VAR-202104-1015
Vulnerability from variot - Updated: 2023-12-18 11:26Delta Industrial Automation COMMGR Versions 1.12 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute remote code. plural Delta Electronics There are multiple vulnerabilities in the product. Delta Electronics Provided by COMMGR The following vulnerabilities exist in. * Stack-based buffer overflow (CWE-121) - CVE-2021-27480Delta Electronics Provided by CNCSoft ScreenEditor The following vulnerabilities exist in. * Out-of-bounds read (CWE-125) - CVE-2021-22668Delta Electronics Provided by CNCSoft-B The following multiple vulnerabilities exist in. * Out-of-bounds read (CWE-125) - CVE-2021-22660 ‥ * Out-of-bounds writing (CWE-787) - CVE-2021-22664The expected impact depends on each vulnerability, but it may be affected as follows. * Code executed by a remote third party - CVE-2021-27480 ‥ * Arbitrary code executed when loading a project file - CVE-2021-22668 ‥ * Execute arbitrary code - CVE-2021-22660 , CVE-2021-22664. Delta Industrial Automation COMMGR is a PLC of Delta Industrial Automation, India. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202104-1015",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "industrial automation commgr",
"scope": "lte",
"trust": 1.0,
"vendor": "deltaww",
"version": "1.12"
},
{
"model": "cncsoft",
"scope": null,
"trust": 0.8,
"vendor": "delta",
"version": null
},
{
"model": "cncsoft-b",
"scope": null,
"trust": 0.8,
"vendor": "delta",
"version": null
},
{
"model": "commgr",
"scope": "lte",
"trust": 0.8,
"vendor": "delta",
"version": "version 1.12 and earlier"
},
{
"model": "industrial automation commgr",
"scope": "lte",
"trust": 0.6,
"vendor": "delta",
"version": "\u003c=1.12"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-34524"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001379"
},
{
"db": "NVD",
"id": "CVE-2021-27480"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:deltaww:industrial_automation_commgr:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.12",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-27480"
}
]
},
"cve": "CVE-2021-27480",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-34524",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-27480",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-001379",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-27480",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2021-001379",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2021-34524",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-1571",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-27480",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-34524"
},
{
"db": "VULMON",
"id": "CVE-2021-27480"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001379"
},
{
"db": "NVD",
"id": "CVE-2021-27480"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-1571"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta Industrial Automation COMMGR Versions 1.12 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute remote code. plural Delta Electronics There are multiple vulnerabilities in the product. Delta Electronics Provided by COMMGR The following vulnerabilities exist in. * Stack-based buffer overflow (CWE-121) - CVE-2021-27480Delta Electronics Provided by CNCSoft ScreenEditor The following vulnerabilities exist in. * Out-of-bounds read (CWE-125) - CVE-2021-22668Delta Electronics Provided by CNCSoft-B The following multiple vulnerabilities exist in. * Out-of-bounds read (CWE-125) - CVE-2021-22660 \u2025 * Out-of-bounds writing (CWE-787) - CVE-2021-22664The expected impact depends on each vulnerability, but it may be affected as follows. * Code executed by a remote third party - CVE-2021-27480 \u2025 * Arbitrary code executed when loading a project file - CVE-2021-22668 \u2025 * Execute arbitrary code - CVE-2021-22660 , CVE-2021-22664. Delta Industrial Automation COMMGR is a PLC of Delta Industrial Automation, India. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-27480"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001379"
},
{
"db": "CNVD",
"id": "CNVD-2021-34524"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-27480"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-27480",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-21-110-03",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-21-110-05",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-21-110-04",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU93609621",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001379",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-34524",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042146",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-1571",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-27480",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-34524"
},
{
"db": "VULMON",
"id": "CVE-2021-27480"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001379"
},
{
"db": "NVD",
"id": "CVE-2021-27480"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-1571"
}
]
},
"id": "VAR-202104-1015",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-34524"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-34524"
}
]
},
"last_update_date": "2023-12-18T11:26:23.118000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CNCSoft-B\u00a0V1.0.0.4",
"trust": 0.8,
"url": "https://downloadcenter.deltaww.com/en-us/downloadcenter?v=1\u0026cid=06\u0026itemid=060301\u0026datatype=8\u0026sort_expr=cdate\u0026sort_dir=desc"
},
{
"title": "Patch for Delta Industrial Automation COMMGR remote code execution vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/264841"
},
{
"title": "Delta Industrial Automation COMMGR Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=149711"
},
{
"title": "CVE-2021-27480",
"trust": 0.1,
"url": "https://github.com/jamesgeee/cve-2021-27480 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-34524"
},
{
"db": "VULMON",
"id": "CVE-2021-27480"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001379"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-1571"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds read (CWE-125) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [IPA Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001379"
},
{
"db": "NVD",
"id": "CVE-2021-27480"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-110-03"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu93609621"
},
{
"trust": 0.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-110-04"
},
{
"trust": 0.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-110-05"
},
{
"trust": 0.6,
"url": "https://downloadcenter.deltaww.com/en-us/downloadcenter?v=1\u0026cid=06\u0026itemid=060301\u0026datatype=8\u0026sort_expr=cdate\u0026sort_dir=desc"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042146"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27480"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"trust": 0.1,
"url": "https://github.com/jamesgeee/cve-2021-27480"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-34524"
},
{
"db": "VULMON",
"id": "CVE-2021-27480"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001379"
},
{
"db": "NVD",
"id": "CVE-2021-27480"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-1571"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-34524"
},
{
"db": "VULMON",
"id": "CVE-2021-27480"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001379"
},
{
"db": "NVD",
"id": "CVE-2021-27480"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-1571"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-34524"
},
{
"date": "2021-04-27T00:00:00",
"db": "VULMON",
"id": "CVE-2021-27480"
},
{
"date": "2021-04-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-001379"
},
{
"date": "2021-04-27T12:15:07.453000",
"db": "NVD",
"id": "CVE-2021-27480"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-1571"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-34524"
},
{
"date": "2021-05-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-27480"
},
{
"date": "2021-04-23T07:25:00",
"db": "JVNDB",
"id": "JVNDB-2021-001379"
},
{
"date": "2021-05-07T16:11:41.720000",
"db": "NVD",
"id": "CVE-2021-27480"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-05-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-1571"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-1571"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Delta\u00a0Electronics\u00a0 Multiple vulnerabilities in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001379"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-1571"
}
],
"trust": 1.2
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…