CVE-2020-14482 - Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Opening a specially crafted proje

CVE-2020-14482

Summary

Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Opening a specially crafted project file may overflow the heap, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.

References

https://www.us-cert.gov/ics/advisories/icsa-20-182-01

Vulnerable Configurations

cpe:2.3:a:deltaww:dopsoft:2.00.07:*:*:*:*:*:*:*
cpe:2.3:a:deltaww:dopsoft:2.00.07:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 10-07-2020 - 20:35)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

misc

https://www.us-cert.gov/ics/advisories/icsa-20-182-01

Last major update

10-07-2020 - 20:35

Published

30-06-2020 - 18:15

Last modified

10-07-2020 - 20:35