Write-What-Where Vulnerability in Delta Electronics TPEditor Software
CVE-2020-16225

7.8HIGH

Key Information:

Vendor: Deltaww
Status: Delta Electronics Tpeditor
Vendor: CVE Published:; 7 August 2020

What is CVE-2020-16225?

A write-what-where condition has been identified in Delta Electronics TPEditor versions 1.97 and earlier. This vulnerability can be exploited by attackers through specially crafted project files, potentially allowing unauthorized access to sensitive information, modification of application data, execution of arbitrary code, or even application crashes. Organizations using affected versions should take prompt action to secure their systems and mitigate potential risks.

Affected Version(s)

Delta Electronics TPEditor TPEditor Versions 1.97 and prior

References

https://us-cert.cisa.gov/ics/advisories/icsa-20-219-04

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-20-964/

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 7, 2020
Vulnerability Reserved
Jul 31, 2020

CVE-2020-16225 Data

JSON

Deltaww

What is CVE-2020-16225?

Affected Version(s)

References

CVSS V3.1

Timeline