Filtered by vendor Deltaww
Subscribe
Total
224 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-43819 | 1 Deltaww | 1 Dopsoft | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the InitialMacroLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution. | |||||
| CVE-2023-43818 | 1 Deltaww | 1 Dopsoft | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution. | |||||
| CVE-2023-43817 | 1 Deltaww | 1 Dopsoft | 2024-11-21 | 6.8 MEDIUM | 7.5 HIGH |
| A buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft version 2 when parsing the wMailContentLen field of a DPS file. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve code execution. | |||||
| CVE-2023-43816 | 1 Deltaww | 1 Dopsoft | 2024-11-21 | 6.8 MEDIUM | 6.3 MEDIUM |
| A buffer overflow vulnerability exists in Delta Electronics Delta Industrial Automation DOPSoft version 2 when parsing the wKPFStringLen field of a DPS file. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve code execution. | |||||
| CVE-2023-43815 | 1 Deltaww | 1 Dopsoft | 2024-11-21 | 6.8 MEDIUM | 7.1 HIGH |
| A buffer overflow vulnerability exists in Delta Electronics Delta Industrial Automation DOPSoft version 2 when parsing the wScreenDESCTextLen field of a DPS file. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve code execution. | |||||
| CVE-2023-39226 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | N/A | 9.8 CRITICAL |
| In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute arbitrary code through a single UDP packet. | |||||
| CVE-2023-34347 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | N/A | 9.8 CRITICAL |
| ?Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contains classes that cannot be deserialized, which could allow an attack to remotely execute arbitrary code. | |||||
| CVE-2023-34316 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | N/A | 6.5 MEDIUM |
| ?An attacker could bypass the latest Delta Electronics InfraSuite Device Master (versions prior to 1.0.7) patch, which could allow an attacker to retrieve file contents. | |||||
| CVE-2023-30765 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | N/A | 8.8 HIGH |
| ?Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contain improper access controls that could allow an attacker to alter privilege management configurations, resulting in privilege escalation. | |||||
| CVE-2023-25177 | 1 Deltaww | 1 Cncsoft-b | 2024-11-21 | N/A | 7.8 HIGH |
| Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to stack-based buffer overflow, which could allow an attacker to execute arbitrary code. | |||||
| CVE-2023-24014 | 1 Deltaww | 1 Cncsoft-b | 2024-11-21 | N/A | 7.8 HIGH |
| Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to heap-based buffer overflow, which could allow an attacker to execute arbitrary code. | |||||
| CVE-2023-1145 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | N/A | 7.8 HIGH |
| Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution. | |||||
| CVE-2023-1144 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | N/A | 8.8 HIGH |
| Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization, which could result in privilege escalation. | |||||
| CVE-2023-1143 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | N/A | 8.8 HIGH |
| In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2023-1142 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | N/A | 7.5 HIGH |
| In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege escalation. | |||||
| CVE-2023-1141 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | N/A | 8.8 HIGH |
| Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a command injection vulnerability that could allow an attacker to inject arbitrary commands, which could result in remote code execution. | |||||
| CVE-2023-1140 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | N/A | 9.8 CRITICAL |
| Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability that could allow an attacker to achieve unauthenticated remote code execution in the context of an administrator. | |||||
| CVE-2023-1139 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | N/A | 8.8 HIGH |
| Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-gateway service, which could allow deserialization of requests prior to authentication, resulting in remote code execution. | |||||
| CVE-2023-1138 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | N/A | 7.5 HIGH |
| Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain an improper access control vulnerability, which could allow an attacker to retrieve Gateway configuration files to obtain plaintext credentials. | |||||
| CVE-2023-1137 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | N/A | 6.5 MEDIUM |
| Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which a low-level user could extract files and plaintext credentials of administrator users, resulting in privilege escalation. | |||||