Vulnerabilites related to deltaww - ispsoft
Vulnerability from fkie_nvd
Published
2024-01-18 22:15
Modified
2024-11-21 08:41
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A heap buffer-overflow exists in Delta Electronics ISPSoft. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DVP file to achieve code execution.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:deltaww:ispsoft:3.02.11:*:*:*:*:*:*:*",
"matchCriteriaId": "841667C5-EC65-4C0F-8455-14A9666EBD8B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A heap buffer-overflow exists in Delta Electronics ISPSoft. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DVP file to achieve code execution.\n"
},
{
"lang": "es",
"value": "Existe un desbordamiento de b\u00fafer de almacenamiento din\u00e1mico en Delta Electronics ISPSoft. Un atacante an\u00f3nimo puede aprovechar esta vulnerabilidad incitando a un usuario a abrir un archivo DVP especialmente manipulado para lograr la ejecuci\u00f3n del c\u00f3digo."
}
],
"id": "CVE-2023-5131",
"lastModified": "2024-11-21T08:41:07.410",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:P/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 9.5,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0,
"source": "disclosures@exodusintel.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-18T22:15:11.100",
"references": [
{
"source": "disclosures@exodusintel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.exodusintel.com/2024/01/18/delta-electronics-ispsoft-heap-buffer-overflow/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.exodusintel.com/2024/01/18/delta-electronics-ispsoft-heap-buffer-overflow/"
}
],
"sourceIdentifier": "disclosures@exodusintel.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "disclosures@exodusintel.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-30 08:15
Modified
2025-05-16 16:56
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:deltaww:ispsoft:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FD08DDA-51A7-42FD-B106-8E80178C2328",
"versionEndExcluding": "3.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Delta Electronics ISPSoft version 3.20 is vulnerable to an\u00a0Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file."
},
{
"lang": "es",
"value": "La versi\u00f3n 3.20 de Delta Electronics ISPSoft es afectado por una vulnerabilidad de escritura fuera de los l\u00edmites que podr\u00eda permitir a un atacante ejecutar c\u00f3digo arbitrario al analizar un archivo DVP."
}
],
"id": "CVE-2025-22883",
"lastModified": "2025-05-16T16:56:56.590",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-04-30T08:15:31.600",
"references": [
{
"source": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00004_ISPSoft%20-%20Multiple%20Vulnerabilities_v1.pdf"
}
],
"sourceIdentifier": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-26 18:15
Modified
2024-11-21 05:20
Severity ?
Summary
A use after free issue has been identified in the way ISPSoft(v3.12 and prior) processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-21-021-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-21-021-01 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:deltaww:ispsoft:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05705A72-C54B-4627-9210-461C765F5E25",
"versionEndIncluding": "3.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A use after free issue has been identified in the way ISPSoft(v3.12 and prior) processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution."
},
{
"lang": "es",
"value": "Se ha identificado un uso de la memoria previamente liberada en la manera en que ISPSoft (versiones v3.12 y anteriores) procesa los archivos de proyecto, permitiendo a un atacante dise\u00f1ar un archivo de proyecto especial que puede permitir una ejecuci\u00f3n de c\u00f3digo arbitraria"
}
],
"id": "CVE-2020-27280",
"lastModified": "2024-11-21T05:20:59.337",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-26T18:15:45.803",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-021-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-021-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-30 08:15
Modified
2025-08-25 03:15
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:deltaww:ispsoft:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FD08DDA-51A7-42FD-B106-8E80178C2328",
"versionEndExcluding": "3.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file."
},
{
"lang": "es",
"value": "La versi\u00f3n 3.20 de Delta Electronics ISPSoft es afectado por una vulnerabilidad de desbordamiento de b\u00fafer basada en pila que podr\u00eda permitir a un atacante ejecutar c\u00f3digo arbitrario al analizar un archivo DVP."
}
],
"id": "CVE-2025-22884",
"lastModified": "2025-08-25T03:15:37.003",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-04-30T08:15:31.760",
"references": [
{
"source": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00004_ISPSoft%20-%20Multiple%20Vulnerabilities_v2.pdf"
}
],
"sourceIdentifier": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-30 09:15
Modified
2025-05-16 16:56
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:deltaww:ispsoft:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FD08DDA-51A7-42FD-B106-8E80178C2328",
"versionEndExcluding": "3.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Delta Electronics ISPSoft version 3.20 is vulnerable to an\u00a0Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file."
},
{
"lang": "es",
"value": "La versi\u00f3n 3.20 de Delta Electronics ISPSoft es afectado por una vulnerabilidad de escritura fuera de los l\u00edmites que podr\u00eda permitir a un atacante ejecutar c\u00f3digo arbitrario al analizar un archivo ISP."
}
],
"id": "CVE-2025-4124",
"lastModified": "2025-05-16T16:56:49.807",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-04-30T09:15:17.300",
"references": [
{
"source": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"tags": [
"Vendor Advisory"
],
"url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00004_ISPSoft%20-%20Multiple%20Vulnerabilities_v2.pdf"
}
],
"sourceIdentifier": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-10-03 13:29
Modified
2024-11-21 03:49
Severity ?
Summary
Delta Electronics ISPSoft version 3.0.5 and prior allow an attacker, by opening a crafted file, to cause the application to read past the boundary allocated to a stack object, which could allow execution of code under the context of the application.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/105485 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-18-275-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105485 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-18-275-01 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:deltaww:ispsoft:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CDA43BD-019D-417E-8DB9-FEAED90F80E0",
"versionEndIncluding": "3.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Delta Electronics ISPSoft version 3.0.5 and prior allow an attacker, by opening a crafted file, to cause the application to read past the boundary allocated to a stack object, which could allow execution of code under the context of the application."
},
{
"lang": "es",
"value": "Delta Electronics ISPSoft en versiones 3.0.5 y anteriores permite que un atacante, al abrir un archivo manipulado, provoque que la aplicaci\u00f3n lea m\u00e1s all\u00e1 de los l\u00edmites asignados a un objeto de la pila, lo que podr\u00eda permitir la ejecuci\u00f3n de c\u00f3digo bajo el contexto de la aplicaci\u00f3n."
}
],
"id": "CVE-2018-14800",
"lastModified": "2024-11-21T03:49:49.317",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-03T13:29:00.243",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105485"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-275-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105485"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-275-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-30 08:15
Modified
2025-08-25 03:15
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to leverage debugging logic to execute arbitrary code when parsing CBDGL file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:deltaww:ispsoft:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FD08DDA-51A7-42FD-B106-8E80178C2328",
"versionEndExcluding": "3.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to leverage debugging logic to execute arbitrary code when parsing CBDGL file."
},
{
"lang": "es",
"value": "La versi\u00f3n 3.20 de Delta Electronics ISPSoft es afectado por una vulnerabilidad de desbordamiento de b\u00fafer basada en pila que podr\u00eda permitir a un atacante aprovechar la l\u00f3gica de depuraci\u00f3n para ejecutar c\u00f3digo arbitrario al analizar el archivo CBDGL."
}
],
"id": "CVE-2025-22882",
"lastModified": "2025-08-25T03:15:36.803",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-04-30T08:15:31.360",
"references": [
{
"source": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00004_ISPSoft%20-%20Multiple%20Vulnerabilities_v2.pdf"
}
],
"sourceIdentifier": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-30 09:15
Modified
2025-05-16 16:56
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:deltaww:ispsoft:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FD08DDA-51A7-42FD-B106-8E80178C2328",
"versionEndExcluding": "3.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Delta Electronics ISPSoft version 3.20 is vulnerable to an\u00a0Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file."
},
{
"lang": "es",
"value": "La versi\u00f3n 3.20 de Delta Electronics ISPSoft es afectado por una vulnerabilidad de escritura fuera de los l\u00edmites que podr\u00eda permitir a un atacante ejecutar c\u00f3digo arbitrario al analizar un archivo ISP."
}
],
"id": "CVE-2025-4125",
"lastModified": "2025-05-16T16:56:47.173",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-04-30T09:15:17.523",
"references": [
{
"source": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"tags": [
"Vendor Advisory"
],
"url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00004_ISPSoft%20-%20Multiple%20Vulnerabilities_v2.pdf"
}
],
"sourceIdentifier": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-22884 (GCVE-0-2025-22884)
Vulnerability from cvelistv5
Published
2025-04-30 07:37
Modified
2025-08-25 02:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- cwe-121 Stack-based Buffer Overflow
Summary
Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Delta Electronics | ISPSoft |
Version: 0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22884",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T13:04:23.947391Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T13:04:31.230Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "ISPSoft",
"vendor": "Delta Electronics",
"versions": [
{
"lessThanOrEqual": "3.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-04-30T07:36:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file."
}
],
"value": "Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "cwe-121 Stack-based Buffer Overflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T02:57:56.078Z",
"orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"shortName": "Deltaww"
},
"references": [
{
"url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00004_ISPSoft%20-%20Multiple%20Vulnerabilities_v2.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Download and update to: v3.21 or later"
}
],
"value": "Download and update to: v3.21 or later"
}
],
"source": {
"defect": [
"CISA"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-08-28T06:09:00.000Z",
"value": "Reported"
},
{
"lang": "en",
"time": "2025-04-21T07:36:00.000Z",
"value": "ISPSoft v3.21 released"
}
],
"title": "ISPSoft File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"assignerShortName": "Deltaww",
"cveId": "CVE-2025-22884",
"datePublished": "2025-04-30T07:37:08.747Z",
"dateReserved": "2025-01-09T03:48:26.774Z",
"dateUpdated": "2025-08-25T02:57:56.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5131 (GCVE-0-2023-5131)
Vulnerability from cvelistv5
Published
2024-01-18 21:14
Modified
2025-06-17 21:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Summary
A heap buffer-overflow exists in Delta Electronics ISPSoft. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DVP file to achieve code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.exodusintel.com/2024/01/18/delta-electronics-ispsoft-heap-buffer-overflow/ | third-party-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Delta Electronics | ISPSoft |
Version: 3.02.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:54.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://blog.exodusintel.com/2024/01/18/delta-electronics-ispsoft-heap-buffer-overflow/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5131",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-19T14:58:02.243374Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:19:20.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ISPSoft",
"vendor": "Delta Electronics",
"versions": [
{
"status": "affected",
"version": "3.02.11"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Exodus Intelligence"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(245, 245, 245);\"\u003eA heap buffer-overflow exists in Delta Electronics ISPSoft. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DVP file to achieve code execution.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A heap buffer-overflow exists in Delta Electronics ISPSoft. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DVP file to achieve code execution.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV2_0": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:P/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-18T21:14:39.954Z",
"orgId": "902ff664-2e36-43e3-a1aa-3210c82d1b67",
"shortName": "XI"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://blog.exodusintel.com/2024/01/18/delta-electronics-ispsoft-heap-buffer-overflow/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Delta Electronics ISPSoft Heap Buffer-Overflow",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "902ff664-2e36-43e3-a1aa-3210c82d1b67",
"assignerShortName": "XI",
"cveId": "CVE-2023-5131",
"datePublished": "2024-01-18T21:14:39.954Z",
"dateReserved": "2023-09-22T16:18:19.317Z",
"dateUpdated": "2025-06-17T21:19:20.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14800 (GCVE-0-2018-14800)
Vulnerability from cvelistv5
Published
2018-10-03 13:00
Modified
2024-09-17 00:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - STACK-BASED BUFFER OVERFLOW
Summary
Delta Electronics ISPSoft version 3.0.5 and prior allow an attacker, by opening a crafted file, to cause the application to read past the boundary allocated to a stack object, which could allow execution of code under the context of the application.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-18-275-01 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/105485 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Delta Electronics | ISPSoft |
Version: Version 3.0.5 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:13.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-275-01"
},
{
"name": "105485",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105485"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ISPSoft",
"vendor": "Delta Electronics",
"versions": [
{
"status": "affected",
"version": "Version 3.0.5 and prior"
}
]
}
],
"datePublic": "2018-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Delta Electronics ISPSoft version 3.0.5 and prior allow an attacker, by opening a crafted file, to cause the application to read past the boundary allocated to a stack object, which could allow execution of code under the context of the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "STACK-BASED BUFFER OVERFLOW CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-05T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-275-01"
},
{
"name": "105485",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105485"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-10-02T00:00:00",
"ID": "CVE-2018-14800",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ISPSoft",
"version": {
"version_data": [
{
"version_value": "Version 3.0.5 and prior"
}
]
}
}
]
},
"vendor_name": "Delta Electronics"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Delta Electronics ISPSoft version 3.0.5 and prior allow an attacker, by opening a crafted file, to cause the application to read past the boundary allocated to a stack object, which could allow execution of code under the context of the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "STACK-BASED BUFFER OVERFLOW CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-275-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-275-01"
},
{
"name": "105485",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105485"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-14800",
"datePublished": "2018-10-03T13:00:00Z",
"dateReserved": "2018-08-01T00:00:00",
"dateUpdated": "2024-09-17T00:56:00.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4124 (GCVE-0-2025-4124)
Vulnerability from cvelistv5
Published
2025-04-30 08:20
Modified
2025-04-30 13:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Delta Electronics | ISPSoft |
Version: 0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4124",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T13:04:06.104529Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T13:04:14.791Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "ISPSoft",
"vendor": "Delta Electronics",
"versions": [
{
"lessThanOrEqual": "3.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-04-30T07:35:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Delta Electronics ISPSoft version 3.20 is vulnerable to an\u0026nbsp;Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file."
}
],
"value": "Delta Electronics ISPSoft version 3.20 is vulnerable to an\u00a0Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T08:20:11.777Z",
"orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"shortName": "Deltaww"
},
"references": [
{
"url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00004_ISPSoft%20-%20Multiple%20Vulnerabilities_v2.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Download and update to: v3.21 or later"
}
],
"value": "Download and update to: v3.21 or later"
}
],
"source": {
"defect": [
"CISA"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-01-19T06:09:00.000Z",
"value": "Reported"
},
{
"lang": "en",
"time": "2025-04-21T07:35:00.000Z",
"value": "ISPSoft v3.21 released"
}
],
"title": "ISPSoft File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"assignerShortName": "Deltaww",
"cveId": "CVE-2025-4124",
"datePublished": "2025-04-30T08:20:11.777Z",
"dateReserved": "2025-04-30T07:38:41.849Z",
"dateUpdated": "2025-04-30T13:04:14.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22882 (GCVE-0-2025-22882)
Vulnerability from cvelistv5
Published
2025-04-30 07:34
Modified
2025-08-25 02:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- cwe-121 Stack-based Buffer Overflow
Summary
Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to leverage debugging logic to execute arbitrary code when parsing CBDGL file.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Delta Electronics | ISPSoft |
Version: 0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22882",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T13:05:02.751373Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T13:05:11.163Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "ISPSoft",
"vendor": "Delta Electronics",
"versions": [
{
"lessThanOrEqual": "3.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-04-30T07:37:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to leverage debugging logic to execute arbitrary code when parsing CBDGL file."
}
],
"value": "Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to leverage debugging logic to execute arbitrary code when parsing CBDGL file."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "cwe-121 Stack-based Buffer Overflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T02:57:29.339Z",
"orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"shortName": "Deltaww"
},
"references": [
{
"url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00004_ISPSoft%20-%20Multiple%20Vulnerabilities_v2.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Download and update to: v3.21 or later"
}
],
"value": "Download and update to: v3.21 or later"
}
],
"source": {
"defect": [
"CISA"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-08-28T06:09:00.000Z",
"value": "Reported"
},
{
"lang": "en",
"time": "2025-04-21T07:33:00.000Z",
"value": "ISPSoft v3.21 released"
}
],
"title": "ISPSoft File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"assignerShortName": "Deltaww",
"cveId": "CVE-2025-22882",
"datePublished": "2025-04-30T07:34:43.503Z",
"dateReserved": "2025-01-09T03:48:26.774Z",
"dateUpdated": "2025-08-25T02:57:29.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4125 (GCVE-0-2025-4125)
Vulnerability from cvelistv5
Published
2025-04-30 08:21
Modified
2025-04-30 13:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Delta Electronics | ISPSoft |
Version: 0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4125",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T13:03:45.847236Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T13:03:53.612Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "ISPSoft",
"vendor": "Delta Electronics",
"versions": [
{
"lessThanOrEqual": "3.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-04-30T07:35:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Delta Electronics ISPSoft version 3.20 is vulnerable to an\u0026nbsp;Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file."
}
],
"value": "Delta Electronics ISPSoft version 3.20 is vulnerable to an\u00a0Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T08:21:22.470Z",
"orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"shortName": "Deltaww"
},
"references": [
{
"url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00004_ISPSoft%20-%20Multiple%20Vulnerabilities_v2.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Download and update to: v3.21 or later"
}
],
"value": "Download and update to: v3.21 or later"
}
],
"source": {
"defect": [
"CISA"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-01-19T06:09:00.000Z",
"value": "Reported"
},
{
"lang": "en",
"time": "2025-04-21T07:35:00.000Z",
"value": "ISPSoft v3.21 released"
}
],
"title": "ISPSoft File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"assignerShortName": "Deltaww",
"cveId": "CVE-2025-4125",
"datePublished": "2025-04-30T08:21:22.470Z",
"dateReserved": "2025-04-30T07:38:44.905Z",
"dateUpdated": "2025-04-30T13:03:53.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27280 (GCVE-0-2020-27280)
Vulnerability from cvelistv5
Published
2021-01-26 12:51
Modified
2024-08-04 16:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - USE AFTER FREE
Summary
A use after free issue has been identified in the way ISPSoft(v3.12 and prior) processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-21-021-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:11:36.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-021-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ISPSoft",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v3.12 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use after free issue has been identified in the way ISPSoft(v3.12 and prior) processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "USE AFTER FREE CWE-416",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-26T12:51:33",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-021-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-27280",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ISPSoft",
"version": {
"version_data": [
{
"version_value": "v3.12 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use after free issue has been identified in the way ISPSoft(v3.12 and prior) processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE AFTER FREE CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-021-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-021-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-27280",
"datePublished": "2021-01-26T12:51:33",
"dateReserved": "2020-10-19T00:00:00",
"dateUpdated": "2024-08-04T16:11:36.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22883 (GCVE-0-2025-22883)
Vulnerability from cvelistv5
Published
2025-04-30 07:36
Modified
2025-04-30 13:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Delta Electronics | ISPSoft |
Version: 0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22883",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T13:04:42.531658Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T13:04:51.768Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "ISPSoft",
"vendor": "Delta Electronics",
"versions": [
{
"lessThanOrEqual": "3.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-04-30T07:35:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Delta Electronics ISPSoft version 3.20 is vulnerable to an\u0026nbsp;Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file."
}
],
"value": "Delta Electronics ISPSoft version 3.20 is vulnerable to an\u00a0Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T07:36:13.595Z",
"orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"shortName": "Deltaww"
},
"references": [
{
"url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00004_ISPSoft%20-%20Multiple%20Vulnerabilities_v1.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Download and update to: v3.21 or later"
}
],
"value": "Download and update to: v3.21 or later"
}
],
"source": {
"defect": [
"CISA"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-08-28T06:09:00.000Z",
"value": "Reported"
},
{
"lang": "en",
"time": "2025-04-21T07:35:00.000Z",
"value": "ISPSoft v3.21 released"
}
],
"title": "ISPSoft File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"assignerShortName": "Deltaww",
"cveId": "CVE-2025-22883",
"datePublished": "2025-04-30T07:36:13.595Z",
"dateReserved": "2025-01-09T03:48:26.774Z",
"dateUpdated": "2025-04-30T13:04:51.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-202101-0360
Vulnerability from variot
A use after free issue has been identified in the way ISPSoft(v3.12 and prior) processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution. Delta Electronics The following vulnerabilities exist in multiple products provided by the company. ‥ * Use of freed memory (Use-after-free) (CWE-416) - CVE-2020-27280 ‥ * Untrusted pointer reference (CWE-822) - CVE-2020-27288 ‥ * Out-of-bounds writing (CWE-787) - CVE-2020-27284Both vulnerabilities could allow arbitrary code to be executed with application privileges by processing a specially crafted project file. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation ISPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of ISP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics ISPSoft is a set of PLC (Programmable Logic Controller) programming software of Delta Electronics, Taiwan, China.
Delta Electronics ISPSoft v3.12 and prior has an access control error vulnerability, which is caused by the network system or product improperly restricting access to resources from unauthorized roles
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "ispsoft",
"scope": "lte",
"trust": 1.0,
"vendor": "deltaww",
"version": "3.12"
},
{
"_id": null,
"model": "ispsoft",
"scope": "eq",
"trust": 0.8,
"vendor": "delta",
"version": "v3.12 - cve-2020-27280"
},
{
"_id": null,
"model": "tpeditor",
"scope": "eq",
"trust": 0.8,
"vendor": "delta",
"version": "v1.98 - cve-2020-27284\u3001cve-2020-27288"
},
{
"_id": null,
"model": "ispsoft",
"scope": null,
"trust": 0.7,
"vendor": "delta industrial automation",
"version": null
},
{
"_id": null,
"model": "electronics ispsoft",
"scope": "lte",
"trust": 0.6,
"vendor": "delta",
"version": "\u003c=v3.12"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-079"
},
{
"db": "CNVD",
"id": "CNVD-2021-05447"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001012"
},
{
"db": "NVD",
"id": "CVE-2020-27280"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:delta_electronics:ispsoft",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:delta_electronics:tpeditor",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001012"
}
]
},
"credits": {
"_id": null,
"data": "Francis Provencher {PRL}",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-079"
}
],
"trust": 0.7
},
"cve": "CVE-2020-27280",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-27280",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2021-05447",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-001012",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 2.4,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-27280",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-27280",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2021-001012",
"trust": 2.4,
"value": "High"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2020-27280",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2020-27280",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-05447",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-1642",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-27280",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-079"
},
{
"db": "CNVD",
"id": "CNVD-2021-05447"
},
{
"db": "VULMON",
"id": "CVE-2020-27280"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001012"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001012"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001012"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1642"
},
{
"db": "NVD",
"id": "CVE-2020-27280"
}
]
},
"description": {
"_id": null,
"data": "A use after free issue has been identified in the way ISPSoft(v3.12 and prior) processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution. Delta Electronics The following vulnerabilities exist in multiple products provided by the company. \u2025 * Use of freed memory (Use-after-free) (CWE-416) - CVE-2020-27280 \u2025 * Untrusted pointer reference (CWE-822) - CVE-2020-27288 \u2025 * Out-of-bounds writing (CWE-787) - CVE-2020-27284Both vulnerabilities could allow arbitrary code to be executed with application privileges by processing a specially crafted project file. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation ISPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of ISP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics ISPSoft is a set of PLC (Programmable Logic Controller) programming software of Delta Electronics, Taiwan, China. \n\r\n\r\nDelta Electronics ISPSoft v3.12 and prior has an access control error vulnerability, which is caused by the network system or product improperly restricting access to resources from unauthorized roles",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-27280"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001012"
},
{
"db": "ZDI",
"id": "ZDI-21-079"
},
{
"db": "CNVD",
"id": "CNVD-2021-05447"
},
{
"db": "VULMON",
"id": "CVE-2020-27280"
}
],
"trust": 2.88
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-27280",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-21-021-01",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU95339074",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-21-021-02",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001012",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11489",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-21-079",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-05447",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0258",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1642",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-27280",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-079"
},
{
"db": "CNVD",
"id": "CNVD-2021-05447"
},
{
"db": "VULMON",
"id": "CVE-2020-27280"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001012"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1642"
},
{
"db": "NVD",
"id": "CVE-2020-27280"
}
]
},
"id": "VAR-202101-0360",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-05447"
}
],
"trust": 1.296078435
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-05447"
}
]
},
"last_update_date": "2024-11-23T22:33:09.850000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Download Center (TPEditor)",
"trust": 0.8,
"url": "https://downloadcenter.deltaww.com/en-US/DownloadCenter?v=1\u0026CID=06\u0026itemID=060302\u0026dataType=8\u0026q=TPEditor"
},
{
"title": "Delta Industrial Automation has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-021-01"
},
{
"title": "Patch for Delta Electronics ISPSoft access control error vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/248981"
},
{
"title": "Delta Electronics ISPSoft Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139893"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-079"
},
{
"db": "CNVD",
"id": "CNVD-2021-05447"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001012"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1642"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-416",
"trust": 1.8
},
{
"problemtype": "CWE-787",
"trust": 0.8
},
{
"problemtype": "CWE-822",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001012"
},
{
"db": "NVD",
"id": "CVE-2020-27280"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-021-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27280"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27284"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27288"
},
{
"trust": 0.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-021-02"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu95339074"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27280"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0258/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195495"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-079"
},
{
"db": "CNVD",
"id": "CNVD-2021-05447"
},
{
"db": "VULMON",
"id": "CVE-2020-27280"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001012"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1642"
},
{
"db": "NVD",
"id": "CVE-2020-27280"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-21-079",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2021-05447",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2020-27280",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001012",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1642",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-27280",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-01-22T00:00:00",
"db": "ZDI",
"id": "ZDI-21-079",
"ident": null
},
{
"date": "2021-01-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-05447",
"ident": null
},
{
"date": "2021-01-26T00:00:00",
"db": "VULMON",
"id": "CVE-2020-27280",
"ident": null
},
{
"date": "2021-01-25T07:03:55",
"db": "JVNDB",
"id": "JVNDB-2021-001012",
"ident": null
},
{
"date": "2021-01-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-1642",
"ident": null
},
{
"date": "2021-01-26T18:15:45.803000",
"db": "NVD",
"id": "CVE-2020-27280",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-01-22T00:00:00",
"db": "ZDI",
"id": "ZDI-21-079",
"ident": null
},
{
"date": "2021-02-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-05447",
"ident": null
},
{
"date": "2021-02-02T00:00:00",
"db": "VULMON",
"id": "CVE-2020-27280",
"ident": null
},
{
"date": "2021-01-25T07:03:55",
"db": "JVNDB",
"id": "JVNDB-2021-001012",
"ident": null
},
{
"date": "2021-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-1642",
"ident": null
},
{
"date": "2024-11-21T05:20:59.337000",
"db": "NVD",
"id": "CVE-2020-27280",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-1642"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "plural Delta Electronics Product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001012"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-1642"
}
],
"trust": 0.6
}
}
var-201810-0388
Vulnerability from variot
Delta Electronics ISPSoft version 3.0.5 and prior allow an attacker, by opening a crafted file, to cause the application to read past the boundary allocated to a stack object, which could allow execution of code under the context of the application. Delta Electronics ISPSoft Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation ISPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of fields in DVP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics ISPSoft is a new generation of Delta PLC programming software from Delta Electronics. A failed attack can result in a denial of service. Failed exploit attempts will likely cause a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0388",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ispsoft",
"scope": "lte",
"trust": 1.0,
"vendor": "deltaww",
"version": "3.0.5"
},
{
"model": "ispsoft",
"scope": "lte",
"trust": 0.8,
"vendor": "delta",
"version": "3.0.5"
},
{
"model": "ispsoft",
"scope": null,
"trust": 0.7,
"vendor": "delta industrial automation",
"version": null
},
{
"model": "electronics ispsoft",
"scope": "lte",
"trust": 0.6,
"vendor": "delta",
"version": "\u003c=3.0.5"
},
{
"model": "ispsoft",
"scope": "eq",
"trust": 0.6,
"vendor": "deltaww",
"version": "3.05"
},
{
"model": "electronics inc ispsoft",
"scope": "eq",
"trust": 0.3,
"vendor": "delta",
"version": "3.0.5"
},
{
"model": "electronics inc ispsoft",
"scope": "eq",
"trust": 0.3,
"vendor": "delta",
"version": "3.02.11"
},
{
"model": "electronics inc ispsoft",
"scope": "eq",
"trust": 0.3,
"vendor": "delta",
"version": "3.0"
},
{
"model": "electronics inc ispsoft",
"scope": "ne",
"trust": 0.3,
"vendor": "delta",
"version": "3.0.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ispsoft",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "a0ad6541-a14b-4dea-a482-1e6b57c9edc0"
},
{
"db": "ZDI",
"id": "ZDI-18-1139"
},
{
"db": "CNVD",
"id": "CNVD-2019-32234"
},
{
"db": "BID",
"id": "105485"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011166"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-100"
},
{
"db": "NVD",
"id": "CVE-2018-14800"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:delta_electronics:ispsoft",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011166"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ariele Caltabiano (kimiya)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1139"
}
],
"trust": 0.7
},
"cve": "CVE-2018-14800",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-14800",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 2.5,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2019-32234",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "a0ad6541-a14b-4dea-a482-1e6b57c9edc0",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2018-14800",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-14800",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-14800",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2018-14800",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-32234",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-100",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "a0ad6541-a14b-4dea-a482-1e6b57c9edc0",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a0ad6541-a14b-4dea-a482-1e6b57c9edc0"
},
{
"db": "ZDI",
"id": "ZDI-18-1139"
},
{
"db": "CNVD",
"id": "CNVD-2019-32234"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011166"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-100"
},
{
"db": "NVD",
"id": "CVE-2018-14800"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta Electronics ISPSoft version 3.0.5 and prior allow an attacker, by opening a crafted file, to cause the application to read past the boundary allocated to a stack object, which could allow execution of code under the context of the application. Delta Electronics ISPSoft Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation ISPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of fields in DVP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics ISPSoft is a new generation of Delta PLC programming software from Delta Electronics. A failed attack can result in a denial of service. Failed exploit attempts will likely cause a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14800"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011166"
},
{
"db": "ZDI",
"id": "ZDI-18-1139"
},
{
"db": "CNVD",
"id": "CNVD-2019-32234"
},
{
"db": "BID",
"id": "105485"
},
{
"db": "IVD",
"id": "a0ad6541-a14b-4dea-a482-1e6b57c9edc0"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-14800",
"trust": 4.2
},
{
"db": "ICS CERT",
"id": "ICSA-18-275-01",
"trust": 2.7
},
{
"db": "BID",
"id": "105485",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2019-32234",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201810-100",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011166",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-6367",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1139",
"trust": 0.7
},
{
"db": "IVD",
"id": "A0AD6541-A14B-4DEA-A482-1E6B57C9EDC0",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a0ad6541-a14b-4dea-a482-1e6b57c9edc0"
},
{
"db": "ZDI",
"id": "ZDI-18-1139"
},
{
"db": "CNVD",
"id": "CNVD-2019-32234"
},
{
"db": "BID",
"id": "105485"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011166"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-100"
},
{
"db": "NVD",
"id": "CVE-2018-14800"
}
]
},
"id": "VAR-201810-0388",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a0ad6541-a14b-4dea-a482-1e6b57c9edc0"
},
{
"db": "CNVD",
"id": "CNVD-2019-32234"
}
],
"trust": 1.51405229
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "a0ad6541-a14b-4dea-a482-1e6b57c9edc0"
},
{
"db": "CNVD",
"id": "CNVD-2019-32234"
}
]
},
"last_update_date": "2024-11-23T23:02:00.584000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.deltaww.com/"
},
{
"title": "Delta Industrial Automation has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-275-01"
},
{
"title": "Patch for Delta Electronics ISPSoft Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/181347"
},
{
"title": "Delta Electronics ISPSoft Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86141"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1139"
},
{
"db": "CNVD",
"id": "CNVD-2019-32234"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011166"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-100"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.8
},
{
"problemtype": "CWE-121",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011166"
},
{
"db": "NVD",
"id": "CVE-2018-14800"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-275-01"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/105485"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14800"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14800"
},
{
"trust": 0.3,
"url": "http://www.deltaww.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1139"
},
{
"db": "CNVD",
"id": "CNVD-2019-32234"
},
{
"db": "BID",
"id": "105485"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011166"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-100"
},
{
"db": "NVD",
"id": "CVE-2018-14800"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a0ad6541-a14b-4dea-a482-1e6b57c9edc0"
},
{
"db": "ZDI",
"id": "ZDI-18-1139"
},
{
"db": "CNVD",
"id": "CNVD-2019-32234"
},
{
"db": "BID",
"id": "105485"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011166"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-100"
},
{
"db": "NVD",
"id": "CVE-2018-14800"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-20T00:00:00",
"db": "IVD",
"id": "a0ad6541-a14b-4dea-a482-1e6b57c9edc0"
},
{
"date": "2018-10-10T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1139"
},
{
"date": "2019-09-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-32234"
},
{
"date": "2018-10-02T00:00:00",
"db": "BID",
"id": "105485"
},
{
"date": "2019-01-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011166"
},
{
"date": "2018-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-100"
},
{
"date": "2018-10-03T13:29:00.243000",
"db": "NVD",
"id": "CVE-2018-14800"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-10T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1139"
},
{
"date": "2019-09-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-32234"
},
{
"date": "2018-10-02T00:00:00",
"db": "BID",
"id": "105485"
},
{
"date": "2019-01-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011166"
},
{
"date": "2019-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-100"
},
{
"date": "2024-11-21T03:49:49.317000",
"db": "NVD",
"id": "CVE-2018-14800"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-100"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta Electronics ISPSoft Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "a0ad6541-a14b-4dea-a482-1e6b57c9edc0"
},
{
"db": "CNVD",
"id": "CNVD-2019-32234"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "a0ad6541-a14b-4dea-a482-1e6b57c9edc0"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-100"
}
],
"trust": 0.8
}
}
var-202401-1633
Vulnerability from variot
A heap buffer-overflow exists in Delta Electronics ISPSoft. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DVP file to achieve code execution. of ISPSoft Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202401-1633",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ispsoft",
"scope": "eq",
"trust": 1.0,
"vendor": "deltaww",
"version": "3.02.11"
},
{
"model": "ispsoft",
"scope": "eq",
"trust": 0.8,
"vendor": "delta",
"version": null
},
{
"model": "ispsoft",
"scope": null,
"trust": 0.8,
"vendor": "delta",
"version": null
},
{
"model": "ispsoft",
"scope": "eq",
"trust": 0.8,
"vendor": "delta",
"version": "3.02.11"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-025426"
},
{
"db": "NVD",
"id": "CVE-2023-5131"
}
]
},
"cve": "CVE-2023-5131",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "disclosures@exodusintel.com",
"availabilityImpact": "COMPLETE",
"baseScore": 7.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CVE-2023-5131",
"impactScore": 9.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:P/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "disclosures@exodusintel.com",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2023-5131",
"impactScore": 6.0,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-5131",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-5131",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "disclosures@exodusintel.com",
"id": "CVE-2023-5131",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-5131",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-5131",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-025426"
},
{
"db": "NVD",
"id": "CVE-2023-5131"
},
{
"db": "NVD",
"id": "CVE-2023-5131"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A heap buffer-overflow exists in Delta Electronics ISPSoft. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DVP file to achieve code execution. of ISPSoft Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-5131"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-025426"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-5131",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2023-025426",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-025426"
},
{
"db": "NVD",
"id": "CVE-2023-5131"
}
]
},
"id": "VAR-202401-1633",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.39215687
},
"last_update_date": "2024-08-14T14:48:39.460000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-025426"
},
{
"db": "NVD",
"id": "CVE-2023-5131"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://blog.exodusintel.com/2024/01/18/delta-electronics-ispsoft-heap-buffer-overflow/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5131"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-025426"
},
{
"db": "NVD",
"id": "CVE-2023-5131"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2023-025426"
},
{
"db": "NVD",
"id": "CVE-2023-5131"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-02-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-025426"
},
{
"date": "2024-01-18T22:15:11.100000",
"db": "NVD",
"id": "CVE-2023-5131"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-02-05T06:02:00",
"db": "JVNDB",
"id": "JVNDB-2023-025426"
},
{
"date": "2024-01-25T02:03:48.947000",
"db": "NVD",
"id": "CVE-2023-5131"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta\u00a0Electronics,\u00a0INC.\u00a0 of \u00a0ISPSoft\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-025426"
}
],
"trust": 0.8
}
}