cnvd - cnvd-2021-70158

cnvd-2021-70158

Vulnerability from cnvd

Title: Delta Electronics DIAScreen类型混淆漏洞

Description:

Delta Electronics DIAScreen是中国台湾台达电子（Delta Electronics）公司的一个智能机台建置软件。

Delta Electronics DIAScreen存在安全漏洞，该漏洞源于DIAScreen容易受到类型混淆的影响，攻击者可利用漏洞远程执行任意代码。

Severity: 高

Patch Name: Delta Electronics DIAScreen类型混淆漏洞的补丁

Patch Description:

Delta Electronics DIAScreen是中国台湾台达电子（Delta Electronics）公司的一个智能机台建置软件。

Delta Electronics DIAScreen存在安全漏洞，该漏洞源于DIAScreen容易受到类型混淆的影响，攻击者可利用漏洞远程执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://diastudio.deltaww.com/home/downloads?sec=download

Reference: https://us-cert.cisa.gov/ics/advisories/icsa-21-208-05

Impacted products

Name
Delta Electronics DIAScreen <1.1.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-32965"
    }
  },
  "description": "Delta Electronics DIAScreen\u662f\u4e2d\u56fd\u53f0\u6e7e\u53f0\u8fbe\u7535\u5b50\uff08Delta Electronics\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u667a\u80fd\u673a\u53f0\u5efa\u7f6e\u8f6f\u4ef6\u3002\n\nDelta Electronics DIAScreen\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eDIAScreen\u5bb9\u6613\u53d7\u5230\u7c7b\u578b\u6df7\u6dc6\u7684\u5f71\u54cd\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u8fdc\u7a0b\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://diastudio.deltaww.com/home/downloads?sec=download",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-70158",
  "openTime": "2021-09-12",
  "patchDescription": "Delta Electronics DIAScreen\u662f\u4e2d\u56fd\u53f0\u6e7e\u53f0\u8fbe\u7535\u5b50\uff08Delta Electronics\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u667a\u80fd\u673a\u53f0\u5efa\u7f6e\u8f6f\u4ef6\u3002\r\n\r\nDelta Electronics DIAScreen\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eDIAScreen\u5bb9\u6613\u53d7\u5230\u7c7b\u578b\u6df7\u6dc6\u7684\u5f71\u54cd\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u8fdc\u7a0b\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Delta Electronics DIAScreen\u7c7b\u578b\u6df7\u6dc6\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Delta Electronics DIAScreen \u003c1.1.0"
  },
  "referenceLink": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-05",
  "serverity": "\u9ad8",
  "submitTime": "2021-07-29",
  "title": "Delta Electronics DIAScreen\u7c7b\u578b\u6df7\u6dc6\u6f0f\u6d1e"
}

CVE-2021-32965 (GCVE-0-2021-32965)

Vulnerability from cvelistv5

Published

2022-05-24 17:56

Modified

2025-04-16 17:53

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Summary

Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to type confusion, which may allow an attacker to remotely execute arbitrary code.

References

▼	URL	Tags
	https://www.cisa.gov/uscert/ics/advisories/icsa-21-208-05	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Delta Electronics	DIAScreen	Version: All < v1.1.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:33:56.073Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-208-05"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-32965",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T17:28:57.422614Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T17:53:36.675Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DIAScreen",
          "vendor": "Delta Electronics",
          "versions": [
            {
              "lessThan": "v1.1.0",
              "status": "affected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Kimiya, working with Trend Micro\u2019s Zero Day Initiative, reported this vulnerability to CISA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to type confusion, which may allow an attacker to remotely execute arbitrary code."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-843",
              "description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-24T17:56:01.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-208-05"
        }
      ],
      "source": {
        "advisory": "ICSA-21-208-05",
        "discovery": "UNKNOWN"
      },
      "title": "Delta Electronics DIAScreen - Type Confusion, Out-of-bounds Write",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2021-32965",
          "STATE": "PUBLIC",
          "TITLE": "Delta Electronics DIAScreen - Type Confusion, Out-of-bounds Write"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DIAScreen",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "All",
                            "version_value": "v1.1.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Delta Electronics"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Kimiya, working with Trend Micro\u2019s Zero Day Initiative, reported this vulnerability to CISA."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to type confusion, which may allow an attacker to remotely execute arbitrary code."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-208-05",
              "refsource": "MISC",
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-208-05"
            }
          ]
        },
        "source": {
          "advisory": "ICSA-21-208-05",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2021-32965",
    "datePublished": "2022-05-24T17:56:01.000Z",
    "dateReserved": "2021-05-13T00:00:00.000Z",
    "dateUpdated": "2025-04-16T17:53:36.675Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted