var-202109-1255
Vulnerability from variot
Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in multiple out-of-bounds write instances. An attacker could leverage this vulnerability to execute code in the context of the current process. Delta Electronics Provided by the company DOPSoft 2 The following multiple vulnerabilities exist in. * Stack-based buffer overflow ( CWE-121 ) - CVE-2021-38402 ‥ * Out-of-bounds writing ( CWE-787 ) - CVE-2021-38406 ‥ * Heap-based buffer overflow ( CWE-122 ) - CVE-2021-38404When loading a specially crafted project file, malicious code is executed with the privileges of the process in which the product runs. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of XLS files. Delta Electronics DOPSoft is a set of Human-Machine Interface (HMI) software of Taiwan Delta Electronics (Delta Electronics). Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-1255",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dopsoft",
"scope": "lte",
"trust": 1.0,
"vendor": "deltaww",
"version": "2.00.07"
},
{
"model": "dopsoft",
"scope": "gte",
"trust": 1.0,
"vendor": "deltaww",
"version": "2.00"
},
{
"model": "dopsoft 2",
"scope": "lte",
"trust": 0.8,
"vendor": "delta",
"version": "2.00.07 and earlier"
},
{
"model": "dopsoft 2",
"scope": "eq",
"trust": 0.8,
"vendor": "delta",
"version": null
},
{
"model": "dopsoft",
"scope": null,
"trust": 0.7,
"vendor": "delta industrial automation",
"version": null
},
{
"model": "electronics dopsoft",
"scope": "eq",
"trust": 0.6,
"vendor": "delta",
"version": "2\u003c=2.00.07"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-960"
},
{
"db": "CNVD",
"id": "CNVD-2021-70155"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002380"
},
{
"db": "NVD",
"id": "CVE-2021-38406"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "kimiya",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-960"
}
],
"trust": 0.7
},
"cve": "CVE-2021-38406",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-38406",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2021-70155",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-38406",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-002380",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-38406",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-38406",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2021-38406",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2021-002380",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2021-38406",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-70155",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202109-541",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-38406",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-960"
},
{
"db": "CNVD",
"id": "CNVD-2021-70155"
},
{
"db": "VULMON",
"id": "CVE-2021-38406"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002380"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-541"
},
{
"db": "NVD",
"id": "CVE-2021-38406"
},
{
"db": "NVD",
"id": "CVE-2021-38406"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in multiple out-of-bounds write instances. An attacker could leverage this vulnerability to execute code in the context of the current process. Delta Electronics Provided by the company DOPSoft 2 The following multiple vulnerabilities exist in. * Stack-based buffer overflow ( CWE-121 ) - CVE-2021-38402 \u2025 * Out-of-bounds writing ( CWE-787 ) - CVE-2021-38406 \u2025 * Heap-based buffer overflow ( CWE-122 ) - CVE-2021-38404When loading a specially crafted project file, malicious code is executed with the privileges of the process in which the product runs. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of XLS files. Delta Electronics DOPSoft is a set of Human-Machine Interface (HMI) software of Taiwan Delta Electronics (Delta Electronics). Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-38406"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002380"
},
{
"db": "ZDI",
"id": "ZDI-21-960"
},
{
"db": "CNVD",
"id": "CNVD-2021-70155"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-38406"
}
],
"trust": 3.42
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-38406",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-21-252-02",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU95804712",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002380",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-13127",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-21-960",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-70155",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021091004",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3042",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202109-541",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-38406",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-960"
},
{
"db": "CNVD",
"id": "CNVD-2021-70155"
},
{
"db": "VULMON",
"id": "CVE-2021-38406"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002380"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-541"
},
{
"db": "NVD",
"id": "CVE-2021-38406"
}
]
},
"id": "VAR-202109-1255",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-70155"
}
],
"trust": 1.5642857000000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-70155"
}
]
},
"last_update_date": "2024-08-14T12:24:55.079000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Contact\u00a0Us",
"trust": 0.8,
"url": "https://www.deltaww.com/en/customerService"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002380"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Heap-based buffer overflow (CWE-122) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002380"
},
{
"db": "NVD",
"id": "CVE-2021-38406"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-252-02"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95804712/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-38406"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3042"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021091004"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-70155"
},
{
"db": "VULMON",
"id": "CVE-2021-38406"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002380"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-541"
},
{
"db": "NVD",
"id": "CVE-2021-38406"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-21-960"
},
{
"db": "CNVD",
"id": "CNVD-2021-70155"
},
{
"db": "VULMON",
"id": "CVE-2021-38406"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002380"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-541"
},
{
"db": "NVD",
"id": "CVE-2021-38406"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-09T00:00:00",
"db": "ZDI",
"id": "ZDI-21-960"
},
{
"date": "2021-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-70155"
},
{
"date": "2021-09-17T00:00:00",
"db": "VULMON",
"id": "CVE-2021-38406"
},
{
"date": "2021-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002380"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-09-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-541"
},
{
"date": "2021-09-17T19:15:08.710000",
"db": "NVD",
"id": "CVE-2021-38406"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-09T00:00:00",
"db": "ZDI",
"id": "ZDI-21-960"
},
{
"date": "2022-01-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-70155"
},
{
"date": "2021-10-04T00:00:00",
"db": "VULMON",
"id": "CVE-2021-38406"
},
{
"date": "2021-09-13T06:46:00",
"db": "JVNDB",
"id": "JVNDB-2021-002380"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-541"
},
{
"date": "2021-10-04T18:13:12.250000",
"db": "NVD",
"id": "CVE-2021-38406"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-541"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta\u00a0Electronics\u00a0 Made \u00a0DOPSoft\u00a02\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002380"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.