"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-981"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-982"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-979"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-980"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-983"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-17874"
          },
          {
            "db": "BID",
            "id": "105032"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-009204"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10636"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-308"
          }
        ]
      },
      "id": "VAR-201808-0176",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-17874"
          }
        ],
        "trust": 1.3666666666666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-17874"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:02:31.780000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Delta Industrial Automation has issued an update to correct this vulnerability.",
            "trust": 7.0,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-219-01"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.deltaww.com/"
          },
          {
            "title": "Patch for Delta Electronics CNCSoft and ScreenEditor stack buffer overflow vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/138735"
          },
          {
            "title": "Delta Electronics CNCSoft and ScreenEditor Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=83919"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1071"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-984"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1070"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-985"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-986"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-981"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-982"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-979"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-980"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-983"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-17874"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-009204"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-308"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-119",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-009204"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10636"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 10.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-219-01"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/105032"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10636"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10636"
          },
          {
            "trust": 0.3,
            "url": "http://www.deltaww.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1071"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-984"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1070"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-985"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-986"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-981"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-982"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-979"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-980"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-983"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-17874"
          },
          {
            "db": "BID",
            "id": "105032"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-009204"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10636"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-308"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1071"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-984"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1070"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-985"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-986"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-981"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-982"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-979"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-980"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-983"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-17874"
          },
          {
            "db": "BID",
            "id": "105032"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-009204"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10636"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-308"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-09-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1071"
          },
          {
            "date": "2018-09-05T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-984"
          },
          {
            "date": "2018-09-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1070"
          },
          {
            "date": "2018-09-05T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-985"
          },
          {
            "date": "2018-09-05T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-986"
          },
          {
            "date": "2018-09-05T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-981"
          },
          {
            "date": "2018-09-05T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-982"
          },
          {
            "date": "2018-09-05T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-979"
          },
          {
            "date": "2018-09-05T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-980"
          },
          {
            "date": "2018-09-05T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-983"
          },
          {
            "date": "2018-09-07T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-17874"
          },
          {
            "date": "2018-08-07T00:00:00",
            "db": "BID",
            "id": "105032"
          },
          {
            "date": "2018-11-12T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-009204"
          },
          {
            "date": "2018-08-13T21:47:59.167000",
            "db": "NVD",
            "id": "CVE-2018-10636"
          },
          {
            "date": "2018-08-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201808-308"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-09-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1071"
          },
          {
            "date": "2018-09-05T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-984"
          },
          {
            "date": "2018-09-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1070"
          },
          {
            "date": "2018-09-05T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-985"
          },
          {
            "date": "2018-09-05T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-986"
          },
          {
            "date": "2018-09-05T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-981"
          },
          {
            "date": "2018-09-05T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-982"
          },
          {
            "date": "2018-09-05T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-979"
          },
          {
            "date": "2018-09-05T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-980"
          },
          {
            "date": "2018-09-05T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-983"
          },
          {
            "date": "2018-09-07T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-17874"
          },
          {
            "date": "2018-08-07T00:00:00",
            "db": "BID",
            "id": "105032"
          },
          {
            "date": "2018-11-12T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-009204"
          },
          {
            "date": "2020-08-31T16:11:00.607000",
            "db": "NVD",
            "id": "CVE-2018-10636"
          },
          {
            "date": "2020-09-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201808-308"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-308"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Delta Industrial Automation CNCSoft ScreenEditor DPB File wKPFString Stack-based Buffer Overflow Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1071"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-983"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-308"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201808-0183

    Vulnerability from variot - Updated: 2023-12-18 13:02

    CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has two out-of-bounds read vulnerabilities could cause the software to crash due to lacking user input validation for processing project files. Which may allow an attacker to gain remote code execution with administrator privileges if exploited. CNCSoft and ScreenEditor Contains an out-of-bounds vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of DPB files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. Delta Electronics CNCSoft and ScreenEditor are products of Delta Electronics. Delta Electronics CNCSoft is a set of simulation software for CNC machine tools. ScreenEditor is a set of human-machine interface programming software.

    An out-of-bounds read vulnerability exists in Delta Electronics CNCSoft 1.00.83 and earlier and ScreenEditor 1.00.54. Multiple stack-based buffer-overflow vulnerabilities 2

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201808-0183",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "screeneditor",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "deltaww",
            "version": "1.00.54"
          },
          {
            "model": "cncsoft",
            "scope": null,
            "trust": 1.4,
            "vendor": "delta industrial automation",
            "version": null
          },
          {
            "model": "cncsoft",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "deltaww",
            "version": "1.00.83"
          },
          {
            "model": "cncsoft",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "delta",
            "version": "1.00.83"
          },
          {
            "model": "screeneditor",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "delta",
            "version": "1.00.54"
          },
          {
            "model": "electronics cncsoft",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "delta",
            "version": "\u003c=1.00.83"
          },
          {
            "model": "electronics screeneditor",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "delta",
            "version": "1.00.54"
          },
          {
            "model": "cncsoft",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "deltaww",
            "version": "1.00.83"
          },
          {
            "model": "electronics inc screeneditor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "1.0.54"
          },
          {
            "model": "electronics inc cncsoft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "1.0.83"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-987"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-988"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-17872"
          },
          {
            "db": "BID",
            "id": "105032"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-009150"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10598"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-309"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:deltaww:screeneditor:1.00.54:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:deltaww:cncsoft:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.00.83",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-10598"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mat Powell of Trend Micro Zero Day Initiative",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-987"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-988"
          }
        ],
        "trust": 1.4
      },
      "cve": "CVE-2018-10598",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-10598",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 1.4,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 4.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 5.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-10598",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-17872",
                "impactScore": 7.8,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 5.2,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.1,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-10598",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-10598",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "ZDI",
                "id": "CVE-2018-10598",
                "trust": 1.4,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-17872",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201808-309",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-987"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-988"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-17872"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-009150"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10598"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-309"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has two out-of-bounds read vulnerabilities could cause the software to crash due to lacking user input validation for processing project files. Which may allow an attacker to gain remote code execution with administrator privileges if exploited. CNCSoft and ScreenEditor Contains an out-of-bounds vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of DPB files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. Delta Electronics CNCSoft and ScreenEditor are products of Delta Electronics. Delta Electronics CNCSoft is a set of simulation software for CNC machine tools. ScreenEditor is a set of human-machine interface programming software. \n\nAn out-of-bounds read vulnerability exists in Delta Electronics CNCSoft 1.00.83 and earlier and ScreenEditor 1.00.54. Multiple  stack-based buffer-overflow vulnerabilities\n2",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-10598"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-009150"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-987"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-988"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-17872"
          },
          {
            "db": "BID",
            "id": "105032"
          }
        ],
        "trust": 3.69
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-10598",
            "trust": 4.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-219-01",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "105032",
            "trust": 1.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-009150",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6303",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-987",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6304",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-988",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-17872",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-309",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-987"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-988"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-17872"
          },
          {
            "db": "BID",
            "id": "105032"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-009150"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10598"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-309"
          }
        ]
      },
      "id": "VAR-201808-0183",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-17872"
          }
        ],
        "trust": 1.3666666666666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-17872"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:02:31.738000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Delta Industrial Automation has issued an update to correct this vulnerability.",
            "trust": 1.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-219-01"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.deltaww.com/"
          },
          {
            "title": "Patch for Delta Electronics CNCSoft and ScreenEditor out-of-bounds read vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/138747"
          },
          {
            "title": "Delta Electronics CNCSoft and ScreenEditor Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=83920"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-987"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-988"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-17872"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-009150"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-309"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-125",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-009150"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10598"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 4.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-219-01"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/105032"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10598"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10598"
          },
          {
            "trust": 0.3,
            "url": "http://www.deltaww.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-987"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-988"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-17872"
          },
          {
            "db": "BID",
            "id": "105032"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-009150"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10598"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-309"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-18-987"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-988"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-17872"
          },
          {
            "db": "BID",
            "id": "105032"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-009150"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10598"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-309"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-09-05T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-987"
          },
          {
            "date": "2018-09-05T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-988"
          },
          {
            "date": "2018-09-07T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-17872"
          },
          {
            "date": "2018-08-07T00:00:00",
            "db": "BID",
            "id": "105032"
          },
          {
            "date": "2018-11-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-009150"
          },
          {
            "date": "2018-08-13T21:47:58.743000",
            "db": "NVD",
            "id": "CVE-2018-10598"
          },
          {
            "date": "2018-08-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201808-309"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-09-05T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-987"
          },
          {
            "date": "2018-09-05T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-988"
          },
          {
            "date": "2018-09-07T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-17872"
          },
          {
            "date": "2018-08-07T00:00:00",
            "db": "BID",
            "id": "105032"
          },
          {
            "date": "2018-11-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-009150"
          },
          {
            "date": "2019-10-09T23:32:52.837000",
            "db": "NVD",
            "id": "CVE-2018-10598"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201808-309"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-309"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "CNCSoft and  ScreenEditor Vulnerable to out-of-bounds reading",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-009150"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-309"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201805-1148

    Vulnerability from variot - Updated: 2023-12-18 12:56

    WPLSoft in Delta Electronics versions 2.45.0 and prior writes data from a file outside the bounds of the intended buffer space, which could cause memory corruption or may allow remote code execution. Delta Electronics WPLSoft Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of .dvp files. Crafted data in a .dvp file can trigger an overflow of a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. Delta Industrial Automation is the industry automation vendor for power management and cooling solutions worldwide. WPLSoft and PMSoft are Delta's PLC programming software. Delta Electronics WPLSoft is prone to the following security vulnerabilities: 1. A stack-based buffer-overflow vulnerability 2. A heap-based buffer-overflow vulnerability 3. Delta Industrial WPLSoft Version 2.45.0 and prior versions are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201805-1148",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wplsoft",
            "scope": null,
            "trust": 2.1,
            "vendor": "delta industrial automation",
            "version": null
          },
          {
            "model": "industrial automation wplsoft",
            "scope": null,
            "trust": 1.8,
            "vendor": "delta",
            "version": null
          },
          {
            "model": "industrial automation wplsoft",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "delta",
            "version": "*"
          },
          {
            "model": "wplsoft",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "deltaww",
            "version": "2.45.0"
          },
          {
            "model": "wplsoft",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "delta",
            "version": "2.45.0"
          },
          {
            "model": "electronics wplsoft",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "delta",
            "version": "\u003c=2.45.0"
          },
          {
            "model": "wplsoft",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "deltaww",
            "version": "2.45.0"
          },
          {
            "model": "electronics inc wplsoft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "2.45.0"
          },
          {
            "model": "electronics inc wplsoft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "2.42.11"
          },
          {
            "model": "electronics inc wplsoft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "2.0"
          },
          {
            "model": "electronics inc wplsoft",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "delta",
            "version": "2.46.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wplsoft",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2ff16f1-39ab-11e9-9e8d-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "bd88bef6-a734-4ab3-b708-493e5939c42c"
          },
          {
            "db": "IVD",
            "id": "9b0290fd-5208-4c4d-be64-9b123c16f26e"
          },
          {
            "db": "IVD",
            "id": "c3d16b7a-9f9a-4e2c-b16b-7a6bbe22e631"
          },
          {
            "db": "IVD",
            "id": "e300014f-39ab-11e9-ae3c-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "e2ff8c23-39ab-11e9-a10f-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "e2ffda40-39ab-11e9-aced-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-701"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-700"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-697"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22819"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22816"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03766"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22820"
          },
          {
            "db": "BID",
            "id": "103179"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004572"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7509"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-769"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:deltaww:wplsoft:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.45.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-7509"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "axt",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-701"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-700"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-697"
          }
        ],
        "trust": 2.1
      },
      "cve": "CVE-2018-7509",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-7509",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 2.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-7509",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-22819",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-22816",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.7,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-03766",
                "impactScore": 9.5,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-22820",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.7,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "e2ff16f1-39ab-11e9-9e8d-000c29342cb1",
                "impactScore": 9.5,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "bd88bef6-a734-4ab3-b708-493e5939c42c",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "9b0290fd-5208-4c4d-be64-9b123c16f26e",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "c3d16b7a-9f9a-4e2c-b16b-7a6bbe22e631",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "e300014f-39ab-11e9-ae3c-000c29342cb1",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "e2ff8c23-39ab-11e9-a10f-000c29342cb1",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "e2ffda40-39ab-11e9-aced-000c29342cb1",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-7509",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2018-7509",
                "trust": 2.1,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-7509",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-22819",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-22816",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-03766",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-22820",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201803-769",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "e2ff16f1-39ab-11e9-9e8d-000c29342cb1",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "bd88bef6-a734-4ab3-b708-493e5939c42c",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "9b0290fd-5208-4c4d-be64-9b123c16f26e",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "c3d16b7a-9f9a-4e2c-b16b-7a6bbe22e631",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "e300014f-39ab-11e9-ae3c-000c29342cb1",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "e2ff8c23-39ab-11e9-a10f-000c29342cb1",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "e2ffda40-39ab-11e9-aced-000c29342cb1",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2ff16f1-39ab-11e9-9e8d-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "bd88bef6-a734-4ab3-b708-493e5939c42c"
          },
          {
            "db": "IVD",
            "id": "9b0290fd-5208-4c4d-be64-9b123c16f26e"
          },
          {
            "db": "IVD",
            "id": "c3d16b7a-9f9a-4e2c-b16b-7a6bbe22e631"
          },
          {
            "db": "IVD",
            "id": "e300014f-39ab-11e9-ae3c-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "e2ff8c23-39ab-11e9-a10f-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "e2ffda40-39ab-11e9-aced-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-701"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-700"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-697"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22819"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22816"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03766"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22820"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004572"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7509"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-769"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WPLSoft in Delta Electronics versions 2.45.0 and prior writes data from a file outside the bounds of the intended buffer space, which could cause memory corruption or may allow remote code execution. Delta Electronics WPLSoft Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of .dvp files. Crafted data in a .dvp file can trigger an overflow of a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. Delta Industrial Automation is the industry automation vendor for power management and cooling solutions worldwide. WPLSoft and PMSoft are Delta\u0027s PLC programming software. Delta Electronics WPLSoft is prone to the following security vulnerabilities:\n1. A stack-based buffer-overflow vulnerability\n2. A heap-based buffer-overflow vulnerability\n3. \nDelta Industrial WPLSoft  Version 2.45.0 and prior versions are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-7509"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004572"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-701"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-697"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-700"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22819"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22816"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03766"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22820"
          },
          {
            "db": "BID",
            "id": "103179"
          },
          {
            "db": "IVD",
            "id": "e2ff8c23-39ab-11e9-a10f-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "e2ffda40-39ab-11e9-aced-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "e300014f-39ab-11e9-ae3c-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "bd88bef6-a734-4ab3-b708-493e5939c42c"
          },
          {
            "db": "IVD",
            "id": "c3d16b7a-9f9a-4e2c-b16b-7a6bbe22e631"
          },
          {
            "db": "IVD",
            "id": "9b0290fd-5208-4c4d-be64-9b123c16f26e"
          },
          {
            "db": "IVD",
            "id": "e2ff16f1-39ab-11e9-9e8d-000c29342cb1"
          }
        ],
        "trust": 7.2
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-7509",
            "trust": 5.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-058-02",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "103179",
            "trust": 1.9
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-701",
            "trust": 1.3
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-700",
            "trust": 1.3
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-697",
            "trust": 1.3
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22819",
            "trust": 1.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22820",
            "trust": 1.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22816",
            "trust": 1.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03766",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-769",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004572",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-4435",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-4428",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-4438",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "E2FF16F1-39AB-11E9-9E8D-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "BD88BEF6-A734-4AB3-B708-493E5939C42C",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "9B0290FD-5208-4C4D-BE64-9B123C16F26E",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "C3D16B7A-9F9A-4E2C-B16B-7A6BBE22E631",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "E300014F-39AB-11E9-AE3C-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "E2FF8C23-39AB-11E9-A10F-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "E2FFDA40-39AB-11E9-ACED-000C29342CB1",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2ff16f1-39ab-11e9-9e8d-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "bd88bef6-a734-4ab3-b708-493e5939c42c"
          },
          {
            "db": "IVD",
            "id": "9b0290fd-5208-4c4d-be64-9b123c16f26e"
          },
          {
            "db": "IVD",
            "id": "c3d16b7a-9f9a-4e2c-b16b-7a6bbe22e631"
          },
          {
            "db": "IVD",
            "id": "e300014f-39ab-11e9-ae3c-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "e2ff8c23-39ab-11e9-a10f-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "e2ffda40-39ab-11e9-aced-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-701"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-700"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-697"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22819"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22816"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03766"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22820"
          },
          {
            "db": "BID",
            "id": "103179"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004572"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7509"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-769"
          }
        ]
      },
      "id": "VAR-201805-1148",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2ff16f1-39ab-11e9-9e8d-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "bd88bef6-a734-4ab3-b708-493e5939c42c"
          },
          {
            "db": "IVD",
            "id": "9b0290fd-5208-4c4d-be64-9b123c16f26e"
          },
          {
            "db": "IVD",
            "id": "c3d16b7a-9f9a-4e2c-b16b-7a6bbe22e631"
          },
          {
            "db": "IVD",
            "id": "e300014f-39ab-11e9-ae3c-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "e2ff8c23-39ab-11e9-a10f-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "e2ffda40-39ab-11e9-aced-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22819"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22816"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03766"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22820"
          }
        ],
        "trust": 4.716666666666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 3.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2ff16f1-39ab-11e9-9e8d-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "bd88bef6-a734-4ab3-b708-493e5939c42c"
          },
          {
            "db": "IVD",
            "id": "9b0290fd-5208-4c4d-be64-9b123c16f26e"
          },
          {
            "db": "IVD",
            "id": "c3d16b7a-9f9a-4e2c-b16b-7a6bbe22e631"
          },
          {
            "db": "IVD",
            "id": "e300014f-39ab-11e9-ae3c-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "e2ff8c23-39ab-11e9-a10f-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "e2ffda40-39ab-11e9-aced-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22819"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22816"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03766"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22820"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:56:57.926000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Delta Industrial Automation has issued an update to correct this vulnerability.        This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.02/01/17 - ZDI disclosed reports to ICS-CERT02/07/17 - ICS-CERT provided ZDI with an ICS-VU # ICS-VU-97456803/16/17 - ICS-CERT asked ZDI questions about reproduction03/27/17 - ICS-CERT asked ZDI again some questions about reproduction06/07/17 - ICS-CERT offered ZDI a pre-release patch to test06/07/17 - ZDI replied that we cannot do the testing for the vendor07/20/17 - ZDI sent a mail to ICS-CERT asking the status07/26/17 - ICS-CERT advised that the vendor has a new version they believe addressed the reports (though to ZDI knowledge, no advisory was released)08/02/17 - ZDI advised ICS-CERT that our finder indicated that the vulnerabilities are still present08/11/17 - ZDI wrote ICS-CERT to indicate the intention to move these reports to 0-day on 8/24-- Mitigation:Given the nature of the vulnerability the only salient mitigation strategy is to restrict interaction with the application to trusted files.",
            "trust": 2.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-058-02"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.deltaww.com/"
          },
          {
            "title": "Delta Industrial Automation WPLSoft dvp file border write vulnerability (CNVD-2017-228198) patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/143673"
          },
          {
            "title": "Patch for Delta Industrial Automation WPLSoft dvp File Buffer Buffer Overflow Vulnerability (CNVD-2017-228165)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/143667"
          },
          {
            "title": "Delta Electronics WPLSoft cross-border write vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/119163"
          },
          {
            "title": "Delta Industrial Automation WPLSoft dvp file cross-boundary write vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/143675"
          },
          {
            "title": "Delta Electronics WPLSoft Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79355"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-701"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-700"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-697"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22819"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22816"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03766"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22820"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004572"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-769"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004572"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7509"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 5.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-058-02"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/103179"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7509"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7509"
          },
          {
            "trust": 0.6,
            "url": "http://www.zerodayinitiative.com/advisories/zdi-17-700/"
          },
          {
            "trust": 0.6,
            "url": "http://www.zerodayinitiative.com/advisories/zdi-17-697/"
          },
          {
            "trust": 0.6,
            "url": "http://www.zerodayinitiative.com/advisories/zdi-17-701/"
          },
          {
            "trust": 0.3,
            "url": "http://www.deltaww.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-701"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-700"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-697"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22819"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22816"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03766"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22820"
          },
          {
            "db": "BID",
            "id": "103179"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004572"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7509"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-769"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2ff16f1-39ab-11e9-9e8d-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "bd88bef6-a734-4ab3-b708-493e5939c42c"
          },
          {
            "db": "IVD",
            "id": "9b0290fd-5208-4c4d-be64-9b123c16f26e"
          },
          {
            "db": "IVD",
            "id": "c3d16b7a-9f9a-4e2c-b16b-7a6bbe22e631"
          },
          {
            "db": "IVD",
            "id": "e300014f-39ab-11e9-ae3c-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "e2ff8c23-39ab-11e9-a10f-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "e2ffda40-39ab-11e9-aced-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-701"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-700"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-697"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22819"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22816"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03766"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22820"
          },
          {
            "db": "BID",
            "id": "103179"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004572"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7509"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-769"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-02-28T00:00:00",
            "db": "IVD",
            "id": "e2ff16f1-39ab-11e9-9e8d-000c29342cb1"
          },
          {
            "date": "2017-08-25T00:00:00",
            "db": "IVD",
            "id": "bd88bef6-a734-4ab3-b708-493e5939c42c"
          },
          {
            "date": "2017-08-25T00:00:00",
            "db": "IVD",
            "id": "9b0290fd-5208-4c4d-be64-9b123c16f26e"
          },
          {
            "date": "2017-08-25T00:00:00",
            "db": "IVD",
            "id": "c3d16b7a-9f9a-4e2c-b16b-7a6bbe22e631"
          },
          {
            "date": "2017-08-25T00:00:00",
            "db": "IVD",
            "id": "e300014f-39ab-11e9-ae3c-000c29342cb1"
          },
          {
            "date": "2017-08-25T00:00:00",
            "db": "IVD",
            "id": "e2ff8c23-39ab-11e9-a10f-000c29342cb1"
          },
          {
            "date": "2017-08-25T00:00:00",
            "db": "IVD",
            "id": "e2ffda40-39ab-11e9-aced-000c29342cb1"
          },
          {
            "date": "2017-08-24T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-701"
          },
          {
            "date": "2017-08-24T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-700"
          },
          {
            "date": "2017-08-24T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-697"
          },
          {
            "date": "2017-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-22819"
          },
          {
            "date": "2017-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-22816"
          },
          {
            "date": "2018-02-28T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-03766"
          },
          {
            "date": "2017-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-22820"
          },
          {
            "date": "2018-02-27T00:00:00",
            "db": "BID",
            "id": "103179"
          },
          {
            "date": "2018-06-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-004572"
          },
          {
            "date": "2018-05-04T19:29:00.360000",
            "db": "NVD",
            "id": "CVE-2018-7509"
          },
          {
            "date": "2018-03-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-769"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-03-28T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-701"
          },
          {
            "date": "2018-03-28T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-700"
          },
          {
            "date": "2018-03-28T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-697"
          },
          {
            "date": "2018-11-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-22819"
          },
          {
            "date": "2018-11-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-22816"
          },
          {
            "date": "2018-11-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-03766"
          },
          {
            "date": "2018-11-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-22820"
          },
          {
            "date": "2018-02-27T00:00:00",
            "db": "BID",
            "id": "103179"
          },
          {
            "date": "2018-06-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-004572"
          },
          {
            "date": "2019-10-09T23:42:20.923000",
            "db": "NVD",
            "id": "CVE-2018-7509"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-769"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-769"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "(0Day) Delta Industrial Automation WPLSoft dvp File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-701"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-700"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "e2ff16f1-39ab-11e9-9e8d-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-769"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201805-1140

    Vulnerability from variot - Updated: 2023-12-18 12:56

    WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length stack buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash. Delta Electronics WPLSoft Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft and Delta Industrial Automation ISPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of dvp files. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of current process. Delta Industrial Automation is the industry automation vendor for power management and cooling solutions worldwide. The length of the data provided by the user was not properly verified. WPLSoft (Delta PLC programming software) is a PLC program programming software used by Delta Electronics in the WINDOWS operating system environment. Delta Electronics WPLSoft has a stack buffer overflow vulnerability. The application uses a fixed-length heap buffer. Execute or cause the application to crash. A stack-based buffer-overflow vulnerability 2. A heap-based buffer-overflow vulnerability 3

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201805-1140",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wplsoft",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "deltaww",
            "version": "2.45.0"
          },
          {
            "model": "wplsoft",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "delta",
            "version": "2.45.0"
          },
          {
            "model": "wplsoft",
            "scope": null,
            "trust": 0.7,
            "vendor": "delta industrial automation",
            "version": null
          },
          {
            "model": "industrial automation wplsoft",
            "scope": null,
            "trust": 0.6,
            "vendor": "delta",
            "version": null
          },
          {
            "model": "electronics wplsoft",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "delta",
            "version": "\u003c=2.45.0"
          },
          {
            "model": "wplsoft",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "deltaww",
            "version": "2.45.0"
          },
          {
            "model": "industrial automation wplsoft",
            "scope": "eq",
            "trust": 0.4,
            "vendor": "delta",
            "version": "*"
          },
          {
            "model": "electronics inc wplsoft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "2.45.0"
          },
          {
            "model": "electronics inc wplsoft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "2.42.11"
          },
          {
            "model": "electronics inc wplsoft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "2.0"
          },
          {
            "model": "electronics inc wplsoft",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "delta",
            "version": "2.46.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wplsoft",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e3004f6f-39ab-11e9-b569-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "117014c0-b059-4ede-9515-daf57ae2fdf1"
          },
          {
            "db": "IVD",
            "id": "e2ffb331-39ab-11e9-9c2e-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-698"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22817"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03767"
          },
          {
            "db": "BID",
            "id": "103179"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004570"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7494"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-767"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:deltaww:wplsoft:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.45.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-7494"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "axt",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-698"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2018-7494",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-7494",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-7494",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-22817",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.7,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-03767",
                "impactScore": 9.5,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.7,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "e3004f6f-39ab-11e9-b569-000c29342cb1",
                "impactScore": 9.5,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "117014c0-b059-4ede-9515-daf57ae2fdf1",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "e2ffb331-39ab-11e9-9c2e-000c29342cb1",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-7494",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-7494",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "ZDI",
                "id": "CVE-2018-7494",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-22817",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-03767",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201803-767",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "e3004f6f-39ab-11e9-b569-000c29342cb1",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "117014c0-b059-4ede-9515-daf57ae2fdf1",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "e2ffb331-39ab-11e9-9c2e-000c29342cb1",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e3004f6f-39ab-11e9-b569-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "117014c0-b059-4ede-9515-daf57ae2fdf1"
          },
          {
            "db": "IVD",
            "id": "e2ffb331-39ab-11e9-9c2e-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-698"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22817"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03767"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004570"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7494"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-767"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length stack buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash. Delta Electronics WPLSoft Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft and Delta Industrial Automation ISPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of dvp files. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of current process. Delta Industrial Automation is the industry automation vendor for power management and cooling solutions worldwide. The length of the data provided by the user was not properly verified. WPLSoft (Delta PLC programming software) is a PLC program programming software used by Delta Electronics in the WINDOWS operating system environment. Delta Electronics WPLSoft has a stack buffer overflow vulnerability. The application uses a fixed-length heap buffer. Execute or cause the application to crash. A stack-based buffer-overflow vulnerability\n2. A heap-based buffer-overflow vulnerability\n3",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-7494"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004570"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-698"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22817"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03767"
          },
          {
            "db": "BID",
            "id": "103179"
          },
          {
            "db": "IVD",
            "id": "e3004f6f-39ab-11e9-b569-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "117014c0-b059-4ede-9515-daf57ae2fdf1"
          },
          {
            "db": "IVD",
            "id": "e2ffb331-39ab-11e9-9c2e-000c29342cb1"
          }
        ],
        "trust": 4.14
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-7494",
            "trust": 4.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-058-02",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "103179",
            "trust": 1.9
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-698",
            "trust": 1.3
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22817",
            "trust": 1.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03767",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-767",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004570",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3917",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "E3004F6F-39AB-11E9-B569-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "117014C0-B059-4EDE-9515-DAF57AE2FDF1",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "E2FFB331-39AB-11E9-9C2E-000C29342CB1",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e3004f6f-39ab-11e9-b569-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "117014c0-b059-4ede-9515-daf57ae2fdf1"
          },
          {
            "db": "IVD",
            "id": "e2ffb331-39ab-11e9-9c2e-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-698"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22817"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03767"
          },
          {
            "db": "BID",
            "id": "103179"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004570"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7494"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-767"
          }
        ]
      },
      "id": "VAR-201805-1140",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e3004f6f-39ab-11e9-b569-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "117014c0-b059-4ede-9515-daf57ae2fdf1"
          },
          {
            "db": "IVD",
            "id": "e2ffb331-39ab-11e9-9c2e-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22817"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03767"
          }
        ],
        "trust": 2.716666666666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e3004f6f-39ab-11e9-b569-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "117014c0-b059-4ede-9515-daf57ae2fdf1"
          },
          {
            "db": "IVD",
            "id": "e2ffb331-39ab-11e9-9c2e-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22817"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03767"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:56:57.874000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.deltaww.com/"
          },
          {
            "title": "Delta Industrial Automation has issued an update to correct this vulnerability.        This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.02/01/17 - ZDI disclosed reports to ICS-CERT02/07/17 - ICS-CERT provided ZDI with an ICS-VU # ICS-VU-97456803/16/17 - ICS-CERT asked ZDI questions about reproduction03/27/17 - ICS-CERT asked ZDI again some questions about reproduction06/07/17 - ICS-CERT offered ZDI a pre-release patch to test06/07/17 - ZDI replied that we cannot do the testing for the vendor07/20/17 - ZDI sent a mail to ICS-CERT asking the status07/26/17 - ICS-CERT advised that the vendor has a new version they believe addressed the reports (though to ZDI knowledge, no advisory was released)08/02/17 - ZDI advised ICS-CERT that our finder indicated that the vulnerabilities are still present08/11/17 - ZDI wrote ICS-CERT to indicate the intention to move these reports to 0-day on 8/24-- Mitigation:Given the nature of the vulnerability the only salient mitigation strategy is to restrict interaction with the application to trusted files.",
            "trust": 0.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-058-02"
          },
          {
            "title": "Delta Industrial Automation WPLSoft Stack Buffer Overflow Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/143669"
          },
          {
            "title": "Patch for Delta Electronics WPLSoft Stack Buffer Overflow Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/119167"
          },
          {
            "title": "Delta Electronics WPLSoft Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79353"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-698"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22817"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03767"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004570"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-767"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004570"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7494"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 4.0,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-058-02"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/103179"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7494"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7494"
          },
          {
            "trust": 0.6,
            "url": "http://www.zerodayinitiative.com/advisories/zdi-17-698/"
          },
          {
            "trust": 0.3,
            "url": "http://www.deltaww.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-698"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22817"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03767"
          },
          {
            "db": "BID",
            "id": "103179"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004570"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7494"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-767"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e3004f6f-39ab-11e9-b569-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "117014c0-b059-4ede-9515-daf57ae2fdf1"
          },
          {
            "db": "IVD",
            "id": "e2ffb331-39ab-11e9-9c2e-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-698"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22817"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03767"
          },
          {
            "db": "BID",
            "id": "103179"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004570"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7494"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-767"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-02-28T00:00:00",
            "db": "IVD",
            "id": "e3004f6f-39ab-11e9-b569-000c29342cb1"
          },
          {
            "date": "2017-08-25T00:00:00",
            "db": "IVD",
            "id": "117014c0-b059-4ede-9515-daf57ae2fdf1"
          },
          {
            "date": "2017-08-25T00:00:00",
            "db": "IVD",
            "id": "e2ffb331-39ab-11e9-9c2e-000c29342cb1"
          },
          {
            "date": "2017-08-24T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-698"
          },
          {
            "date": "2017-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-22817"
          },
          {
            "date": "2018-02-28T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-03767"
          },
          {
            "date": "2018-02-27T00:00:00",
            "db": "BID",
            "id": "103179"
          },
          {
            "date": "2018-06-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-004570"
          },
          {
            "date": "2018-05-04T19:29:00.237000",
            "db": "NVD",
            "id": "CVE-2018-7494"
          },
          {
            "date": "2018-03-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-767"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-03-28T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-698"
          },
          {
            "date": "2018-11-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-22817"
          },
          {
            "date": "2018-11-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-03767"
          },
          {
            "date": "2018-02-27T00:00:00",
            "db": "BID",
            "id": "103179"
          },
          {
            "date": "2018-06-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-004570"
          },
          {
            "date": "2019-10-09T23:42:19.160000",
            "db": "NVD",
            "id": "CVE-2018-7494"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-767"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-767"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Delta Electronics WPLSoft Buffer error vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004570"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-767"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "e3004f6f-39ab-11e9-b569-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-767"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201806-0553

    Vulnerability from variot - Updated: 2023-12-18 12:50

    Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. This may cause improper restriction of operations within the bounds of the memory buffer, allow remote code execution, alter the intended control flow, allow reading of sensitive information, or cause the application to crash. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of fields in DPA files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code under the context of the current process. Delta Electronics Delta Industrial Automation DOPSoft is a set of human interface applications from Delta Electronics. A remote code-execution vulnerability 2. A stack-based buffer-overflow vulnerability 3. Failed attacks will cause denial of service conditions. DOPSoft 4.00.04 and prior are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201806-0553",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dopsoft",
            "scope": null,
            "trust": 1.4,
            "vendor": "delta industrial automation",
            "version": null
          },
          {
            "model": "delta industrial automation dopsoft",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "deltaww",
            "version": "4.00.04"
          },
          {
            "model": "industrial automation dopsoft",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "delta",
            "version": "4.00.04"
          },
          {
            "model": "electronics delta industrial automation dopsoft",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "delta",
            "version": "\u003c=4.00.04"
          },
          {
            "model": "delta industrial automation dopsoft",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "deltaww",
            "version": "4.00.04"
          },
          {
            "model": "electronics inc dopsoft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "4.0.4"
          },
          {
            "model": "electronics inc dopsoft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "4.0.1"
          },
          {
            "model": "electronics inc dopsoft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "2.0.5"
          },
          {
            "model": "electronics inc dopsoft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "2.00.04.09"
          },
          {
            "model": "electronics inc dopsoft",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "delta",
            "version": "4.00.04.22"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "delta industrial automation dopsoft",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e3007680-39ab-11e9-b812-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-537"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-535"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12141"
          },
          {
            "db": "BID",
            "id": "104375"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006534"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10623"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-809"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:deltaww:delta_industrial_automation_dopsoft:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.00.04",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-10623"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "b0nd @garage4hackers",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-537"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-535"
          }
        ],
        "trust": 1.4
      },
      "cve": "CVE-2018-10623",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-10623",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 1.4,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-10623",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-12141",
                "impactScore": 8.5,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "e3007680-39ab-11e9-b812-000c29342cb1",
                "impactScore": 8.5,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-10623",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-10623",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "ZDI",
                "id": "CVE-2018-10623",
                "trust": 1.4,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-12141",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201806-809",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "e3007680-39ab-11e9-b812-000c29342cb1",
                "trust": 0.2,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e3007680-39ab-11e9-b812-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-537"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-535"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12141"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006534"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10623"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-809"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. This may cause improper restriction of operations within the bounds of the memory buffer, allow remote code execution, alter the intended control flow, allow reading of sensitive information, or cause the application to crash. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of fields in DPA files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code under the context of the current process. Delta Electronics Delta Industrial Automation DOPSoft is a set of human interface applications from Delta Electronics. A remote code-execution vulnerability\n2. A stack-based buffer-overflow vulnerability\n3. Failed attacks will cause denial of  service conditions. \nDOPSoft 4.00.04 and prior are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-10623"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006534"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-537"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-535"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12141"
          },
          {
            "db": "BID",
            "id": "104375"
          },
          {
            "db": "IVD",
            "id": "e3007680-39ab-11e9-b812-000c29342cb1"
          }
        ],
        "trust": 3.87
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-10623",
            "trust": 4.9
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-151-01",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "104375",
            "trust": 1.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12141",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-809",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006534",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5975",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-537",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5973",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-535",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "E3007680-39AB-11E9-B812-000C29342CB1",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e3007680-39ab-11e9-b812-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-537"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-535"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12141"
          },
          {
            "db": "BID",
            "id": "104375"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006534"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10623"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-809"
          }
        ]
      },
      "id": "VAR-201806-0553",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e3007680-39ab-11e9-b812-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12141"
          }
        ],
        "trust": 1.7285714
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e3007680-39ab-11e9-b812-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12141"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:50:44.571000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Delta Industrial Automation has issued an update to correct this vulnerability.",
            "trust": 1.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-151-01"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.deltaww.com/"
          },
          {
            "title": "Delta Industrial Automation DOPSoft cross-border read vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/132877"
          },
          {
            "title": "Delta Industrial Automation DOPSoft Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=81327"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-537"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-535"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12141"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006534"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-809"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-125",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006534"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10623"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 4.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-151-01"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/104375"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10623"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10623"
          },
          {
            "trust": 0.3,
            "url": "http://www.deltaww.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-537"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-535"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12141"
          },
          {
            "db": "BID",
            "id": "104375"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006534"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10623"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-809"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e3007680-39ab-11e9-b812-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-537"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-535"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12141"
          },
          {
            "db": "BID",
            "id": "104375"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006534"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10623"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-809"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-06-27T00:00:00",
            "db": "IVD",
            "id": "e3007680-39ab-11e9-b812-000c29342cb1"
          },
          {
            "date": "2018-06-05T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-537"
          },
          {
            "date": "2018-06-05T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-535"
          },
          {
            "date": "2018-06-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-12141"
          },
          {
            "date": "2018-05-31T00:00:00",
            "db": "BID",
            "id": "104375"
          },
          {
            "date": "2018-08-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-006534"
          },
          {
            "date": "2018-06-18T19:29:00.293000",
            "db": "NVD",
            "id": "CVE-2018-10623"
          },
          {
            "date": "2018-06-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201806-809"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-06-05T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-537"
          },
          {
            "date": "2018-06-05T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-535"
          },
          {
            "date": "2018-11-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-12141"
          },
          {
            "date": "2018-05-31T00:00:00",
            "db": "BID",
            "id": "104375"
          },
          {
            "date": "2018-08-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-006534"
          },
          {
            "date": "2019-10-09T23:32:56.633000",
            "db": "NVD",
            "id": "CVE-2018-10623"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201806-809"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-809"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-537"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-535"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "e3007680-39ab-11e9-b812-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-809"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201806-0576

    Vulnerability from variot - Updated: 2023-12-18 12:50

    Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length heap buffer where a value larger than the buffer can be read from a .dpa file into the buffer, causing the buffer to be overwritten. This may allow remote code execution or cause the application to crash. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of fields in DPA files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Delta Electronics Delta Industrial Automation DOPSoft is a set of human interface applications from Delta Electronics. A remote code-execution vulnerability 2. A stack-based buffer-overflow vulnerability 3. Failed attacks will cause denial of service conditions. DOPSoft 4.00.04 and prior are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201806-0576",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "delta industrial automation dopsoft",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "deltaww",
            "version": "4.00.04"
          },
          {
            "model": "industrial automation dopsoft",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "delta",
            "version": "4.00.04"
          },
          {
            "model": "dopsoft",
            "scope": null,
            "trust": 0.7,
            "vendor": "delta industrial automation",
            "version": null
          },
          {
            "model": "electronics delta industrial automation dopsoft",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "delta",
            "version": "\u003c=4.00.04"
          },
          {
            "model": "delta industrial automation dopsoft",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "deltaww",
            "version": "4.00.04"
          },
          {
            "model": "electronics inc dopsoft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "4.0.4"
          },
          {
            "model": "electronics inc dopsoft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "4.0.1"
          },
          {
            "model": "electronics inc dopsoft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "2.0.5"
          },
          {
            "model": "electronics inc dopsoft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "2.00.04.09"
          },
          {
            "model": "electronics inc dopsoft",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "delta",
            "version": "4.00.04.22"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "delta industrial automation dopsoft",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e3007681-39ab-11e9-9ce6-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-536"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12140"
          },
          {
            "db": "BID",
            "id": "104375"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006533"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10617"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-810"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:deltaww:delta_industrial_automation_dopsoft:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.00.04",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-10617"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "B0nd @garagehackers",
        "sources": [
          {
            "db": "BID",
            "id": "104375"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-810"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2018-10617",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-10617",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-10617",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-12140",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "e3007681-39ab-11e9-9ce6-000c29342cb1",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-10617",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-10617",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "ZDI",
                "id": "CVE-2018-10617",
                "trust": 0.7,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-12140",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201806-810",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "e3007681-39ab-11e9-9ce6-000c29342cb1",
                "trust": 0.2,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e3007681-39ab-11e9-9ce6-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-536"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12140"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006533"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10617"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-810"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length heap buffer where a value larger than the buffer can be read from a .dpa file into the buffer, causing the buffer to be overwritten. This may allow remote code execution or cause the application to crash. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of fields in DPA files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer.  An attacker can leverage this vulnerability to execute code under the context of the current process. Delta Electronics Delta Industrial Automation DOPSoft is a set of human interface applications from Delta Electronics. A remote code-execution vulnerability\n2. A stack-based buffer-overflow vulnerability\n3. Failed attacks will cause denial of  service conditions. \nDOPSoft 4.00.04 and prior are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-10617"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006533"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-536"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12140"
          },
          {
            "db": "BID",
            "id": "104375"
          },
          {
            "db": "IVD",
            "id": "e3007681-39ab-11e9-9ce6-000c29342cb1"
          }
        ],
        "trust": 3.24
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-10617",
            "trust": 4.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-151-01",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "104375",
            "trust": 1.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12140",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-810",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006533",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5974",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-536",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "E3007681-39AB-11E9-9CE6-000C29342CB1",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e3007681-39ab-11e9-9ce6-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-536"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12140"
          },
          {
            "db": "BID",
            "id": "104375"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006533"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10617"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-810"
          }
        ]
      },
      "id": "VAR-201806-0576",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e3007681-39ab-11e9-9ce6-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12140"
          }
        ],
        "trust": 1.7285714
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e3007681-39ab-11e9-9ce6-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12140"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:50:44.531000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.deltaww.com/"
          },
          {
            "title": "Delta Industrial Automation has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-151-01"
          },
          {
            "title": "Patch for Delta Industrial Automation DOPSoft Heap Buffer Overflow Vulnerability (CNVD-2018-12140)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/132875"
          },
          {
            "title": "Delta Industrial Automation DOPSoft Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=81328"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-536"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12140"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006533"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-810"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006533"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10617"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 4.0,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-151-01"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/104375"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10617"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10617"
          },
          {
            "trust": 0.3,
            "url": "http://www.deltaww.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-536"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12140"
          },
          {
            "db": "BID",
            "id": "104375"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006533"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10617"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-810"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e3007681-39ab-11e9-9ce6-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-536"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12140"
          },
          {
            "db": "BID",
            "id": "104375"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006533"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10617"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-810"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-06-27T00:00:00",
            "db": "IVD",
            "id": "e3007681-39ab-11e9-9ce6-000c29342cb1"
          },
          {
            "date": "2018-06-05T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-536"
          },
          {
            "date": "2018-06-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-12140"
          },
          {
            "date": "2018-05-31T00:00:00",
            "db": "BID",
            "id": "104375"
          },
          {
            "date": "2018-08-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-006533"
          },
          {
            "date": "2018-06-18T19:29:00.217000",
            "db": "NVD",
            "id": "CVE-2018-10617"
          },
          {
            "date": "2018-06-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201806-810"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-06-05T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-536"
          },
          {
            "date": "2018-11-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-12140"
          },
          {
            "date": "2018-05-31T00:00:00",
            "db": "BID",
            "id": "104375"
          },
          {
            "date": "2018-08-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-006533"
          },
          {
            "date": "2019-10-09T23:32:55.790000",
            "db": "NVD",
            "id": "CVE-2018-10617"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201806-810"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-810"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Delta Electronics Delta Industrial Automation DOPSoft Buffer error vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006533"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "e3007681-39ab-11e9-9ce6-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-810"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201806-0552

    Vulnerability from variot - Updated: 2023-12-18 12:50

    Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length stack buffer where a value larger than the buffer can be read from a .dpa file into the buffer, causing the buffer to be overwritten. This may allow remote code execution or cause the application to crash. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of fields in DPA files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Delta Electronics Delta Industrial Automation DOPSoft is a set of human interface applications from Delta Electronics. A remote code-execution vulnerability 2. A stack-based buffer-overflow vulnerability 3. Failed attacks will cause denial of service conditions. DOPSoft 4.00.04 and prior are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201806-0552",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "delta industrial automation dopsoft",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "deltaww",
            "version": "4.00.04"
          },
          {
            "model": "industrial automation dopsoft",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "delta",
            "version": "4.00.04"
          },
          {
            "model": "dopsoft",
            "scope": null,
            "trust": 0.7,
            "vendor": "delta industrial automation",
            "version": null
          },
          {
            "model": "electronics delta industrial automation dopsoft",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "delta",
            "version": "\u003c=4.00.04"
          },
          {
            "model": "delta industrial automation dopsoft",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "deltaww",
            "version": "4.00.04"
          },
          {
            "model": "electronics inc dopsoft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "4.0.4"
          },
          {
            "model": "electronics inc dopsoft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "4.0.1"
          },
          {
            "model": "electronics inc dopsoft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "2.0.5"
          },
          {
            "model": "electronics inc dopsoft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "2.00.04.09"
          },
          {
            "model": "electronics inc dopsoft",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "delta",
            "version": "4.00.04.22"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "delta industrial automation dopsoft",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2ff8c21-39ab-11e9-a399-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-538"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12139"
          },
          {
            "db": "BID",
            "id": "104375"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006532"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10621"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-811"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:deltaww:delta_industrial_automation_dopsoft:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.00.04",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-10621"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "B0nd @garagehackers",
        "sources": [
          {
            "db": "BID",
            "id": "104375"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-811"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2018-10621",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-10621",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-10621",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-12139",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "e2ff8c21-39ab-11e9-a399-000c29342cb1",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-10621",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-10621",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "ZDI",
                "id": "CVE-2018-10621",
                "trust": 0.7,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-12139",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201806-811",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "e2ff8c21-39ab-11e9-a399-000c29342cb1",
                "trust": 0.2,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2ff8c21-39ab-11e9-a399-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-538"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12139"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006532"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10621"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-811"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length stack buffer where a value larger than the buffer can be read from a .dpa file into the buffer, causing the buffer to be overwritten. This may allow remote code execution or cause the application to crash. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of fields in DPA files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer.  An attacker can leverage this vulnerability to execute code under the context of the current process. Delta Electronics Delta Industrial Automation DOPSoft is a set of human interface applications from Delta Electronics. A remote code-execution vulnerability\n2. A stack-based buffer-overflow vulnerability\n3. Failed attacks will cause denial of  service conditions. \nDOPSoft 4.00.04 and prior are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-10621"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006532"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-538"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12139"
          },
          {
            "db": "BID",
            "id": "104375"
          },
          {
            "db": "IVD",
            "id": "e2ff8c21-39ab-11e9-a399-000c29342cb1"
          }
        ],
        "trust": 3.24
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-10621",
            "trust": 4.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-151-01",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "104375",
            "trust": 1.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12139",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-811",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006532",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6057",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-538",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "E2FF8C21-39AB-11E9-A399-000C29342CB1",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2ff8c21-39ab-11e9-a399-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-538"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12139"
          },
          {
            "db": "BID",
            "id": "104375"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006532"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10621"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-811"
          }
        ]
      },
      "id": "VAR-201806-0552",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2ff8c21-39ab-11e9-a399-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12139"
          }
        ],
        "trust": 1.7285714
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2ff8c21-39ab-11e9-a399-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12139"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:50:44.493000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.deltaww.com/"
          },
          {
            "title": "Delta Industrial Automation has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-151-01"
          },
          {
            "title": "Delta Industrial Automation DOPSoft Buffer Overflow Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/132873"
          },
          {
            "title": "Delta Industrial Automation DOPSoft Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=81329"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-538"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12139"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006532"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-811"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006532"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10621"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 4.0,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-151-01"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/104375"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10621"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10621"
          },
          {
            "trust": 0.3,
            "url": "http://www.deltaww.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-538"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12139"
          },
          {
            "db": "BID",
            "id": "104375"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006532"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10621"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-811"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2ff8c21-39ab-11e9-a399-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-538"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12139"
          },
          {
            "db": "BID",
            "id": "104375"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006532"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10621"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-811"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-06-27T00:00:00",
            "db": "IVD",
            "id": "e2ff8c21-39ab-11e9-a399-000c29342cb1"
          },
          {
            "date": "2018-06-05T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-538"
          },
          {
            "date": "2018-06-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-12139"
          },
          {
            "date": "2018-05-31T00:00:00",
            "db": "BID",
            "id": "104375"
          },
          {
            "date": "2018-08-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-006532"
          },
          {
            "date": "2018-06-18T19:29:00.247000",
            "db": "NVD",
            "id": "CVE-2018-10621"
          },
          {
            "date": "2018-06-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201806-811"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-06-05T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-538"
          },
          {
            "date": "2018-11-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-12139"
          },
          {
            "date": "2018-05-31T00:00:00",
            "db": "BID",
            "id": "104375"
          },
          {
            "date": "2018-08-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-006532"
          },
          {
            "date": "2019-10-09T23:32:56.353000",
            "db": "NVD",
            "id": "CVE-2018-10621"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201806-811"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-811"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Delta Industrial Automation DOPSoft Buffer Overflow Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "e2ff8c21-39ab-11e9-a399-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12139"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "e2ff8c21-39ab-11e9-a399-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-811"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201810-0388

    Vulnerability from variot - Updated: 2023-12-18 12:50

    Delta Electronics ISPSoft version 3.0.5 and prior allow an attacker, by opening a crafted file, to cause the application to read past the boundary allocated to a stack object, which could allow execution of code under the context of the application. Delta Electronics ISPSoft Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation ISPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of fields in DVP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics ISPSoft is a new generation of Delta PLC programming software from Delta Electronics. A failed attack can result in a denial of service. Failed exploit attempts will likely cause a denial-of-service condition

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0388",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ispsoft",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "deltaww",
            "version": "3.0.5"
          },
          {
            "model": "ispsoft",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "delta",
            "version": "3.0.5"
          },
          {
            "model": "ispsoft",
            "scope": null,
            "trust": 0.7,
            "vendor": "delta industrial automation",
            "version": null
          },
          {
            "model": "electronics ispsoft",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "delta",
            "version": "\u003c=3.0.5"
          },
          {
            "model": "ispsoft",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "deltaww",
            "version": "3.05"
          },
          {
            "model": "electronics inc ispsoft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "3.0.5"
          },
          {
            "model": "electronics inc ispsoft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "3.02.11"
          },
          {
            "model": "electronics inc ispsoft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "3.0"
          },
          {
            "model": "electronics inc ispsoft",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "delta",
            "version": "3.0.6"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ispsoft",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "a0ad6541-a14b-4dea-a482-1e6b57c9edc0"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1139"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-32234"
          },
          {
            "db": "BID",
            "id": "105485"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011166"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14800"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-100"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:deltaww:ispsoft:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.0.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-14800"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ariele Caltabiano (kimiya)",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1139"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2018-14800",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-14800",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 1.5,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2019-32234",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "a0ad6541-a14b-4dea-a482-1e6b57c9edc0",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-14800",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-14800",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "ZDI",
                "id": "CVE-2018-14800",
                "trust": 0.7,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-32234",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201810-100",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "a0ad6541-a14b-4dea-a482-1e6b57c9edc0",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "a0ad6541-a14b-4dea-a482-1e6b57c9edc0"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1139"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-32234"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011166"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14800"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-100"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Delta Electronics ISPSoft version 3.0.5 and prior allow an attacker, by opening a crafted file, to cause the application to read past the boundary allocated to a stack object, which could allow execution of code under the context of the application. Delta Electronics ISPSoft Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation ISPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of fields in DVP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics ISPSoft is a new generation of Delta PLC programming software from Delta Electronics. A failed attack can result in a denial of service. Failed exploit attempts will likely cause a denial-of-service condition",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-14800"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011166"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1139"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-32234"
          },
          {
            "db": "BID",
            "id": "105485"
          },
          {
            "db": "IVD",
            "id": "a0ad6541-a14b-4dea-a482-1e6b57c9edc0"
          }
        ],
        "trust": 3.24
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-14800",
            "trust": 4.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-275-01",
            "trust": 2.7
          },
          {
            "db": "BID",
            "id": "105485",
            "trust": 2.5
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-32234",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-100",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011166",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6367",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1139",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "A0AD6541-A14B-4DEA-A482-1E6B57C9EDC0",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "a0ad6541-a14b-4dea-a482-1e6b57c9edc0"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1139"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-32234"
          },
          {
            "db": "BID",
            "id": "105485"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011166"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14800"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-100"
          }
        ]
      },
      "id": "VAR-201810-0388",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "a0ad6541-a14b-4dea-a482-1e6b57c9edc0"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-32234"
          }
        ],
        "trust": 1.5305555533333335
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "a0ad6541-a14b-4dea-a482-1e6b57c9edc0"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-32234"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:50:33.921000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.deltaww.com/"
          },
          {
            "title": "Delta Industrial Automation has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-275-01"
          },
          {
            "title": "Patch for Delta Electronics ISPSoft Buffer Overflow Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/181347"
          },
          {
            "title": "Delta Electronics ISPSoft Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=86141"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1139"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-32234"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011166"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-100"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-125",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011166"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14800"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-275-01"
          },
          {
            "trust": 2.2,
            "url": "http://www.securityfocus.com/bid/105485"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14800"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14800"
          },
          {
            "trust": 0.3,
            "url": "http://www.deltaww.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1139"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-32234"
          },
          {
            "db": "BID",
            "id": "105485"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011166"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14800"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-100"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "a0ad6541-a14b-4dea-a482-1e6b57c9edc0"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1139"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-32234"
          },
          {
            "db": "BID",
            "id": "105485"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011166"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14800"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-100"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-09-20T00:00:00",
            "db": "IVD",
            "id": "a0ad6541-a14b-4dea-a482-1e6b57c9edc0"
          },
          {
            "date": "2018-10-10T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1139"
          },
          {
            "date": "2019-09-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-32234"
          },
          {
            "date": "2018-10-02T00:00:00",
            "db": "BID",
            "id": "105485"
          },
          {
            "date": "2019-01-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011166"
          },
          {
            "date": "2018-10-03T13:29:00.243000",
            "db": "NVD",
            "id": "CVE-2018-14800"
          },
          {
            "date": "2018-10-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201810-100"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-10-10T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1139"
          },
          {
            "date": "2019-09-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-32234"
          },
          {
            "date": "2018-10-02T00:00:00",
            "db": "BID",
            "id": "105485"
          },
          {
            "date": "2019-01-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011166"
          },
          {
            "date": "2019-10-09T23:35:14.170000",
            "db": "NVD",
            "id": "CVE-2018-14800"
          },
          {
            "date": "2019-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201810-100"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-100"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Delta Electronics ISPSoft Buffer Overflow Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "a0ad6541-a14b-4dea-a482-1e6b57c9edc0"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-32234"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "a0ad6541-a14b-4dea-a482-1e6b57c9edc0"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-100"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202101-0356

    Vulnerability from variot - Updated: 2023-12-18 12:49

    Delta Electronics DOPSoft Version 4.0.8.21 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code. Delta Electronics Provides HMI Related product DOPSoft and CNCSoft ScreenEditor The following multiple vulnerabilities exist in. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DPA files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. DOPSoft is a human-machine interface (HMI) programming software launched by Delta Electronics

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202101-0356",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dopsoft",
            "scope": null,
            "trust": 5.6,
            "vendor": "delta industrial automation",
            "version": null
          },
          {
            "model": "dopsoft",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "deltaww",
            "version": "4.0.8.21"
          },
          {
            "model": "cncsoft screeneditor",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "delta",
            "version": "version 1.01.26"
          },
          {
            "model": "dopsoft",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "delta",
            "version": "version 4.0.8.21"
          },
          {
            "model": "electronics dopsoft",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "delta",
            "version": "\u003c=4.0.8.21"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-038"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-037"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-036"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-035"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-034"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-032"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-029"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-028"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-04430"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001001"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27275"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:deltaww:dopsoft:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.0.8.21",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-27275"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "kimiya",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-038"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-037"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-036"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-035"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-034"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-032"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-029"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-028"
          }
        ],
        "trust": 5.6
      },
      "cve": "CVE-2020-27275",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2021-04430",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2020-27275",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 5.6,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "IPA score",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-001001",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 2.4,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2020-27275",
                "trust": 5.6,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2021-001001",
                "trust": 2.4,
                "value": "High"
              },
              {
                "author": "NVD",
                "id": "CVE-2020-27275",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-04430",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202101-255",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-038"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-037"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-036"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-035"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-034"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-032"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-029"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-028"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-04430"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001001"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001001"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001001"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27275"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-255"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Delta Electronics DOPSoft Version 4.0.8.21 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code. Delta Electronics Provides HMI Related product DOPSoft and CNCSoft ScreenEditor The following multiple vulnerabilities exist in. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DPA files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. DOPSoft is a human-machine interface (HMI) programming software launched by Delta Electronics",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-27275"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001001"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-038"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-037"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-036"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-035"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-034"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-032"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-029"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-028"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-04430"
          }
        ],
        "trust": 7.2
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-27275",
            "trust": 8.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-005-05",
            "trust": 3.0
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-038",
            "trust": 2.3
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-037",
            "trust": 2.3
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-036",
            "trust": 2.3
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-035",
            "trust": 2.3
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-034",
            "trust": 2.3
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-032",
            "trust": 2.3
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-029",
            "trust": 2.3
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-028",
            "trust": 2.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-005-06",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU91044574",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001001",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-11662",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-11660",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-11666",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-11658",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-11664",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-11661",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-11645",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-11644",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-04430",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0045",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-255",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-038"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-037"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-036"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-035"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-034"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-032"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-029"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-028"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-04430"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001001"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27275"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-255"
          }
        ]
      },
      "id": "VAR-202101-0356",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-04430"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-04430"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:49:22.312000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "",
            "trust": 5.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-05"
          },
          {
            "title": "CNCSoft - Delta | Download Center",
            "trust": 0.8,
            "url": "https://downloadcenter.deltaww.com/en-us/downloadcenter?v=1\u0026cid=06\u0026itemid=060202\u0026datatype=8"
          },
          {
            "title": "DOPSoft - Delta | Download Center",
            "trust": 0.8,
            "url": "https://downloadcenter.deltaww.com/en-us/downloadcenter?v=1\u0026cid=06\u0026itemid=060302\u0026datatype=8\u0026q=dopsoft"
          },
          {
            "title": "Patch for DOPSoft out-of-bounds write vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/244816"
          },
          {
            "title": "Delta Electronics Industrial Automation DOPSoft Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=138909"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-038"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-037"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-036"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-035"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-034"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-032"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-029"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-028"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-04430"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001001"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-255"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-121",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-822",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001001"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27275"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 9.2,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-05"
          },
          {
            "trust": 1.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-21-028/"
          },
          {
            "trust": 1.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-21-029/"
          },
          {
            "trust": 1.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-21-032/"
          },
          {
            "trust": 1.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-21-034/"
          },
          {
            "trust": 1.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-21-035/"
          },
          {
            "trust": 1.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-21-036/"
          },
          {
            "trust": 1.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-21-037/"
          },
          {
            "trust": 1.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-21-038/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27275"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27277"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27281"
          },
          {
            "trust": 0.8,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-06"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu91044574"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0045/"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27275"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-038"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-037"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-036"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-035"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-034"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-032"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-029"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-028"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-04430"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001001"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27275"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-255"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-21-038"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-037"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-036"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-035"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-034"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-032"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-029"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-028"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-04430"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001001"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27275"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-255"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-01-14T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-038"
          },
          {
            "date": "2021-01-14T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-037"
          },
          {
            "date": "2021-01-14T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-036"
          },
          {
            "date": "2021-01-14T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-035"
          },
          {
            "date": "2021-01-14T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-034"
          },
          {
            "date": "2021-01-14T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-032"
          },
          {
            "date": "2021-01-14T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-029"
          },
          {
            "date": "2021-01-14T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-028"
          },
          {
            "date": "2021-01-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-04430"
          },
          {
            "date": "2021-01-07T07:38:37",
            "db": "JVNDB",
            "id": "JVNDB-2021-001001"
          },
          {
            "date": "2021-01-11T16:15:15.147000",
            "db": "NVD",
            "id": "CVE-2020-27275"
          },
          {
            "date": "2021-01-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-255"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-01-14T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-038"
          },
          {
            "date": "2021-01-14T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-037"
          },
          {
            "date": "2021-01-14T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-036"
          },
          {
            "date": "2021-01-14T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-035"
          },
          {
            "date": "2021-01-14T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-034"
          },
          {
            "date": "2021-01-14T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-032"
          },
          {
            "date": "2021-01-14T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-029"
          },
          {
            "date": "2021-01-14T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-028"
          },
          {
            "date": "2021-01-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-04430"
          },
          {
            "date": "2021-01-07T07:38:37",
            "db": "JVNDB",
            "id": "JVNDB-2021-001001"
          },
          {
            "date": "2021-03-09T16:08:17.430000",
            "db": "NVD",
            "id": "CVE-2020-27275"
          },
          {
            "date": "2021-01-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-255"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-255"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Delta Industrial Automation DOPSoft XLS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-038"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-037"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-036"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-035"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-034"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-032"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-029"
          }
        ],
        "trust": 4.9
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-255"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202101-0358

    Vulnerability from variot - Updated: 2023-12-18 12:49

    Delta Electronics DOPSoft Version 4.0.8.21 and prior has a null pointer dereference issue while processing project files, which may allow an attacker to execute arbitrary code. Delta Electronics Provides HMI Related product DOPSoft and CNCSoft ScreenEditor The following multiple vulnerabilities exist in. DOPSoft ‥ * Out-of-bounds writing (CWE-787) - CVE-2020-27275 ‥ * Untrusted pointer reference (CWE-822) - CVE-2020-27277 CNCSoft ScreenEditor ‥ * Buffer overflow (CWE-121) - CVE-2020-27281Both vulnerabilities could allow arbitrary code to be executed by processing a specially crafted project file. This vulnerability allows remote atackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of XLS files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. DOPSoft is a human-machine interface (HMI) programming software launched by Delta Electronics

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202101-0358",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dopsoft",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "deltaww",
            "version": "4.0.8.21"
          },
          {
            "model": "cncsoft screeneditor",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "delta",
            "version": "version 1.01.26"
          },
          {
            "model": "dopsoft",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "delta",
            "version": "version 4.0.8.21"
          },
          {
            "model": "dopsoft",
            "scope": null,
            "trust": 0.7,
            "vendor": "delta industrial automation",
            "version": null
          },
          {
            "model": "electronics dopsoft",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "delta",
            "version": "\u003c=4.0.8.21"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-033"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-04429"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001001"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27277"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:deltaww:dopsoft:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.0.8.21",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-27277"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "kimiya",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-033"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2020-27277",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2021-04429",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULMON",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2020-27277",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "IPA score",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-001001",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 2.4,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2020-27277",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "IPA",
                "id": "JVNDB-2021-001001",
                "trust": 2.4,
                "value": "High"
              },
              {
                "author": "NVD",
                "id": "CVE-2020-27277",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "ZDI",
                "id": "CVE-2020-27277",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-04429",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202101-254",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-27277",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-033"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-04429"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-27277"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001001"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001001"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001001"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27277"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-254"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Delta Electronics DOPSoft Version 4.0.8.21 and prior has a null pointer dereference issue while processing project files, which may allow an attacker to execute arbitrary code. Delta Electronics Provides HMI Related product DOPSoft and CNCSoft ScreenEditor The following multiple vulnerabilities exist in. DOPSoft \u2025 * Out-of-bounds writing (CWE-787) - CVE-2020-27275 \u2025 * Untrusted pointer reference (CWE-822) - CVE-2020-27277 CNCSoft ScreenEditor \u2025 * Buffer overflow (CWE-121) - CVE-2020-27281Both vulnerabilities could allow arbitrary code to be executed by processing a specially crafted project file. This vulnerability allows remote atackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft.  User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of XLS files.  The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer.  An attacker can leverage this vulnerability to execute code in the context of the current process. DOPSoft is a human-machine interface (HMI) programming software launched by Delta Electronics",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-27277"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001001"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-033"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-04429"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-27277"
          }
        ],
        "trust": 2.88
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-27277",
            "trust": 3.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-005-05",
            "trust": 3.1
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-033",
            "trust": 2.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-005-06",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU91044574",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001001",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-11663",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-04429",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0045",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-254",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-27277",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-033"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-04429"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-27277"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001001"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27277"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-254"
          }
        ]
      },
      "id": "VAR-202101-0358",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-04429"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-04429"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:49:22.274000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "CNCSoft - Delta | Download Center",
            "trust": 0.8,
            "url": "https://downloadcenter.deltaww.com/en-us/downloadcenter?v=1\u0026cid=06\u0026itemid=060202\u0026datatype=8"
          },
          {
            "title": "DOPSoft - Delta | Download Center",
            "trust": 0.8,
            "url": "https://downloadcenter.deltaww.com/en-us/downloadcenter?v=1\u0026cid=06\u0026itemid=060302\u0026datatype=8\u0026q=dopsoft"
          },
          {
            "title": "",
            "trust": 0.7,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-05"
          },
          {
            "title": "Patch for DOPSoft Null Pointer Dereference Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/244813"
          },
          {
            "title": "Delta Electronics Industrial Automation DOPSoft Fixes for code issue vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=139261"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-033"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-04429"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001001"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-254"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-476",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-121",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-787",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-822",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001001"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27277"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 4.4,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-05"
          },
          {
            "trust": 1.8,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-21-033/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27275"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27277"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27281"
          },
          {
            "trust": 0.8,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-06"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu91044574"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0045/"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27277"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/476.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-033"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-04429"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-27277"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001001"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27277"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-254"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-21-033"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-04429"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-27277"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001001"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27277"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-254"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-01-14T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-033"
          },
          {
            "date": "2021-01-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-04429"
          },
          {
            "date": "2021-01-11T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-27277"
          },
          {
            "date": "2021-01-07T07:38:37",
            "db": "JVNDB",
            "id": "JVNDB-2021-001001"
          },
          {
            "date": "2021-01-11T16:15:15.243000",
            "db": "NVD",
            "id": "CVE-2020-27277"
          },
          {
            "date": "2021-01-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-254"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-01-14T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-033"
          },
          {
            "date": "2021-01-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-04429"
          },
          {
            "date": "2021-03-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-27277"
          },
          {
            "date": "2021-01-07T07:38:37",
            "db": "JVNDB",
            "id": "JVNDB-2021-001001"
          },
          {
            "date": "2021-03-09T16:07:50.883000",
            "db": "NVD",
            "id": "CVE-2020-27277"
          },
          {
            "date": "2021-01-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-254"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-254"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Delta Electronics Made  HMI Multiple vulnerabilities in software",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001001"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "code problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-254"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201908-0865

    Vulnerability from variot - Updated: 2023-12-18 12:43

    In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, processing a specially crafted project file may trigger multiple out-of-bounds read vulnerabilities, which may allow information disclosure, remote code execution, or crash of the application. Delta Industrial Automation DOPSoft Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected instances of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DPA files. The issue results from the lack of proper validation of user-supplied data, which can result in a read before the start of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics Industrial Automation DOPSoft is a set of human-machine interface (HMI) software from Taiwan's Delta Electronics (Delta Electronics) company. The vulnerability originated when the network system or product performed operations on the memory, and the data boundary was not correctly verified, resulting in an incorrect execution of the associated other memory location. For read and write operations, an attacker can use this vulnerability to cause a buffer overflow or heap overflow

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201908-0865",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dopsoft",
            "scope": null,
            "trust": 3.5,
            "vendor": "delta industrial automation",
            "version": null
          },
          {
            "model": "delta industrial automation dopsoft",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "deltaww",
            "version": "4.00.06.15"
          },
          {
            "model": "industrial automation dopsoft",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "delta",
            "version": "4.00.06.15"
          },
          {
            "model": "electronics delta industrial automation dopsoft",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "delta",
            "version": "\u003c=4.00.06.15"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-722"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-720"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-718"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-719"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-721"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17022"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008435"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13513"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:deltaww:delta_industrial_automation_dopsoft:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.00.06.15",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-13513"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "kimiya of 9SG Security Team - kimiya@9sgsec.com",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-722"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-720"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-718"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-719"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-721"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-939"
          }
        ],
        "trust": 4.1
      },
      "cve": "CVE-2019-13513",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2019-13513",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2020-17022",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2019-13513",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 3.5,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-13513",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2019-13513",
                "trust": 3.5,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-13513",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-17022",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201908-939",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-722"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-720"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-718"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-719"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-721"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17022"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008435"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13513"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-939"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, processing a specially crafted project file may trigger multiple out-of-bounds read vulnerabilities, which may allow information disclosure, remote code execution, or crash of the application. Delta Industrial Automation DOPSoft Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected instances of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DPA files. The issue results from the lack of proper validation of user-supplied data, which can result in a read before the start of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics Industrial Automation DOPSoft is a set of human-machine interface (HMI) software from Taiwan\u0027s Delta Electronics (Delta Electronics) company. The vulnerability originated when the network system or product performed operations on the memory, and the data boundary was not correctly verified, resulting in an incorrect execution of the associated other memory location. For read and write operations, an attacker can use this vulnerability to cause a buffer overflow or heap overflow",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-13513"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008435"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-722"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-720"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-718"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-719"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-721"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17022"
          }
        ],
        "trust": 5.31
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-13513",
            "trust": 6.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-225-01",
            "trust": 3.0
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-722",
            "trust": 2.3
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-720",
            "trust": 2.3
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-718",
            "trust": 2.3
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-719",
            "trust": 2.3
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-721",
            "trust": 2.3
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008435",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-8282",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-8253",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-8251",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-8252",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-8254",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17022",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3104",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-939",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-722"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-720"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-718"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-719"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-721"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17022"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008435"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13513"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-939"
          }
        ]
      },
      "id": "VAR-201908-0865",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-17022"
          }
        ],
        "trust": 1.5285714000000001
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-17022"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:43:23.774000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Delta Industrial Automation has issued an update to correct this vulnerability.",
            "trust": 3.5,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-225-01"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.deltaww.com/"
          },
          {
            "title": "Patch for Delta Industrial Automation DOPSoft buffer overflow vulnerability (CNVD-2020-17022)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/208771"
          },
          {
            "title": "Delta Industrial Automation DOPSoft Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=96622"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-722"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-720"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-718"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-719"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-721"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17022"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008435"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-939"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-125",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008435"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13513"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 7.1,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-225-01"
          },
          {
            "trust": 2.2,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-19-722/"
          },
          {
            "trust": 1.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-19-718/"
          },
          {
            "trust": 1.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-19-719/"
          },
          {
            "trust": 1.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-19-720/"
          },
          {
            "trust": 1.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-19-721/"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13513"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13513"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3104/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-722"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-720"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-718"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-719"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-721"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17022"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008435"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13513"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-939"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-19-722"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-720"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-718"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-719"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-721"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17022"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008435"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13513"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-939"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-722"
          },
          {
            "date": "2019-08-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-720"
          },
          {
            "date": "2019-08-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-718"
          },
          {
            "date": "2019-08-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-719"
          },
          {
            "date": "2019-08-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-721"
          },
          {
            "date": "2020-03-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-17022"
          },
          {
            "date": "2019-08-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-008435"
          },
          {
            "date": "2019-08-15T19:15:11.090000",
            "db": "NVD",
            "id": "CVE-2019-13513"
          },
          {
            "date": "2019-08-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-939"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-722"
          },
          {
            "date": "2019-08-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-720"
          },
          {
            "date": "2019-08-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-718"
          },
          {
            "date": "2019-08-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-719"
          },
          {
            "date": "2019-08-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-721"
          },
          {
            "date": "2020-03-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-17022"
          },
          {
            "date": "2019-08-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-008435"
          },
          {
            "date": "2023-03-03T19:35:44.467000",
            "db": "NVD",
            "id": "CVE-2019-13513"
          },
          {
            "date": "2019-09-03T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-939"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-939"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-722"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-720"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-718"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-719"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-721"
          }
        ],
        "trust": 3.5
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-939"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201908-0866

    Vulnerability from variot - Updated: 2023-12-18 12:43

    In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, processing a specially crafted project file may trigger a use-after-free vulnerability, which may allow information disclosure, remote code execution, or crash of the application. Delta Industrial Automation DOPSoft Contains a vulnerability in the use of freed memory.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DPA files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics Industrial Automation DOPSoft is a set of human-machine interface (HMI) software from Taiwan's Delta Electronics (Delta Electronics) company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201908-0866",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "delta industrial automation dopsoft",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "deltaww",
            "version": "4.00.06.15"
          },
          {
            "model": "industrial automation dopsoft",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "delta",
            "version": "4.00.06.15"
          },
          {
            "model": "dopsoft",
            "scope": null,
            "trust": 0.7,
            "vendor": "delta industrial automation",
            "version": null
          },
          {
            "model": "electronics delta industrial automation dopsoft",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "delta",
            "version": "\u003c=4.00.06.15"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-717"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17023"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008309"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13514"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:deltaww:delta_industrial_automation_dopsoft:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.00.06.15",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-13514"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "kimiya of 9SG Security Team - kimiya@9sgsec.com",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-717"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2019-13514",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2019-13514",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2020-17023",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-13514",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2019-13514",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2019-13514",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "ZDI",
                "id": "CVE-2019-13514",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-17023",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201908-1052",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-13514",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-717"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17023"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-13514"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008309"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13514"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1052"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, processing a specially crafted project file may trigger a use-after-free vulnerability, which may allow information disclosure, remote code execution, or crash of the application. Delta Industrial Automation DOPSoft Contains a vulnerability in the use of freed memory.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DPA files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics Industrial Automation DOPSoft is a set of human-machine interface (HMI) software from Taiwan\u0027s Delta Electronics (Delta Electronics) company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-13514"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008309"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-717"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17023"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-13514"
          }
        ],
        "trust": 2.88
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-13514",
            "trust": 3.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-225-01",
            "trust": 3.1
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-717",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008309",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-8250",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17023",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3104",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1052",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-13514",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-717"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17023"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-13514"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008309"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13514"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1052"
          }
        ]
      },
      "id": "VAR-201908-0866",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-17023"
          }
        ],
        "trust": 1.5285714000000001
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-17023"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:43:23.739000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.deltaww.com/"
          },
          {
            "title": "Delta Industrial Automation has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-225-01"
          },
          {
            "title": "Patch for Delta Electronics Industrial Automation DOPSoft Resource Management Error Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/208773"
          },
          {
            "title": "Delta Industrial Automation DOPSoft Remediation of resource management error vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=96729"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-717"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17023"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008309"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1052"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-416",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008309"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13514"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.8,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-225-01"
          },
          {
            "trust": 1.7,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-19-717/"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13514"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13514"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3104/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/416.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165328"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-717"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17023"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-13514"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008309"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13514"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1052"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-19-717"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17023"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-13514"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008309"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13514"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1052"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-717"
          },
          {
            "date": "2020-03-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-17023"
          },
          {
            "date": "2019-08-15T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-13514"
          },
          {
            "date": "2019-08-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-008309"
          },
          {
            "date": "2019-08-15T19:15:11.153000",
            "db": "NVD",
            "id": "CVE-2019-13514"
          },
          {
            "date": "2019-08-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-1052"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-717"
          },
          {
            "date": "2020-03-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-17023"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-13514"
          },
          {
            "date": "2019-08-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-008309"
          },
          {
            "date": "2023-03-03T19:25:54.057000",
            "db": "NVD",
            "id": "CVE-2019-13514"
          },
          {
            "date": "2019-09-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-1052"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1052"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Delta Electronics Industrial Automation DOPSoft Resource Management Error Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-17023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1052"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1052"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201809-0158

    Vulnerability from variot - Updated: 2023-12-18 12:28

    Delta Electronics Delta Industrial Automation PMSoft v2.11 or prior has an out-of-bounds read vulnerability that can be executed when processing project files, which may allow an attacker to read confidential information. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of PPM files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201809-0158",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "delta industrial automation pmsoft",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "deltaww",
            "version": "2.11"
          },
          {
            "model": "industrial automation pmsoft",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "delta",
            "version": "2.11"
          },
          {
            "model": "pmsoft",
            "scope": null,
            "trust": 0.7,
            "vendor": "delta industrial automation",
            "version": null
          },
          {
            "model": "delta industrial automation pmsoft",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "deltaww",
            "version": "2.11"
          },
          {
            "model": "electronics inc pmsoft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "2.11"
          },
          {
            "model": "electronics inc pmsoft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "2.10.10"
          },
          {
            "model": "electronics inc pmsoft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "2.10"
          },
          {
            "model": "electronics inc pmsoft",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "2.0"
          },
          {
            "model": "electronics inc pmsoft",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "delta",
            "version": "2.12"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1093"
          },
          {
            "db": "BID",
            "id": "105409"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012400"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14824"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-1220"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:deltaww:delta_industrial_automation_pmsoft:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.11",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-14824"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mat Powell of Trend Micro Zero Day Initiative",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1093"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2018-14824",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-14824",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 1.5,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-14824",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-14824",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "ZDI",
                "id": "CVE-2018-14824",
                "trust": 0.7,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201809-1220",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1093"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012400"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14824"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-1220"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Delta Electronics Delta Industrial Automation PMSoft v2.11 or prior has an out-of-bounds read vulnerability that can be executed when processing project files, which may allow an attacker to read confidential information. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of PPM files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. \nAn attacker can exploit this issue to obtain sensitive information that may aid in further attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-14824"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012400"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1093"
          },
          {
            "db": "BID",
            "id": "105409"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-14824",
            "trust": 3.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-270-04",
            "trust": 2.7
          },
          {
            "db": "BID",
            "id": "105409",
            "trust": 1.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012400",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6322",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1093",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-1220",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1093"
          },
          {
            "db": "BID",
            "id": "105409"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012400"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14824"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-1220"
          }
        ]
      },
      "id": "VAR-201809-0158",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.7875
      },
      "last_update_date": "2023-12-18T12:28:34.927000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Customer Service",
            "trust": 0.8,
            "url": "http://www.deltaww.com/services/downloadcenter2.aspx?secid=8\u0026pid=2\u0026tid=0\u0026cid=06\u0026itemid=060301\u0026typeid=1\u0026downloadid=,\u0026title=--%20select%20product%20series%20--\u0026datatype=8;\u0026check=1\u0026hl=en-us"
          },
          {
            "title": "Delta Industrial Automation has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-270-04"
          },
          {
            "title": "Delta Electronics Delta Industrial Automation PMSoft Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=85236"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1093"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012400"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-1220"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-125",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012400"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14824"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-270-04"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/105409"
          },
          {
            "trust": 1.0,
            "url": "http://www.deltaww.com/services/downloadcenter2.aspx?secid=8\u0026pid=2\u0026tid=0\u0026cid=06\u0026itemid=060301\u0026typeid=1\u0026downloadid=%2c\u0026title=--%20select%20product%20series%20--\u0026datatype=8%3b\u0026check=1\u0026hl=en-us"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14824"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14824"
          },
          {
            "trust": 0.6,
            "url": "http://www.deltaww.com/services/downloadcenter2.aspx?secid=8\u0026pid=2\u0026tid=0\u0026cid=06\u0026itemid=060301\u0026typeid=1\u0026downloadid="
          },
          {
            "trust": 0.3,
            "url": "http://www.deltaww.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1093"
          },
          {
            "db": "BID",
            "id": "105409"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012400"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14824"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-1220"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1093"
          },
          {
            "db": "BID",
            "id": "105409"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012400"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14824"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-1220"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-09-28T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1093"
          },
          {
            "date": "2018-09-27T00:00:00",
            "db": "BID",
            "id": "105409"
          },
          {
            "date": "2019-02-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-012400"
          },
          {
            "date": "2018-09-27T20:29:00.430000",
            "db": "NVD",
            "id": "CVE-2018-14824"
          },
          {
            "date": "2018-09-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-1220"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-09-28T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1093"
          },
          {
            "date": "2018-09-27T00:00:00",
            "db": "BID",
            "id": "105409"
          },
          {
            "date": "2019-02-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-012400"
          },
          {
            "date": "2023-11-07T02:53:02.273000",
            "db": "NVD",
            "id": "CVE-2018-14824"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-1220"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-1220"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Delta Electronics Delta Industrial Automation PMSoft Vulnerable to out-of-bounds reading",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012400"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-1220"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201904-1021

    Vulnerability from variot - Updated: 2023-12-18 12:28

    Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. There is a lack of user input validation before copying data from project files onto the heap. Delta CNCSoft ScreenEditor Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DPB files. An attacker can leverage this vulnerability to execute code in the context of the Administrator. Multiple stack-based buffer-overflow vulnerabilities 2. Multiple heap-based buffer-overflow vulnerabilities 3

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201904-1021",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "cncsoft screeneditor",
            "scope": null,
            "trust": 1.4,
            "vendor": "delta industrial automation",
            "version": null
          },
          {
            "model": "cncsoft screeneditor",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "deltaww",
            "version": "1.00.88"
          },
          {
            "model": "screeneditor",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "delta",
            "version": "1.00.88"
          },
          {
            "model": "electronics inc cncsoft screeneditor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "1.0.88"
          },
          {
            "model": "electronics inc cncsoft screeneditor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "1.0.84"
          },
          {
            "model": "electronics inc cncsoft screeneditor",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "delta",
            "version": "1.0.89"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-408"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-405"
          },
          {
            "db": "BID",
            "id": "107989"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003485"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10951"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:deltaww:cncsoft_screeneditor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.00.88",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-10951"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Natnael Samson(@NattiSamson",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-408"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2019-10951",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2019-10951",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2019-10951",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.4,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-10951",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2019-10951",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "ZDI",
                "id": "CVE-2019-10951",
                "trust": 1.4,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201904-791",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-408"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-405"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003485"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10951"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-791"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. There is a lack of user input validation before copying data from project files onto the heap. Delta CNCSoft ScreenEditor Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DPB files. An attacker can leverage this vulnerability to execute code in the context of the Administrator. Multiple stack-based buffer-overflow vulnerabilities\n2. Multiple heap-based buffer-overflow vulnerabilities\n3",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-10951"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003485"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-408"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-405"
          },
          {
            "db": "BID",
            "id": "107989"
          }
        ],
        "trust": 3.15
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-10951",
            "trust": 4.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-106-01",
            "trust": 2.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-408",
            "trust": 2.3
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-405",
            "trust": 2.3
          },
          {
            "db": "BID",
            "id": "107989",
            "trust": 1.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003485",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-7831",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-7813",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.1319",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-791",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-408"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-405"
          },
          {
            "db": "BID",
            "id": "107989"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003485"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10951"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-791"
          }
        ]
      },
      "id": "VAR-201904-1021",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.3
      },
      "last_update_date": "2023-12-18T12:28:23.514000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Delta Industrial Automation has issued an update to correct this vulnerability.",
            "trust": 1.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-106-01"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.deltaww.com/"
          },
          {
            "title": "Delta Electronics Delta Industrial Automation CNCSoft ScreenEditor Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=91587"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-408"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-405"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003485"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-791"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-119",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003485"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10951"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 4.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-106-01"
          },
          {
            "trust": 2.2,
            "url": "http://www.securityfocus.com/bid/107989"
          },
          {
            "trust": 2.2,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-19-408/"
          },
          {
            "trust": 1.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-19-405/"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10951"
          },
          {
            "trust": 0.9,
            "url": "http://www.deltaww.com/services/downloadcenter2.aspx?secid=8\u0026pid=2\u0026tid=0\u0026cid=06\u0026itemid=060202\u0026typeid=1\u0026downloadid=\u0026title=\u0026datatype=8;\u0026check=1\u0026hl=en-us"
          },
          {
            "trust": 0.9,
            "url": "http://www.deltaww.com/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10951"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/79202"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-408"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-405"
          },
          {
            "db": "BID",
            "id": "107989"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003485"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10951"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-791"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-19-408"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-405"
          },
          {
            "db": "BID",
            "id": "107989"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003485"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10951"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-791"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-04-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-408"
          },
          {
            "date": "2019-04-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-405"
          },
          {
            "date": "2019-04-16T00:00:00",
            "db": "BID",
            "id": "107989"
          },
          {
            "date": "2019-05-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-003485"
          },
          {
            "date": "2019-04-17T15:29:00.813000",
            "db": "NVD",
            "id": "CVE-2019-10951"
          },
          {
            "date": "2019-04-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201904-791"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-04-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-408"
          },
          {
            "date": "2019-04-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-405"
          },
          {
            "date": "2019-04-16T00:00:00",
            "db": "BID",
            "id": "107989"
          },
          {
            "date": "2019-05-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-003485"
          },
          {
            "date": "2020-10-02T14:43:54.363000",
            "db": "NVD",
            "id": "CVE-2019-10951"
          },
          {
            "date": "2020-10-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201904-791"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "BID",
            "id": "107989"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-791"
          }
        ],
        "trust": 0.9
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Delta CNCSoft ScreenEditor Buffer error vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003485"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-791"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201904-1017

    Vulnerability from variot - Updated: 2023-12-18 12:28

    Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. This may occur because CNCSoft lacks user input validation before copying data from project files onto the stack. Delta CNCSoft ScreenEditor Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of DPB files. When parsing the wTextLen element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the Administrator. Multiple stack-based buffer-overflow vulnerabilities 2. Multiple heap-based buffer-overflow vulnerabilities 3

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201904-1017",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "cncsoft screeneditor",
            "scope": null,
            "trust": 4.2,
            "vendor": "delta industrial automation",
            "version": null
          },
          {
            "model": "cncsoft",
            "scope": null,
            "trust": 1.4,
            "vendor": "delta industrial automation",
            "version": null
          },
          {
            "model": "cncsoft screeneditor",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "deltaww",
            "version": "1.00.88"
          },
          {
            "model": "screeneditor",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "delta",
            "version": "1.00.88"
          },
          {
            "model": "electronics inc cncsoft screeneditor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "1.0.88"
          },
          {
            "model": "electronics inc cncsoft screeneditor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "1.0.84"
          },
          {
            "model": "electronics inc cncsoft screeneditor",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "delta",
            "version": "1.0.89"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-399"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-401"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-402"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-410"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-404"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-417"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-400"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-403"
          },
          {
            "db": "BID",
            "id": "107989"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003483"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10947"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:deltaww:cncsoft_screeneditor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.00.88",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-10947"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Natnael Samson (@NattiSamson)",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-399"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-401"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-402"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-410"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-404"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-417"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-400"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-403"
          }
        ],
        "trust": 5.6
      },
      "cve": "CVE-2019-10947",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2019-10947",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2019-10947",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 5.6,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-10947",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2019-10947",
                "trust": 5.6,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-10947",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201904-797",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-399"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-401"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-402"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-410"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-404"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-417"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-400"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-403"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003483"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10947"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-797"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. This may occur because CNCSoft lacks user input validation before copying data from project files onto the stack. Delta CNCSoft ScreenEditor Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of DPB files. When parsing the wTextLen element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the Administrator. Multiple stack-based buffer-overflow vulnerabilities\n2. Multiple heap-based buffer-overflow vulnerabilities\n3",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-10947"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003483"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-399"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-401"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-402"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-410"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-404"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-417"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-400"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-403"
          },
          {
            "db": "BID",
            "id": "107989"
          }
        ],
        "trust": 6.93
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-10947",
            "trust": 8.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-106-01",
            "trust": 2.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-399",
            "trust": 2.3
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-401",
            "trust": 2.3
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-402",
            "trust": 2.3
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-410",
            "trust": 2.3
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-404",
            "trust": 2.3
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-417",
            "trust": 2.3
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-400",
            "trust": 2.3
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-403",
            "trust": 2.3
          },
          {
            "db": "BID",
            "id": "107989",
            "trust": 1.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003483",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-7807",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-7809",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-7810",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-7823",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-7812",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-7946",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-7808",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-7811",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.1319",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-797",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-399"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-401"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-402"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-410"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-404"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-417"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-400"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-403"
          },
          {
            "db": "BID",
            "id": "107989"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003483"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10947"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-797"
          }
        ]
      },
      "id": "VAR-201904-1017",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.3
      },
      "last_update_date": "2023-12-18T12:28:23.452000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Delta Industrial Automation has issued an update to correct this vulnerability.",
            "trust": 5.6,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-106-01"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.deltaww.com/"
          },
          {
            "title": "Delta Electronics Delta Industrial Automation CNCSoft ScreenEditor Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=91593"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-399"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-401"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-402"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-410"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-404"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-417"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-400"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-403"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003483"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-797"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-119",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003483"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10947"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 8.9,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-106-01"
          },
          {
            "trust": 2.2,
            "url": "http://www.securityfocus.com/bid/107989"
          },
          {
            "trust": 2.2,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-19-417/"
          },
          {
            "trust": 1.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-19-399/"
          },
          {
            "trust": 1.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-19-400/"
          },
          {
            "trust": 1.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-19-401/"
          },
          {
            "trust": 1.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-19-402/"
          },
          {
            "trust": 1.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-19-403/"
          },
          {
            "trust": 1.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-19-404/"
          },
          {
            "trust": 1.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-19-410/"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10947"
          },
          {
            "trust": 0.9,
            "url": "http://www.deltaww.com/services/downloadcenter2.aspx?secid=8\u0026pid=2\u0026tid=0\u0026cid=06\u0026itemid=060202\u0026typeid=1\u0026downloadid=\u0026title=\u0026datatype=8;\u0026check=1\u0026hl=en-us"
          },
          {
            "trust": 0.9,
            "url": "http://www.deltaww.com/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10947"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/79202"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-399"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-401"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-402"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-410"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-404"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-417"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-400"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-403"
          },
          {
            "db": "BID",
            "id": "107989"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003483"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10947"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-797"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-19-399"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-401"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-402"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-410"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-404"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-417"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-400"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-403"
          },
          {
            "db": "BID",
            "id": "107989"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003483"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10947"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-797"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-04-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-399"
          },
          {
            "date": "2019-04-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-401"
          },
          {
            "date": "2019-04-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-402"
          },
          {
            "date": "2019-04-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-410"
          },
          {
            "date": "2019-04-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-404"
          },
          {
            "date": "2019-04-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-417"
          },
          {
            "date": "2019-04-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-400"
          },
          {
            "date": "2019-04-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-403"
          },
          {
            "date": "2019-04-16T00:00:00",
            "db": "BID",
            "id": "107989"
          },
          {
            "date": "2019-05-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-003483"
          },
          {
            "date": "2019-04-17T15:29:00.750000",
            "db": "NVD",
            "id": "CVE-2019-10947"
          },
          {
            "date": "2019-04-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201904-797"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-04-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-399"
          },
          {
            "date": "2019-04-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-401"
          },
          {
            "date": "2019-04-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-402"
          },
          {
            "date": "2019-04-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-410"
          },
          {
            "date": "2019-04-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-404"
          },
          {
            "date": "2019-04-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-417"
          },
          {
            "date": "2019-04-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-400"
          },
          {
            "date": "2019-04-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-403"
          },
          {
            "date": "2019-04-16T00:00:00",
            "db": "BID",
            "id": "107989"
          },
          {
            "date": "2019-05-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-003483"
          },
          {
            "date": "2020-10-02T14:44:09.410000",
            "db": "NVD",
            "id": "CVE-2019-10947"
          },
          {
            "date": "2020-10-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201904-797"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "BID",
            "id": "107989"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-797"
          }
        ],
        "trust": 0.9
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing wMessageLen Stack-based Buffer Overflow Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-401"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-400"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-403"
          }
        ],
        "trust": 2.1
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-797"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201902-0133

    Vulnerability from variot - Updated: 2023-12-18 12:28

    Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.84 and prior. An out-of-bounds read vulnerability may cause the software to crash due to lacking user input validation for processing project files. CNCSoft ScreenEditor Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DPB files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Remote attackers may exploit this issue to cause denial-of-service conditions, denying service to legitimate users

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201902-0133",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "screeneditor",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "deltaww",
            "version": "1.00.84"
          },
          {
            "model": "screeneditor",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "delta",
            "version": "1.00.84"
          },
          {
            "model": "cncsoft",
            "scope": null,
            "trust": 0.7,
            "vendor": "delta industrial automation",
            "version": null
          },
          {
            "model": "electronics inc cncsoft screeneditor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "1.0.84"
          },
          {
            "model": "electronics inc cncsoft screeneditor",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "delta",
            "version": "1.1.15"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-225"
          },
          {
            "db": "BID",
            "id": "107086"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002116"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6547"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:deltaww:screeneditor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.00.84",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-6547"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Natnael Samson(@NattiSamson)",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-225"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2019-6547",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 4.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2019-6547",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.8,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 5.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2019-6547",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.8,
                "id": "CVE-2019-6547",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2019-6547",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "ZDI",
                "id": "CVE-2019-6547",
                "trust": 0.7,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201902-742",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-225"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002116"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6547"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201902-742"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.84 and prior. An out-of-bounds read vulnerability may cause the software to crash due to lacking user input validation for processing project files. CNCSoft ScreenEditor Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DPB files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. \nRemote attackers may exploit this issue to cause denial-of-service conditions, denying service to legitimate users",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-6547"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002116"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-225"
          },
          {
            "db": "BID",
            "id": "107086"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-6547",
            "trust": 3.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-050-02",
            "trust": 2.4
          },
          {
            "db": "BID",
            "id": "107086",
            "trust": 1.9
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-225",
            "trust": 1.3
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002116",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-7772",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.0519",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "43676",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201902-742",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-106-01",
            "trust": 0.3
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-225"
          },
          {
            "db": "BID",
            "id": "107086"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002116"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6547"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201902-742"
          }
        ]
      },
      "id": "VAR-201902-0133",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.3
      },
      "last_update_date": "2023-12-18T12:28:23.339000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Pade",
            "trust": 0.8,
            "url": "https://www.deltaww.com/"
          },
          {
            "title": "Delta Industrial Automation has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-050-02"
          },
          {
            "title": "Delta Industrial Automation CNCSoft Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=89543"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-225"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002116"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201902-742"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-125",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002116"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6547"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-050-02"
          },
          {
            "trust": 2.2,
            "url": "http://www.securityfocus.com/bid/107086"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6547"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6547"
          },
          {
            "trust": 0.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-19-225/"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/43676"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/75826"
          },
          {
            "trust": 0.3,
            "url": "http://www.deltaww.com/services/downloadcenter2.aspx?secid=8\u0026pid=2\u0026tid=0\u0026cid=06\u0026itemid=060202\u0026typeid=1\u0026downloadid=\u0026title=\u0026datatype=8;\u0026check=1\u0026hl=en-us"
          },
          {
            "trust": 0.3,
            "url": "http://www.deltaww.com/"
          },
          {
            "trust": 0.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-106-01"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-225"
          },
          {
            "db": "BID",
            "id": "107086"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002116"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6547"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201902-742"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-19-225"
          },
          {
            "db": "BID",
            "id": "107086"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002116"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6547"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201902-742"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-20T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-225"
          },
          {
            "date": "2019-02-19T00:00:00",
            "db": "BID",
            "id": "107086"
          },
          {
            "date": "2019-04-03T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-002116"
          },
          {
            "date": "2019-02-28T21:29:00.250000",
            "db": "NVD",
            "id": "CVE-2019-6547"
          },
          {
            "date": "2019-02-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201902-742"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-20T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-225"
          },
          {
            "date": "2019-02-19T00:00:00",
            "db": "BID",
            "id": "107086"
          },
          {
            "date": "2019-04-03T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-002116"
          },
          {
            "date": "2022-11-30T22:12:11.990000",
            "db": "NVD",
            "id": "CVE-2019-6547"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201902-742"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201902-742"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "CNCSoft ScreenEditor Vulnerable to out-of-bounds reading",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002116"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201902-742"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202101-0366

    Vulnerability from variot - Updated: 2023-12-18 12:27

    An untrusted pointer dereference has been identified in the way TPEditor(v1.98 and prior) processes project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. Delta Electronics The following vulnerabilities exist in multiple products provided by the company. ‥ * Use of freed memory (Use-after-free) (CWE-416) - CVE-2020-27280 ‥ * Untrusted pointer reference (CWE-822) - CVE-2020-27288 ‥ * Out-of-bounds writing (CWE-787) - CVE-2020-27284Both vulnerabilities could allow arbitrary code to be executed with application privileges by processing a specially crafted project file. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation TPEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TPE files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202101-0366",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "tpeditor",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "deltaww",
            "version": "1.98"
          },
          {
            "model": "ispsoft",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "delta",
            "version": "v3.12  - cve-2020-27280"
          },
          {
            "model": "tpeditor",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "delta",
            "version": "v1.98  - cve-2020-27284\u3001cve-2020-27288"
          },
          {
            "model": "tpeditor",
            "scope": null,
            "trust": 0.7,
            "vendor": "delta industrial automation",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-080"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001012"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27288"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:deltaww:tpeditor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.98",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-27288"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "kimiya",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-080"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2020-27288",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULMON",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2020-27288",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "IPA score",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-001012",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 2.4,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2020-27288",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "IPA",
                "id": "JVNDB-2021-001012",
                "trust": 2.4,
                "value": "High"
              },
              {
                "author": "NVD",
                "id": "CVE-2020-27288",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "ZDI",
                "id": "CVE-2020-27288",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202101-1641",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-27288",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-080"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-27288"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001012"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001012"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001012"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27288"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1641"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An untrusted pointer dereference has been identified in the way TPEditor(v1.98 and prior) processes project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. Delta Electronics The following vulnerabilities exist in multiple products provided by the company. \u2025 * Use of freed memory (Use-after-free) (CWE-416) - CVE-2020-27280 \u2025 * Untrusted pointer reference (CWE-822) - CVE-2020-27288 \u2025 * Out-of-bounds writing (CWE-787) - CVE-2020-27284Both vulnerabilities could allow arbitrary code to be executed with application privileges by processing a specially crafted project file. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation TPEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TPE files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-27288"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001012"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-080"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-27288"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-27288",
            "trust": 3.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-021-02",
            "trust": 2.5
          },
          {
            "db": "JVN",
            "id": "JVNVU95339074",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-021-01",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001012",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-11714",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-080",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0259",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1641",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-27288",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-080"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-27288"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001012"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27288"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1641"
          }
        ]
      },
      "id": "VAR-202101-0366",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.44166666
      },
      "last_update_date": "2023-12-18T12:27:04.295000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Download Center (TPEditor)",
            "trust": 0.8,
            "url": "https://downloadcenter.deltaww.com/en-us/downloadcenter?v=1\u0026cid=06\u0026itemid=060302\u0026datatype=8\u0026q=tpeditor"
          },
          {
            "title": "Delta Industrial Automation has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-021-02"
          },
          {
            "title": "Delta Electronics TPEditor Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=140009"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-080"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001012"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1641"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-416",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-822",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001012"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27288"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.2,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-021-02"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27280"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27284"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27288"
          },
          {
            "trust": 0.8,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-021-01"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu95339074"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27288"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0259/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/787.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-080"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-27288"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001012"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27288"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1641"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-21-080"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-27288"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001012"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27288"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1641"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-01-22T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-080"
          },
          {
            "date": "2021-01-26T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-27288"
          },
          {
            "date": "2021-01-25T07:03:55",
            "db": "JVNDB",
            "id": "JVNDB-2021-001012"
          },
          {
            "date": "2021-01-26T18:15:45.927000",
            "db": "NVD",
            "id": "CVE-2020-27288"
          },
          {
            "date": "2021-01-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-1641"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-01-22T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-080"
          },
          {
            "date": "2021-01-29T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-27288"
          },
          {
            "date": "2021-01-25T07:03:55",
            "db": "JVNDB",
            "id": "JVNDB-2021-001012"
          },
          {
            "date": "2021-01-29T15:39:06.963000",
            "db": "NVD",
            "id": "CVE-2020-27288"
          },
          {
            "date": "2021-02-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-1641"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1641"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Delta Electronics Product vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001012"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1641"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202101-0363

    Vulnerability from variot - Updated: 2023-12-18 12:27

    TPEditor (v1.98 and prior) is vulnerable to two out-of-bounds write instances in the way it processes project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. Delta Electronics The following vulnerabilities exist in multiple products provided by the company. ‥ * Use of freed memory (Use-after-free) (CWE-416) - CVE-2020-27280 ‥ * Untrusted pointer reference (CWE-822) - CVE-2020-27288 ‥ * Out-of-bounds writing (CWE-787) - CVE-2020-27284Both vulnerabilities could allow arbitrary code to be executed with application privileges by processing a specially crafted project file. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation TPEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TPE files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202101-0363",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "tpeditor",
            "scope": null,
            "trust": 1.4,
            "vendor": "delta industrial automation",
            "version": null
          },
          {
            "model": "tpeditor",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "deltaww",
            "version": "1.98"
          },
          {
            "model": "ispsoft",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "delta",
            "version": "v3.12  - cve-2020-27280"
          },
          {
            "model": "tpeditor",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "delta",
            "version": "v1.98  - cve-2020-27284\u3001cve-2020-27288"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-082"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-081"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001012"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27284"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:deltaww:tpeditor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.98",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-27284"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "kimiya",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-082"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-081"
          }
        ],
        "trust": 1.4
      },
      "cve": "CVE-2020-27284",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULMON",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2020-27284",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "IPA score",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-001012",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 2.4,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2020-27284",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.4,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "IPA",
                "id": "JVNDB-2021-001012",
                "trust": 2.4,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2020-27284",
                "trust": 1.4,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2020-27284",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202101-1638",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-27284",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-082"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-081"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-27284"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001012"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001012"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001012"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27284"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1638"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TPEditor (v1.98 and prior) is vulnerable to two out-of-bounds write instances in the way it processes project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. Delta Electronics The following vulnerabilities exist in multiple products provided by the company. \u2025 * Use of freed memory (Use-after-free) (CWE-416) - CVE-2020-27280 \u2025 * Untrusted pointer reference (CWE-822) - CVE-2020-27288 \u2025 * Out-of-bounds writing (CWE-787) - CVE-2020-27284Both vulnerabilities could allow arbitrary code to be executed with application privileges by processing a specially crafted project file. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation TPEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TPE files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-27284"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001012"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-082"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-081"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-27284"
          }
        ],
        "trust": 2.97
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-27284",
            "trust": 3.9
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-021-02",
            "trust": 2.5
          },
          {
            "db": "JVN",
            "id": "JVNVU95339074",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-021-01",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001012",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-11758",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-082",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-11757",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-081",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0259",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1638",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-27284",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-082"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-081"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-27284"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001012"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27284"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1638"
          }
        ]
      },
      "id": "VAR-202101-0363",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.44166666
      },
      "last_update_date": "2023-12-18T12:27:04.255000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Delta Industrial Automation has issued an update to correct this vulnerability.",
            "trust": 1.4,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-021-02"
          },
          {
            "title": "Download Center (TPEditor)",
            "trust": 0.8,
            "url": "https://downloadcenter.deltaww.com/en-us/downloadcenter?v=1\u0026cid=06\u0026itemid=060302\u0026datatype=8\u0026q=tpeditor"
          },
          {
            "title": "Delta Electronics TPEditor Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=140006"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-082"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-081"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001012"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1638"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-416",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-822",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001012"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27284"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.9,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-021-02"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27280"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27284"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27288"
          },
          {
            "trust": 0.8,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-021-01"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu95339074"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27284"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0259/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/787.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195474"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-082"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-081"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-27284"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001012"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27284"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1638"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-21-082"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-081"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-27284"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001012"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27284"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1638"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-01-22T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-082"
          },
          {
            "date": "2021-01-22T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-081"
          },
          {
            "date": "2021-01-26T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-27284"
          },
          {
            "date": "2021-01-25T07:03:55",
            "db": "JVNDB",
            "id": "JVNDB-2021-001012"
          },
          {
            "date": "2021-01-26T18:15:45.863000",
            "db": "NVD",
            "id": "CVE-2020-27284"
          },
          {
            "date": "2021-01-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-1638"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-01-22T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-082"
          },
          {
            "date": "2021-01-22T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-081"
          },
          {
            "date": "2021-01-29T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-27284"
          },
          {
            "date": "2021-01-25T07:03:55",
            "db": "JVNDB",
            "id": "JVNDB-2021-001012"
          },
          {
            "date": "2021-01-29T15:29:15.850000",
            "db": "NVD",
            "id": "CVE-2020-27284"
          },
          {
            "date": "2021-02-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-1638"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1638"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Delta Industrial Automation TPEditor TPE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-082"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-081"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1638"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202101-0360

    Vulnerability from variot - Updated: 2023-12-18 12:27

    A use after free issue has been identified in the way ISPSoft(v3.12 and prior) processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution. Delta Electronics The following vulnerabilities exist in multiple products provided by the company. ‥ * Use of freed memory (Use-after-free) (CWE-416) - CVE-2020-27280 ‥ * Untrusted pointer reference (CWE-822) - CVE-2020-27288 ‥ * Out-of-bounds writing (CWE-787) - CVE-2020-27284Both vulnerabilities could allow arbitrary code to be executed with application privileges by processing a specially crafted project file. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation ISPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of ISP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics ISPSoft is a set of PLC (Programmable Logic Controller) programming software of Delta Electronics, Taiwan, China.

    Delta Electronics ISPSoft v3.12 and prior has an access control error vulnerability, which is caused by the network system or product improperly restricting access to resources from unauthorized roles

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202101-0360",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ispsoft",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "deltaww",
            "version": "3.12"
          },
          {
            "model": "ispsoft",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "delta",
            "version": "v3.12  - cve-2020-27280"
          },
          {
            "model": "tpeditor",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "delta",
            "version": "v1.98  - cve-2020-27284\u3001cve-2020-27288"
          },
          {
            "model": "ispsoft",
            "scope": null,
            "trust": 0.7,
            "vendor": "delta industrial automation",
            "version": null
          },
          {
            "model": "electronics ispsoft",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "delta",
            "version": "\u003c=v3.12"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-079"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-05447"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001012"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27280"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:deltaww:ispsoft:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.12",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-27280"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Francis Provencher {PRL}",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-079"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2020-27280",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2021-05447",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULMON",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2020-27280",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "IPA score",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-001012",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 2.4,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2020-27280",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "IPA",
                "id": "JVNDB-2021-001012",
                "trust": 2.4,
                "value": "High"
              },
              {
                "author": "NVD",
                "id": "CVE-2020-27280",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "ZDI",
                "id": "CVE-2020-27280",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-05447",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202101-1642",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-27280",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-079"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-05447"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-27280"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001012"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001012"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001012"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27280"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1642"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A use after free issue has been identified in the way ISPSoft(v3.12 and prior) processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution. Delta Electronics The following vulnerabilities exist in multiple products provided by the company. \u2025 * Use of freed memory (Use-after-free) (CWE-416) - CVE-2020-27280 \u2025 * Untrusted pointer reference (CWE-822) - CVE-2020-27288 \u2025 * Out-of-bounds writing (CWE-787) - CVE-2020-27284Both vulnerabilities could allow arbitrary code to be executed with application privileges by processing a specially crafted project file. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation ISPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of ISP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics ISPSoft is a set of PLC (Programmable Logic Controller) programming software of Delta Electronics, Taiwan, China. \n\r\n\r\nDelta Electronics ISPSoft v3.12 and prior has an access control error vulnerability, which is caused by the network system or product improperly restricting access to resources from unauthorized roles",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-27280"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001012"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-079"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-05447"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-27280"
          }
        ],
        "trust": 2.88
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-27280",
            "trust": 3.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-021-01",
            "trust": 3.1
          },
          {
            "db": "JVN",
            "id": "JVNVU95339074",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-021-02",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001012",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-11489",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-079",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-05447",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0258",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1642",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-27280",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-079"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-05447"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-27280"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001012"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27280"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1642"
          }
        ]
      },
      "id": "VAR-202101-0360",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-05447"
          }
        ],
        "trust": 1.3208333300000001
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-05447"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:27:04.221000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Download Center (TPEditor)",
            "trust": 0.8,
            "url": "https://downloadcenter.deltaww.com/en-us/downloadcenter?v=1\u0026cid=06\u0026itemid=060302\u0026datatype=8\u0026q=tpeditor"
          },
          {
            "title": "Delta Industrial Automation has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-021-01"
          },
          {
            "title": "Patch for Delta Electronics ISPSoft access control error vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/248981"
          },
          {
            "title": "Delta Electronics ISPSoft Remediation of resource management error vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=139893"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-079"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-05447"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001012"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1642"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-416",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-787",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-822",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001012"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27280"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.8,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-021-01"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27280"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27284"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27288"
          },
          {
            "trust": 0.8,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-021-02"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu95339074"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27280"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0258/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/416.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195495"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-079"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-05447"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-27280"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001012"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27280"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1642"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-21-079"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-05447"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-27280"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001012"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27280"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1642"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-01-22T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-079"
          },
          {
            "date": "2021-01-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-05447"
          },
          {
            "date": "2021-01-26T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-27280"
          },
          {
            "date": "2021-01-25T07:03:55",
            "db": "JVNDB",
            "id": "JVNDB-2021-001012"
          },
          {
            "date": "2021-01-26T18:15:45.803000",
            "db": "NVD",
            "id": "CVE-2020-27280"
          },
          {
            "date": "2021-01-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-1642"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-01-22T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-079"
          },
          {
            "date": "2021-02-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-05447"
          },
          {
            "date": "2021-02-02T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-27280"
          },
          {
            "date": "2021-01-25T07:03:55",
            "db": "JVNDB",
            "id": "JVNDB-2021-001012"
          },
          {
            "date": "2021-02-02T18:33:39.907000",
            "db": "NVD",
            "id": "CVE-2020-27280"
          },
          {
            "date": "2021-02-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-1642"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1642"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Delta Electronics Product vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-001012"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1642"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201702-0421

    Vulnerability from variot - Updated: 2023-12-18 12:20

    An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to 2.10.10. Multiple instances of out-of-bounds write conditions may allow malicious files to be read and executed by the affected software. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within parsing of a dvp file. A malformed dvp file can cause heap corruption and the BorrlndmmSysGetMem function will write to an arbitrary memory location in the user process. A remote attacker could leverage this vulnerability to execute arbitrary code in the context of the process. The process does not properly validate user-supplied data which can result in a write past the end of an allocated buffer. Delta Electronics WPLSoft and others are software control platforms used by Delta Electronics to edit the Delta DVP series of programmable logic controllers (PLCs)

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201702-0421",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wplsoft",
            "scope": null,
            "trust": 2.8,
            "vendor": "delta industrial automation",
            "version": null
          },
          {
            "model": "wplsoft",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "delta",
            "version": null
          },
          {
            "model": "ispsoft",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "delta",
            "version": null
          },
          {
            "model": "pmsoft",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "delta",
            "version": null
          },
          {
            "model": "electronics inc ispsoft",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "delta",
            "version": "3.0"
          },
          {
            "model": "electronics inc pmsoft",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "delta",
            "version": "2.0"
          },
          {
            "model": "electronics inc wplsoft",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "delta",
            "version": "2.0"
          },
          {
            "model": "ispsoft",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "delta",
            "version": "3.02.11"
          },
          {
            "model": "pmsoft",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "delta",
            "version": "2.10.10"
          },
          {
            "model": "wplsoft",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "delta",
            "version": "2.42.11"
          },
          {
            "model": "pmsoft",
            "scope": null,
            "trust": 0.7,
            "vendor": "delta industrial automation",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "ispsoft",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "pmsoft",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "wplsoft",
            "version": null
          },
          {
            "model": "electronics inc wplsoft",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "delta",
            "version": "2.42.11"
          },
          {
            "model": "electronics inc pmsoft",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "delta",
            "version": "2.10.10"
          },
          {
            "model": "electronics inc ispsoft",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "delta",
            "version": "3.02.11"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "369617cd-e442-4f7b-852f-d167d53a3ae8"
          },
          {
            "db": "IVD",
            "id": "e2ff3e00-39ab-11e9-baf6-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-660"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-646"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-647"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-652"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-663"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-12682"
          },
          {
            "db": "BID",
            "id": "94887"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007976"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5802"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-510"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:delta_electronics:pmsoft:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:delta_electronics:wplsoft:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:delta_electronics:ispsoft:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-5802"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "axt",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-660"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-647"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-652"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-663"
          }
        ],
        "trust": 2.8
      },
      "cve": "CVE-2016-5802",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2016-5802",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 2.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2016-5802",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 1.4,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2016-12682",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "369617cd-e442-4f7b-852f-d167d53a3ae8",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "e2ff3e00-39ab-11e9-baf6-000c29342cb1",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-94621",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2016-5802",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2016-5802",
                "trust": 2.1,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-5802",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "ZDI",
                "id": "CVE-2016-5802",
                "trust": 1.4,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-12682",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201612-510",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "369617cd-e442-4f7b-852f-d167d53a3ae8",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "e2ff3e00-39ab-11e9-baf6-000c29342cb1",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-94621",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "369617cd-e442-4f7b-852f-d167d53a3ae8"
          },
          {
            "db": "IVD",
            "id": "e2ff3e00-39ab-11e9-baf6-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-660"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-646"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-647"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-652"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-663"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-12682"
          },
          {
            "db": "VULHUB",
            "id": "VHN-94621"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007976"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5802"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-510"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to 2.10.10. Multiple instances of out-of-bounds write conditions may allow malicious files to be read and executed by the affected software. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within parsing of a dvp file.  A malformed dvp file can cause heap corruption and the BorrlndmmSysGetMem function will write to an arbitrary memory location in the user process.  A remote attacker could leverage this vulnerability to execute arbitrary code in the context of the process.  The process does not properly validate user-supplied data which can result in a write past the end of an allocated buffer. Delta Electronics WPLSoft and others are software control platforms used by Delta Electronics to edit the Delta DVP series of programmable logic controllers (PLCs)",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-5802"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007976"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-660"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-646"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-647"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-652"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-663"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-12682"
          },
          {
            "db": "BID",
            "id": "94887"
          },
          {
            "db": "IVD",
            "id": "369617cd-e442-4f7b-852f-d167d53a3ae8"
          },
          {
            "db": "IVD",
            "id": "e2ff3e00-39ab-11e9-baf6-000c29342cb1"
          },
          {
            "db": "VULHUB",
            "id": "VHN-94621"
          }
        ],
        "trust": 6.03
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-5802",
            "trust": 7.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-16-348-03",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "94887",
            "trust": 2.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-510",
            "trust": 1.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-12682",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007976",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3914",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-660",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3587",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-646",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3858",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-647",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3861",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-652",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3935",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-663",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "369617CD-E442-4F7B-852F-D167D53A3AE8",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "E2FF3E00-39AB-11E9-BAF6-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-94621",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "369617cd-e442-4f7b-852f-d167d53a3ae8"
          },
          {
            "db": "IVD",
            "id": "e2ff3e00-39ab-11e9-baf6-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-660"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-646"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-647"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-652"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-663"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-12682"
          },
          {
            "db": "VULHUB",
            "id": "VHN-94621"
          },
          {
            "db": "BID",
            "id": "94887"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007976"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5802"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-510"
          }
        ]
      },
      "id": "VAR-201702-0421",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "369617cd-e442-4f7b-852f-d167d53a3ae8"
          },
          {
            "db": "IVD",
            "id": "e2ff3e00-39ab-11e9-baf6-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-12682"
          },
          {
            "db": "VULHUB",
            "id": "VHN-94621"
          }
        ],
        "trust": 1.7291666650000002
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "369617cd-e442-4f7b-852f-d167d53a3ae8"
          },
          {
            "db": "IVD",
            "id": "e2ff3e00-39ab-11e9-baf6-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-12682"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:20:04.949000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Delta Industrial Automation has issued an update to correct this vulnerability.",
            "trust": 3.5,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-348-03"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.deltaww.com/"
          },
          {
            "title": "Patches for arbitrary file access vulnerabilities in various Delta Electronics products",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/86303"
          },
          {
            "title": "Multiple Delta Electronics Product security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=66544"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-660"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-646"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-647"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-652"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-663"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-12682"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007976"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-510"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-94621"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007976"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5802"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 6.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-348-03"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/94887"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5802"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5802"
          },
          {
            "trust": 0.6,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-348-03#footnotea_6tkr584"
          },
          {
            "trust": 0.3,
            "url": "http://www.deltaww.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-660"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-646"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-647"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-652"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-663"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-12682"
          },
          {
            "db": "VULHUB",
            "id": "VHN-94621"
          },
          {
            "db": "BID",
            "id": "94887"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007976"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5802"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-510"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "369617cd-e442-4f7b-852f-d167d53a3ae8"
          },
          {
            "db": "IVD",
            "id": "e2ff3e00-39ab-11e9-baf6-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-660"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-646"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-647"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-652"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-663"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-12682"
          },
          {
            "db": "VULHUB",
            "id": "VHN-94621"
          },
          {
            "db": "BID",
            "id": "94887"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007976"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5802"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-510"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-12-21T00:00:00",
            "db": "IVD",
            "id": "369617cd-e442-4f7b-852f-d167d53a3ae8"
          },
          {
            "date": "2016-12-21T00:00:00",
            "db": "IVD",
            "id": "e2ff3e00-39ab-11e9-baf6-000c29342cb1"
          },
          {
            "date": "2016-12-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-660"
          },
          {
            "date": "2016-12-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-646"
          },
          {
            "date": "2016-12-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-647"
          },
          {
            "date": "2016-12-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-652"
          },
          {
            "date": "2016-12-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-663"
          },
          {
            "date": "2016-12-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-12682"
          },
          {
            "date": "2017-02-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-94621"
          },
          {
            "date": "2016-12-14T00:00:00",
            "db": "BID",
            "id": "94887"
          },
          {
            "date": "2017-04-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-007976"
          },
          {
            "date": "2017-02-13T21:59:00.330000",
            "db": "NVD",
            "id": "CVE-2016-5802"
          },
          {
            "date": "2016-12-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201612-510"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-12-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-660"
          },
          {
            "date": "2016-12-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-646"
          },
          {
            "date": "2016-12-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-647"
          },
          {
            "date": "2016-12-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-652"
          },
          {
            "date": "2016-12-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-663"
          },
          {
            "date": "2018-11-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-12682"
          },
          {
            "date": "2017-03-14T00:00:00",
            "db": "VULHUB",
            "id": "VHN-94621"
          },
          {
            "date": "2016-12-20T01:09:00",
            "db": "BID",
            "id": "94887"
          },
          {
            "date": "2017-04-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-007976"
          },
          {
            "date": "2017-03-14T18:21:15.757000",
            "db": "NVD",
            "id": "CVE-2016-5802"
          },
          {
            "date": "2016-12-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201612-510"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-510"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Delta Electronics Vulnerability to load malicious files in products",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007976"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-510"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201810-0465

    Vulnerability from variot - Updated: 2023-12-18 12:18

    In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and prior, multiple out-of-bounds write vulnerabilities may be exploited by processing specially crafted project files lacking user input validation, which may cause the system to write outside the intended buffer area and may allow remote code execution. Delta Industrial Automation TPEditor Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation TPEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of TPE files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Delta Industrial Automation TPEditor is a Windows-based Delta text panel programming software from Delta Electronics. Failed exploit attempts will likely result in denial-of-service conditions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0465",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "tpeditor",
            "scope": null,
            "trust": 2.8,
            "vendor": "delta industrial automation",
            "version": null
          },
          {
            "model": "tpeditor",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "deltaww",
            "version": "1.90"
          },
          {
            "model": "tpeditor",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "delta",
            "version": "1.90"
          },
          {
            "model": "electronics tpeditor",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "delta",
            "version": "\u003c=1.90"
          },
          {
            "model": "electronics delta industrial automation tpeditor",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "delta",
            "version": "\u003c=1.90"
          },
          {
            "model": "electronics inc delta industrial automation tpeditor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "1.90"
          },
          {
            "model": "electronics inc delta industrial automation tpeditor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "1.89"
          },
          {
            "model": "electronics inc delta industrial automation tpeditor",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "delta",
            "version": "1.91"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "tpeditor",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "331701e1-f655-4a4a-9ee6-c3fc03f43f8b"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1245"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1239"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1235"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1237"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-09296"
          },
          {
            "db": "BID",
            "id": "105682"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013717"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17927"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:deltaww:tpeditor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.90",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-17927"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mat Powell of Trend Micro Zero Day Initiative",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1245"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1239"
          }
        ],
        "trust": 1.4
      },
      "cve": "CVE-2018-17927",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-17927",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 2.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2019-09296",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "331701e1-f655-4a4a-9ee6-c3fc03f43f8b",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-17927",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.3,
                "id": "CVE-2018-17927",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2018-17927",
                "trust": 2.1,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-17927",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "ZDI",
                "id": "CVE-2018-17927",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-09296",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201810-556",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "331701e1-f655-4a4a-9ee6-c3fc03f43f8b",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "331701e1-f655-4a4a-9ee6-c3fc03f43f8b"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1245"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1239"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1235"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1237"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-09296"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013717"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17927"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-556"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and prior, multiple out-of-bounds write vulnerabilities may be exploited by processing specially crafted project files lacking user input validation, which may cause the system to write outside the intended buffer area and may allow remote code execution. Delta Industrial Automation TPEditor Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation TPEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of TPE files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Delta Industrial Automation TPEditor is a Windows-based Delta text panel programming software from Delta Electronics. Failed exploit attempts will likely result in denial-of-service conditions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-17927"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013717"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1245"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1239"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1235"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1237"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-09296"
          },
          {
            "db": "BID",
            "id": "105682"
          },
          {
            "db": "IVD",
            "id": "331701e1-f655-4a4a-9ee6-c3fc03f43f8b"
          }
        ],
        "trust": 5.13
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-17927",
            "trust": 6.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-284-03",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "105682",
            "trust": 1.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-09296",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-556",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013717",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6461",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1245",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6443",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1239",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6246",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1235",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6449",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1237",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "331701E1-F655-4A4A-9EE6-C3FC03F43F8B",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "331701e1-f655-4a4a-9ee6-c3fc03f43f8b"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1245"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1239"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1235"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1237"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-09296"
          },
          {
            "db": "BID",
            "id": "105682"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013717"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17927"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-556"
          }
        ]
      },
      "id": "VAR-201810-0465",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "331701e1-f655-4a4a-9ee6-c3fc03f43f8b"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-09296"
          }
        ],
        "trust": 1.7000000000000002
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "331701e1-f655-4a4a-9ee6-c3fc03f43f8b"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-09296"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:18:30.087000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Delta Industrial Automation has issued an update to correct this vulnerability.",
            "trust": 2.8,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-284-03"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.deltaww.com/"
          },
          {
            "title": "Delta Industrial Automation TPEditor patch for out-of-bounds write vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/158285"
          },
          {
            "title": "Delta Industrial Automation TPEditor Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=85681"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1245"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1239"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1235"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1237"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-09296"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013717"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-556"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013717"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17927"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 6.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-284-03"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/105682"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17927"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17927"
          },
          {
            "trust": 0.3,
            "url": "http://www.deltaww.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1245"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1239"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1235"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1237"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-09296"
          },
          {
            "db": "BID",
            "id": "105682"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013717"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17927"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-556"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "331701e1-f655-4a4a-9ee6-c3fc03f43f8b"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1245"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1239"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1235"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1237"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-09296"
          },
          {
            "db": "BID",
            "id": "105682"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013717"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17927"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-556"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-04-07T00:00:00",
            "db": "IVD",
            "id": "331701e1-f655-4a4a-9ee6-c3fc03f43f8b"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1245"
          },
          {
            "date": "2018-10-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1239"
          },
          {
            "date": "2018-10-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1235"
          },
          {
            "date": "2018-10-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1237"
          },
          {
            "date": "2018-10-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-09296"
          },
          {
            "date": "2018-10-11T00:00:00",
            "db": "BID",
            "id": "105682"
          },
          {
            "date": "2019-02-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-013717"
          },
          {
            "date": "2018-10-11T22:29:00.317000",
            "db": "NVD",
            "id": "CVE-2018-17927"
          },
          {
            "date": "2018-10-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201810-556"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-10-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1245"
          },
          {
            "date": "2018-10-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1239"
          },
          {
            "date": "2018-10-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1235"
          },
          {
            "date": "2018-10-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1237"
          },
          {
            "date": "2019-04-07T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-09296"
          },
          {
            "date": "2018-10-11T00:00:00",
            "db": "BID",
            "id": "105682"
          },
          {
            "date": "2019-02-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-013717"
          },
          {
            "date": "2019-10-09T23:37:04.800000",
            "db": "NVD",
            "id": "CVE-2018-17927"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201810-556"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-556"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Delta Industrial Automation TPEditor TPE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1245"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1237"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "331701e1-f655-4a4a-9ee6-c3fc03f43f8b"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-556"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201810-0466

    Vulnerability from variot - Updated: 2023-12-18 12:18

    In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and prior, multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files lacking user input validation before copying data from project files onto the stack and may allow an attacker to remotely execute arbitrary code. Delta Industrial Automation TPEditor Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation TPEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of project files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Delta Industrial Automation TPEditor is a Windows-based Delta text panel programming software from Delta Electronics. Failed exploit attempts will likely result in denial-of-service conditions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0466",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "tpeditor",
            "scope": null,
            "trust": 4.2,
            "vendor": "delta industrial automation",
            "version": null
          },
          {
            "model": "tpeditor",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "deltaww",
            "version": "1.90"
          },
          {
            "model": "tpeditor",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "delta",
            "version": "1.90"
          },
          {
            "model": "electronics delta industrial automation tpeditor",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "delta",
            "version": "\u003c=1.90"
          },
          {
            "model": "electronics inc delta industrial automation tpeditor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "1.90"
          },
          {
            "model": "electronics inc delta industrial automation tpeditor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "1.89"
          },
          {
            "model": "electronics inc delta industrial automation tpeditor",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "delta",
            "version": "1.91"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "tpeditor",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd6942-39ab-11e9-a1bf-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1244"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1238"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1243"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1240"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1236"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1241"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20872"
          },
          {
            "db": "BID",
            "id": "105682"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013718"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17929"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:deltaww:tpeditor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.90",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-17929"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mat Powell of Trend Micro Zero Day Initiative",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1244"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1238"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1243"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1240"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1241"
          }
        ],
        "trust": 3.5
      },
      "cve": "CVE-2018-17929",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-17929",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 3.6,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-20872",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "e2fd6942-39ab-11e9-a1bf-000c29342cb1",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2018-17929",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.4,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-17929",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2018-17929",
                "trust": 2.8,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-17929",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "ZDI",
                "id": "CVE-2018-17929",
                "trust": 1.4,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-20872",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201810-555",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "e2fd6942-39ab-11e9-a1bf-000c29342cb1",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd6942-39ab-11e9-a1bf-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1244"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1238"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1243"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1240"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1236"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1241"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20872"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013718"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17929"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-555"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and prior, multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files lacking user input validation before copying data from project files onto the stack and may allow an attacker to remotely execute arbitrary code. Delta Industrial Automation TPEditor Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation TPEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of project files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Delta Industrial Automation TPEditor is a Windows-based Delta text panel programming software from Delta Electronics. Failed exploit attempts will likely result in denial-of-service conditions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-17929"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013718"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1244"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1238"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1243"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1240"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1236"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1241"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20872"
          },
          {
            "db": "BID",
            "id": "105682"
          },
          {
            "db": "IVD",
            "id": "e2fd6942-39ab-11e9-a1bf-000c29342cb1"
          }
        ],
        "trust": 6.39
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-17929",
            "trust": 7.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-284-03",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "105682",
            "trust": 1.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20872",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-555",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013718",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6460",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1244",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6442",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1238",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6459",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1243",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6444",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1240",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6448",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1236",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6445",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1241",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "E2FD6942-39AB-11E9-A1BF-000C29342CB1",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd6942-39ab-11e9-a1bf-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1244"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1238"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1243"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1240"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1236"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1241"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20872"
          },
          {
            "db": "BID",
            "id": "105682"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013718"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17929"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-555"
          }
        ]
      },
      "id": "VAR-201810-0466",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd6942-39ab-11e9-a1bf-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20872"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd6942-39ab-11e9-a1bf-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20872"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:18:30.026000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Delta Industrial Automation has issued an update to correct this vulnerability.",
            "trust": 4.2,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-284-03"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.deltaww.com/"
          },
          {
            "title": "Patch for TPEditor Stack Buffer Overflow Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/142267"
          },
          {
            "title": "Delta Industrial Automation TPEditor Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=85680"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1244"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1238"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1243"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1240"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1236"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1241"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20872"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013718"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-555"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-119",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013718"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17929"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 7.5,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-284-03"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/105682"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17929"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17929"
          },
          {
            "trust": 0.3,
            "url": "http://www.deltaww.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1244"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1238"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1243"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1240"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1236"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1241"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20872"
          },
          {
            "db": "BID",
            "id": "105682"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013718"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17929"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-555"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2fd6942-39ab-11e9-a1bf-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1244"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1238"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1243"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1240"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1236"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1241"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20872"
          },
          {
            "db": "BID",
            "id": "105682"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013718"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17929"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-555"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-10-15T00:00:00",
            "db": "IVD",
            "id": "e2fd6942-39ab-11e9-a1bf-000c29342cb1"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1244"
          },
          {
            "date": "2018-10-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1238"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1243"
          },
          {
            "date": "2018-10-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1240"
          },
          {
            "date": "2018-10-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1236"
          },
          {
            "date": "2018-10-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1241"
          },
          {
            "date": "2018-10-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-20872"
          },
          {
            "date": "2018-10-11T00:00:00",
            "db": "BID",
            "id": "105682"
          },
          {
            "date": "2019-02-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-013718"
          },
          {
            "date": "2018-10-11T22:29:00.410000",
            "db": "NVD",
            "id": "CVE-2018-17929"
          },
          {
            "date": "2018-10-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201810-555"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-10-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1244"
          },
          {
            "date": "2018-10-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1238"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1243"
          },
          {
            "date": "2018-10-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1240"
          },
          {
            "date": "2018-10-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1236"
          },
          {
            "date": "2018-10-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1241"
          },
          {
            "date": "2018-10-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-20872"
          },
          {
            "date": "2018-10-11T00:00:00",
            "db": "BID",
            "id": "105682"
          },
          {
            "date": "2019-02-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-013718"
          },
          {
            "date": "2020-09-18T16:16:01.223000",
            "db": "NVD",
            "id": "CVE-2018-17929"
          },
          {
            "date": "2020-09-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201810-555"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-555"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Delta Industrial Automation TPEditor TPE File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1238"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1240"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1236"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1241"
          }
        ],
        "trust": 2.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "e2fd6942-39ab-11e9-a1bf-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-555"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202003-1670

    Vulnerability from variot - Updated: 2023-12-18 11:58

    Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. Multiple stack-based buffer overflows can be exploited when a valid user opens a specially crafted, malicious input file. Delta Industrial Automation CNCSoft ScreenEditor Is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of GifName information in DPB files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of Administrator. Delta Electronics CNCSoft ScreenEditor is a set of CNC machine tool simulation system software of Taiwan Delta Electronics (Delta Electronics) company.

    There is a buffer overflow vulnerability in Delta Electronics CNCSoft ScreenEditor 1.00.96 and previous versions, which can be exploited by an attacker to cause a stack buffer overflow

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202003-1670",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "cncsoft screeneditor",
            "scope": null,
            "trust": 1.4,
            "vendor": "delta industrial automation",
            "version": null
          },
          {
            "model": "cncsoft screeneditor",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "deltaww",
            "version": "1.00.96"
          },
          {
            "model": "cncsoft screeneditor",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "delta",
            "version": "1.00.96"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cncsoft screeneditor",
            "version": "*"
          },
          {
            "model": "electronics delta electronics cncsoft screeneditor",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "delta",
            "version": "\u003c=1.00.96"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "2d4d5279-ef12-4d99-b4ef-98a6e8d5aaa5"
          },
          {
            "db": "IVD",
            "id": "4d70e356-98dd-43f5-983c-c347917a0373"
          },
          {
            "db": "IVD",
            "id": "15506b49-3668-4c35-8a59-f69b72198906"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-309"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-308"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17485"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003024"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-7002"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:deltaww:cncsoft_screeneditor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.00.96",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-7002"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "kimiya",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-309"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2020-7002",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-003024",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2020-17485",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "2d4d5279-ef12-4d99-b4ef-98a6e8d5aaa5",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "4d70e356-98dd-43f5-983c-c347917a0373",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "15506b49-3668-4c35-8a59-f69b72198906",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2020-7002",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.4,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-003024",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2020-7002",
                "trust": 1.4,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2020-7002",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-003024",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-17485",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202003-1033",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "2d4d5279-ef12-4d99-b4ef-98a6e8d5aaa5",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "4d70e356-98dd-43f5-983c-c347917a0373",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "15506b49-3668-4c35-8a59-f69b72198906",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "2d4d5279-ef12-4d99-b4ef-98a6e8d5aaa5"
          },
          {
            "db": "IVD",
            "id": "4d70e356-98dd-43f5-983c-c347917a0373"
          },
          {
            "db": "IVD",
            "id": "15506b49-3668-4c35-8a59-f69b72198906"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-309"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-308"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17485"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003024"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-7002"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1033"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. Multiple stack-based buffer overflows can be exploited when a valid user opens a specially crafted, malicious input file. Delta Industrial Automation CNCSoft ScreenEditor Is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of GifName information in DPB files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of Administrator. Delta Electronics CNCSoft ScreenEditor is a set of CNC machine tool simulation system software of Taiwan Delta Electronics (Delta Electronics) company. \n\r\n\r\nThere is a buffer overflow vulnerability in Delta Electronics CNCSoft ScreenEditor 1.00.96 and previous versions, which can be exploited by an attacker to cause a stack buffer overflow",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-7002"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003024"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-309"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-308"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17485"
          },
          {
            "db": "IVD",
            "id": "2d4d5279-ef12-4d99-b4ef-98a6e8d5aaa5"
          },
          {
            "db": "IVD",
            "id": "4d70e356-98dd-43f5-983c-c347917a0373"
          },
          {
            "db": "IVD",
            "id": "15506b49-3668-4c35-8a59-f69b72198906"
          }
        ],
        "trust": 3.96
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-7002",
            "trust": 5.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-077-01",
            "trust": 3.0
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-309",
            "trust": 1.3
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17485",
            "trust": 1.2
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1033",
            "trust": 1.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003024",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-10413",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-10141",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-308",
            "trust": 0.7
          },
          {
            "db": "NSFOCUS",
            "id": "47404",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0991",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "2D4D5279-EF12-4D99-B4EF-98A6E8D5AAA5",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "4D70E356-98DD-43F5-983C-C347917A0373",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "15506B49-3668-4C35-8A59-F69B72198906",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "2d4d5279-ef12-4d99-b4ef-98a6e8d5aaa5"
          },
          {
            "db": "IVD",
            "id": "4d70e356-98dd-43f5-983c-c347917a0373"
          },
          {
            "db": "IVD",
            "id": "15506b49-3668-4c35-8a59-f69b72198906"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-309"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-308"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17485"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003024"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-7002"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1033"
          }
        ]
      },
      "id": "VAR-202003-1670",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "2d4d5279-ef12-4d99-b4ef-98a6e8d5aaa5"
          },
          {
            "db": "IVD",
            "id": "4d70e356-98dd-43f5-983c-c347917a0373"
          },
          {
            "db": "IVD",
            "id": "15506b49-3668-4c35-8a59-f69b72198906"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17485"
          }
        ],
        "trust": 2.2
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "2d4d5279-ef12-4d99-b4ef-98a6e8d5aaa5"
          },
          {
            "db": "IVD",
            "id": "4d70e356-98dd-43f5-983c-c347917a0373"
          },
          {
            "db": "IVD",
            "id": "15506b49-3668-4c35-8a59-f69b72198906"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17485"
          }
        ]
      },
      "last_update_date": "2023-12-18T11:58:37.044000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Delta Industrial Automation has issued an update to correct this vulnerability.",
            "trust": 1.4,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-077-01"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.deltaww.com/"
          },
          {
            "title": "Patch for Delta Electronics CNCSoft ScreenEditor buffer overflow vulnerability (CNVD-2020-17485)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/209165"
          },
          {
            "title": "Delta Electronics Delta Industrial Automation CNCSoft Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112453"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-309"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-308"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17485"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003024"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1033"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003024"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-7002"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 4.4,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-077-01"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7002"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7002"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0991/"
          },
          {
            "trust": 0.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-20-309/"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/47404"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-309"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-308"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17485"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003024"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-7002"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1033"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "2d4d5279-ef12-4d99-b4ef-98a6e8d5aaa5"
          },
          {
            "db": "IVD",
            "id": "4d70e356-98dd-43f5-983c-c347917a0373"
          },
          {
            "db": "IVD",
            "id": "15506b49-3668-4c35-8a59-f69b72198906"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-309"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-308"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17485"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003024"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-7002"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1033"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-17T00:00:00",
            "db": "IVD",
            "id": "2d4d5279-ef12-4d99-b4ef-98a6e8d5aaa5"
          },
          {
            "date": "2020-03-17T00:00:00",
            "db": "IVD",
            "id": "4d70e356-98dd-43f5-983c-c347917a0373"
          },
          {
            "date": "2020-03-17T00:00:00",
            "db": "IVD",
            "id": "15506b49-3668-4c35-8a59-f69b72198906"
          },
          {
            "date": "2020-03-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-309"
          },
          {
            "date": "2020-03-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-308"
          },
          {
            "date": "2020-03-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-17485"
          },
          {
            "date": "2020-04-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-003024"
          },
          {
            "date": "2020-03-18T13:15:12.497000",
            "db": "NVD",
            "id": "CVE-2020-7002"
          },
          {
            "date": "2020-03-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-1033"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-309"
          },
          {
            "date": "2020-03-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-308"
          },
          {
            "date": "2020-03-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-17485"
          },
          {
            "date": "2020-04-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-003024"
          },
          {
            "date": "2020-03-20T17:06:35.320000",
            "db": "NVD",
            "id": "CVE-2020-7002"
          },
          {
            "date": "2020-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-1033"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1033"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Delta Industrial Automation CNCSoft ScreenEditor Out-of-bounds write vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003024"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "2d4d5279-ef12-4d99-b4ef-98a6e8d5aaa5"
          },
          {
            "db": "IVD",
            "id": "4d70e356-98dd-43f5-983c-c347917a0373"
          },
          {
            "db": "IVD",
            "id": "15506b49-3668-4c35-8a59-f69b72198906"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1033"
          }
        ],
        "trust": 1.2
      }
    }