Type Confusion Remote Code Execution Vulnerability in Delta Electronics DRASimuCAD
CVE-2024-12836

Currently unrated

Key Information:

Vendor: Delta Electronics
Status: Drasimucad
Vendor: CVE Published:; 30 December 2024

Summary

A vulnerability affecting Delta Electronics DRASimuCAD arises from improper parsing of STP files, leading to a type confusion issue. This flaw allows remote attackers to execute arbitrary code if a user interacts with malicious content, such as visiting a compromised webpage or opening a crafted file. The vulnerability stems from insufficient validation of user-supplied data, which could lead to unwanted code execution in the context of the current process, thereby posing a significant risk to affected installations.

Affected Version(s)

DRASimuCAD 1.02

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1724/

x_research-advisory

Timeline

Vulnerability published
Dec 30, 2024