CVE-2024-39880

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.
References
Link Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-01 Third Party Advisory US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-01 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

cpe:2.3:a:deltaww:cncsoft-g2:2.0.0.5:*:*:*:*:*:*:*

History

21 Nov 2024, 09:28

Type Values Removed Values Added
References () https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-01 - Third Party Advisory, US Government Resource () https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-01 - Third Party Advisory, US Government Resource
CVSS v2 : unknown
v3 : 8.8
v2 : unknown
v3 : 7.8

29 Aug 2024, 17:38

Type Values Removed Values Added
First Time Deltaww cncsoft-g2
Deltaww
CWE CWE-787
CVSS v2 : unknown
v3 : 7.8
v2 : unknown
v3 : 8.8
CPE cpe:2.3:a:deltaww:cncsoft-g2:2.0.0.5:*:*:*:*:*:*:*
References () https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-01 - () https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-01 - Third Party Advisory, US Government Resource

11 Jul 2024, 13:05

Type Values Removed Values Added
Summary
  • (es) Delta Electronics CNCSoft-G2 carece de una validación adecuada de la longitud de los datos proporcionados por el usuario antes de copiarlos en un búfer basado en pila de longitud fija. Si un objetivo visita una página maliciosa o abre un archivo malicioso, un atacante puede aprovechar esta vulnerabilidad para ejecutar código en el contexto del proceso actual.

10 Jul 2024, 00:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8

09 Jul 2024, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-09 22:15

Updated : 2024-11-21 09:28


NVD link : CVE-2024-39880

Mitre link : CVE-2024-39880

CVE.ORG link : CVE-2024-39880


JSON object : View

Products Affected

deltaww

  • cncsoft-g2
CWE
CWE-121

Stack-based Buffer Overflow

CWE-787

Out-of-bounds Write