Remote Code Execution Vulnerability in Delta Electronics DRASimuCAD
CVE-2024-12835

Currently unrated

Key Information:

Vendor: Delta Electronics
Status: Drasimucad
Vendor: CVE Published:; 30 December 2024

Summary

The vulnerability involves an Out-Of-Bounds Write flaw that occurs during the parsing of ICS files in Delta Electronics DRASimuCAD. It arises due to inadequate validation of user-supplied data, which can lead to a situation where an attacker is able to write beyond the allocated buffer. This can allow attackers to execute arbitrary code on systems running affected versions of the software, provided that the user interacts with a malicious page or opens a compromised file. The issue highlights significant security concerns for installations of DRASimuCAD that have not been updated to address this flaw. Proper security measures and prompt updates are essential to mitigate risks associated with this vulnerability.

Affected Version(s)

DRASimuCAD 1.02

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1723/

x_research-advisory

Timeline

Vulnerability published
Dec 30, 2024