Out-of-Bounds Write Vulnerability in Delta Electronics CNCSoft-B Software
CVE-2020-27287

7.8HIGH

Key Information:

Vendor

Deltaww

Status
Delta Electronics
Vendor
CVE Published:
11 January 2021

What is CVE-2020-27287?

Delta Electronics CNCSoft-B, up to version 1.0.0.2, is susceptible to an out-of-bounds write vulnerability in the way it processes project files. This flaw potentially enables an attacker to execute arbitrary code, allowing for unauthorized actions within the system. This vulnerability highlights the need for timely software updates and rigorous security assessments to protect operational technology environments.

Affected Version(s)

Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior

References

https://us-cert.cisa.gov/ics/advisories/icsa-21-007-04
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-21-044/
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-21-030/
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.