Search criteria
44 vulnerabilities found for cncsoft-g2 by deltaww
VAR-202407-0233
Vulnerability from variot - Updated: 2025-12-22 23:55Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. Delta Electronics CNCSoft-G2 is a human-machine interface (HMI) software from Delta Electronics, a Chinese company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202407-0233",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cncsoft-g2",
"scope": null,
"trust": 11.9,
"vendor": "delta",
"version": null
},
{
"model": "cncsoft-g2",
"scope": "eq",
"trust": 1.0,
"vendor": "deltaww",
"version": "2.0.0.5"
},
{
"model": "electronics cncsoft-g2",
"scope": "eq",
"trust": 0.6,
"vendor": "delta",
"version": "2.0.0.5"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-944"
},
{
"db": "ZDI",
"id": "ZDI-24-943"
},
{
"db": "ZDI",
"id": "ZDI-24-940"
},
{
"db": "ZDI",
"id": "ZDI-24-937"
},
{
"db": "ZDI",
"id": "ZDI-24-936"
},
{
"db": "ZDI",
"id": "ZDI-24-935"
},
{
"db": "ZDI",
"id": "ZDI-24-939"
},
{
"db": "ZDI",
"id": "ZDI-24-938"
},
{
"db": "ZDI",
"id": "ZDI-24-934"
},
{
"db": "ZDI",
"id": "ZDI-24-933"
},
{
"db": "ZDI",
"id": "ZDI-24-930"
},
{
"db": "ZDI",
"id": "ZDI-24-929"
},
{
"db": "ZDI",
"id": "ZDI-24-928"
},
{
"db": "ZDI",
"id": "ZDI-24-924"
},
{
"db": "ZDI",
"id": "ZDI-24-919"
},
{
"db": "ZDI",
"id": "ZDI-24-918"
},
{
"db": "ZDI",
"id": "ZDI-24-920"
},
{
"db": "CNVD",
"id": "CNVD-2024-32986"
},
{
"db": "NVD",
"id": "CVE-2024-39880"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Natnael Samson (@NattiSamson)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-937"
},
{
"db": "ZDI",
"id": "ZDI-24-936"
},
{
"db": "ZDI",
"id": "ZDI-24-935"
},
{
"db": "ZDI",
"id": "ZDI-24-939"
},
{
"db": "ZDI",
"id": "ZDI-24-938"
},
{
"db": "ZDI",
"id": "ZDI-24-934"
},
{
"db": "ZDI",
"id": "ZDI-24-933"
},
{
"db": "ZDI",
"id": "ZDI-24-930"
},
{
"db": "ZDI",
"id": "ZDI-24-929"
},
{
"db": "ZDI",
"id": "ZDI-24-928"
},
{
"db": "ZDI",
"id": "ZDI-24-924"
},
{
"db": "ZDI",
"id": "ZDI-24-919"
},
{
"db": "ZDI",
"id": "ZDI-24-918"
},
{
"db": "ZDI",
"id": "ZDI-24-920"
}
],
"trust": 9.8
},
"cve": "CVE-2024-39880",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2024-32986",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-39880",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 11.9,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2024-39880",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-39880",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2024-39880",
"trust": 11.9,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2024-39880",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2024-39880",
"trust": 1.0,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2024-32986",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-944"
},
{
"db": "ZDI",
"id": "ZDI-24-943"
},
{
"db": "ZDI",
"id": "ZDI-24-940"
},
{
"db": "ZDI",
"id": "ZDI-24-937"
},
{
"db": "ZDI",
"id": "ZDI-24-936"
},
{
"db": "ZDI",
"id": "ZDI-24-935"
},
{
"db": "ZDI",
"id": "ZDI-24-939"
},
{
"db": "ZDI",
"id": "ZDI-24-938"
},
{
"db": "ZDI",
"id": "ZDI-24-934"
},
{
"db": "ZDI",
"id": "ZDI-24-933"
},
{
"db": "ZDI",
"id": "ZDI-24-930"
},
{
"db": "ZDI",
"id": "ZDI-24-929"
},
{
"db": "ZDI",
"id": "ZDI-24-928"
},
{
"db": "ZDI",
"id": "ZDI-24-924"
},
{
"db": "ZDI",
"id": "ZDI-24-919"
},
{
"db": "ZDI",
"id": "ZDI-24-918"
},
{
"db": "ZDI",
"id": "ZDI-24-920"
},
{
"db": "CNVD",
"id": "CNVD-2024-32986"
},
{
"db": "NVD",
"id": "CVE-2024-39880"
},
{
"db": "NVD",
"id": "CVE-2024-39880"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. Delta Electronics CNCSoft-G2 is a human-machine interface (HMI) software from Delta Electronics, a Chinese company",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-39880"
},
{
"db": "ZDI",
"id": "ZDI-24-943"
},
{
"db": "ZDI",
"id": "ZDI-24-920"
},
{
"db": "ZDI",
"id": "ZDI-24-918"
},
{
"db": "ZDI",
"id": "ZDI-24-919"
},
{
"db": "ZDI",
"id": "ZDI-24-924"
},
{
"db": "ZDI",
"id": "ZDI-24-928"
},
{
"db": "ZDI",
"id": "ZDI-24-929"
},
{
"db": "ZDI",
"id": "ZDI-24-930"
},
{
"db": "ZDI",
"id": "ZDI-24-944"
},
{
"db": "ZDI",
"id": "ZDI-24-934"
},
{
"db": "ZDI",
"id": "ZDI-24-938"
},
{
"db": "ZDI",
"id": "ZDI-24-939"
},
{
"db": "ZDI",
"id": "ZDI-24-935"
},
{
"db": "ZDI",
"id": "ZDI-24-936"
},
{
"db": "ZDI",
"id": "ZDI-24-937"
},
{
"db": "ZDI",
"id": "ZDI-24-940"
},
{
"db": "ZDI",
"id": "ZDI-24-933"
},
{
"db": "CNVD",
"id": "CNVD-2024-32986"
}
],
"trust": 12.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-39880",
"trust": 13.5
},
{
"db": "ICS CERT",
"id": "ICSA-24-191-01",
"trust": 1.6
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-23916",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-944",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-23915",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-943",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-23841",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-940",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-23811",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-937",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-23809",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-936",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-23807",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-935",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-23832",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-939",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-23831",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-938",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-23770",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-934",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-23769",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-933",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-23765",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-930",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-23764",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-929",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-23763",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-928",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-23579",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-924",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-23574",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-919",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-23573",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-918",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-23575",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-920",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2024-32986",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-944"
},
{
"db": "ZDI",
"id": "ZDI-24-943"
},
{
"db": "ZDI",
"id": "ZDI-24-940"
},
{
"db": "ZDI",
"id": "ZDI-24-937"
},
{
"db": "ZDI",
"id": "ZDI-24-936"
},
{
"db": "ZDI",
"id": "ZDI-24-935"
},
{
"db": "ZDI",
"id": "ZDI-24-939"
},
{
"db": "ZDI",
"id": "ZDI-24-938"
},
{
"db": "ZDI",
"id": "ZDI-24-934"
},
{
"db": "ZDI",
"id": "ZDI-24-933"
},
{
"db": "ZDI",
"id": "ZDI-24-930"
},
{
"db": "ZDI",
"id": "ZDI-24-929"
},
{
"db": "ZDI",
"id": "ZDI-24-928"
},
{
"db": "ZDI",
"id": "ZDI-24-924"
},
{
"db": "ZDI",
"id": "ZDI-24-919"
},
{
"db": "ZDI",
"id": "ZDI-24-918"
},
{
"db": "ZDI",
"id": "ZDI-24-920"
},
{
"db": "CNVD",
"id": "CNVD-2024-32986"
},
{
"db": "NVD",
"id": "CVE-2024-39880"
}
]
},
"id": "VAR-202407-0233",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-32986"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-32986"
}
]
},
"last_update_date": "2025-12-22T23:55:32.693000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Delta Electronics has issued an update to correct this vulnerability.",
"trust": 11.9,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-01"
},
{
"title": "Patch for Delta Electronics CNCSoft-G2 Buffer Overflow Vulnerability (CNVD-2024-32986)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/571021"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-944"
},
{
"db": "ZDI",
"id": "ZDI-24-943"
},
{
"db": "ZDI",
"id": "ZDI-24-940"
},
{
"db": "ZDI",
"id": "ZDI-24-937"
},
{
"db": "ZDI",
"id": "ZDI-24-936"
},
{
"db": "ZDI",
"id": "ZDI-24-935"
},
{
"db": "ZDI",
"id": "ZDI-24-939"
},
{
"db": "ZDI",
"id": "ZDI-24-938"
},
{
"db": "ZDI",
"id": "ZDI-24-934"
},
{
"db": "ZDI",
"id": "ZDI-24-933"
},
{
"db": "ZDI",
"id": "ZDI-24-930"
},
{
"db": "ZDI",
"id": "ZDI-24-929"
},
{
"db": "ZDI",
"id": "ZDI-24-928"
},
{
"db": "ZDI",
"id": "ZDI-24-924"
},
{
"db": "ZDI",
"id": "ZDI-24-919"
},
{
"db": "ZDI",
"id": "ZDI-24-918"
},
{
"db": "ZDI",
"id": "ZDI-24-920"
},
{
"db": "CNVD",
"id": "CNVD-2024-32986"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2024-39880"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 13.5,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-01"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-944"
},
{
"db": "ZDI",
"id": "ZDI-24-943"
},
{
"db": "ZDI",
"id": "ZDI-24-940"
},
{
"db": "ZDI",
"id": "ZDI-24-937"
},
{
"db": "ZDI",
"id": "ZDI-24-936"
},
{
"db": "ZDI",
"id": "ZDI-24-935"
},
{
"db": "ZDI",
"id": "ZDI-24-939"
},
{
"db": "ZDI",
"id": "ZDI-24-938"
},
{
"db": "ZDI",
"id": "ZDI-24-934"
},
{
"db": "ZDI",
"id": "ZDI-24-933"
},
{
"db": "ZDI",
"id": "ZDI-24-930"
},
{
"db": "ZDI",
"id": "ZDI-24-929"
},
{
"db": "ZDI",
"id": "ZDI-24-928"
},
{
"db": "ZDI",
"id": "ZDI-24-924"
},
{
"db": "ZDI",
"id": "ZDI-24-919"
},
{
"db": "ZDI",
"id": "ZDI-24-918"
},
{
"db": "ZDI",
"id": "ZDI-24-920"
},
{
"db": "CNVD",
"id": "CNVD-2024-32986"
},
{
"db": "NVD",
"id": "CVE-2024-39880"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-24-944"
},
{
"db": "ZDI",
"id": "ZDI-24-943"
},
{
"db": "ZDI",
"id": "ZDI-24-940"
},
{
"db": "ZDI",
"id": "ZDI-24-937"
},
{
"db": "ZDI",
"id": "ZDI-24-936"
},
{
"db": "ZDI",
"id": "ZDI-24-935"
},
{
"db": "ZDI",
"id": "ZDI-24-939"
},
{
"db": "ZDI",
"id": "ZDI-24-938"
},
{
"db": "ZDI",
"id": "ZDI-24-934"
},
{
"db": "ZDI",
"id": "ZDI-24-933"
},
{
"db": "ZDI",
"id": "ZDI-24-930"
},
{
"db": "ZDI",
"id": "ZDI-24-929"
},
{
"db": "ZDI",
"id": "ZDI-24-928"
},
{
"db": "ZDI",
"id": "ZDI-24-924"
},
{
"db": "ZDI",
"id": "ZDI-24-919"
},
{
"db": "ZDI",
"id": "ZDI-24-918"
},
{
"db": "ZDI",
"id": "ZDI-24-920"
},
{
"db": "CNVD",
"id": "CNVD-2024-32986"
},
{
"db": "NVD",
"id": "CVE-2024-39880"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-07-22T00:00:00",
"db": "ZDI",
"id": "ZDI-24-944"
},
{
"date": "2024-07-22T00:00:00",
"db": "ZDI",
"id": "ZDI-24-943"
},
{
"date": "2024-07-22T00:00:00",
"db": "ZDI",
"id": "ZDI-24-940"
},
{
"date": "2024-07-22T00:00:00",
"db": "ZDI",
"id": "ZDI-24-937"
},
{
"date": "2024-07-22T00:00:00",
"db": "ZDI",
"id": "ZDI-24-936"
},
{
"date": "2024-07-22T00:00:00",
"db": "ZDI",
"id": "ZDI-24-935"
},
{
"date": "2024-07-22T00:00:00",
"db": "ZDI",
"id": "ZDI-24-939"
},
{
"date": "2024-07-22T00:00:00",
"db": "ZDI",
"id": "ZDI-24-938"
},
{
"date": "2024-07-22T00:00:00",
"db": "ZDI",
"id": "ZDI-24-934"
},
{
"date": "2024-07-22T00:00:00",
"db": "ZDI",
"id": "ZDI-24-933"
},
{
"date": "2024-07-22T00:00:00",
"db": "ZDI",
"id": "ZDI-24-930"
},
{
"date": "2024-07-22T00:00:00",
"db": "ZDI",
"id": "ZDI-24-929"
},
{
"date": "2024-07-22T00:00:00",
"db": "ZDI",
"id": "ZDI-24-928"
},
{
"date": "2024-07-22T00:00:00",
"db": "ZDI",
"id": "ZDI-24-924"
},
{
"date": "2024-07-22T00:00:00",
"db": "ZDI",
"id": "ZDI-24-919"
},
{
"date": "2024-07-22T00:00:00",
"db": "ZDI",
"id": "ZDI-24-918"
},
{
"date": "2024-07-22T00:00:00",
"db": "ZDI",
"id": "ZDI-24-920"
},
{
"date": "2024-07-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-32986"
},
{
"date": "2024-07-09T22:15:02.740000",
"db": "NVD",
"id": "CVE-2024-39880"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-08-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-944"
},
{
"date": "2024-08-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-943"
},
{
"date": "2024-08-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-940"
},
{
"date": "2024-08-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-937"
},
{
"date": "2024-08-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-936"
},
{
"date": "2024-08-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-935"
},
{
"date": "2024-08-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-939"
},
{
"date": "2024-08-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-938"
},
{
"date": "2024-08-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-934"
},
{
"date": "2024-08-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-933"
},
{
"date": "2024-08-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-930"
},
{
"date": "2024-08-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-929"
},
{
"date": "2024-08-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-928"
},
{
"date": "2024-08-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-924"
},
{
"date": "2024-08-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-919"
},
{
"date": "2024-08-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-918"
},
{
"date": "2024-08-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-920"
},
{
"date": "2024-07-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-32986"
},
{
"date": "2024-08-29T17:38:18.727000",
"db": "NVD",
"id": "CVE-2024-39880"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-944"
},
{
"db": "ZDI",
"id": "ZDI-24-943"
},
{
"db": "ZDI",
"id": "ZDI-24-940"
},
{
"db": "ZDI",
"id": "ZDI-24-937"
},
{
"db": "ZDI",
"id": "ZDI-24-936"
},
{
"db": "ZDI",
"id": "ZDI-24-935"
},
{
"db": "ZDI",
"id": "ZDI-24-939"
},
{
"db": "ZDI",
"id": "ZDI-24-938"
},
{
"db": "ZDI",
"id": "ZDI-24-934"
},
{
"db": "ZDI",
"id": "ZDI-24-933"
},
{
"db": "ZDI",
"id": "ZDI-24-930"
},
{
"db": "ZDI",
"id": "ZDI-24-929"
},
{
"db": "ZDI",
"id": "ZDI-24-928"
}
],
"trust": 9.1
}
}
VAR-202509-3232
Vulnerability from variot - Updated: 2025-11-19 23:24Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of cncsoft-g2 Exists in a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DPAX files in the DOPSoft component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer.
Delta Electronics CNCSoft-G2 suffers from a stack buffer overflow vulnerability due to improper memory buffer manipulation restrictions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202509-3232",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cncsoft-g2",
"scope": null,
"trust": 1.5,
"vendor": "delta",
"version": null
},
{
"model": "cncsoft-g2",
"scope": "lt",
"trust": 1.0,
"vendor": "deltaww",
"version": "2.1.0.34"
},
{
"model": "cncsoft-g2",
"scope": "eq",
"trust": 0.8,
"vendor": "delta",
"version": null
},
{
"model": "cncsoft-g2",
"scope": "eq",
"trust": 0.8,
"vendor": "delta",
"version": "2.1.0.34"
},
{
"model": "electronics cncsoft-g2",
"scope": "lte",
"trust": 0.6,
"vendor": "delta",
"version": "\u003c=2.1.0.27"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-967"
},
{
"db": "CNVD",
"id": "CNVD-2025-22945"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-014780"
},
{
"db": "NVD",
"id": "CVE-2025-58319"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Natnael Samson (@NattiSamson)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-967"
}
],
"trust": 0.7
},
"cve": "CVE-2025-58319",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2025-22945",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2025-58319",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2025-014780",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2025-58319",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"id": "CVE-2025-58319",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2025-014780",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2025-58319",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-22945",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-967"
},
{
"db": "CNVD",
"id": "CNVD-2025-22945"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-014780"
},
{
"db": "NVD",
"id": "CVE-2025-58319"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta Electronics CNCSoft-G2\u00a0lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of cncsoft-g2 Exists in a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DPAX files in the DOPSoft component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. \n\nDelta Electronics CNCSoft-G2 suffers from a stack buffer overflow vulnerability due to improper memory buffer manipulation restrictions",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-58319"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-014780"
},
{
"db": "ZDI",
"id": "ZDI-25-967"
},
{
"db": "CNVD",
"id": "CNVD-2025-22945"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-58319",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2025-014780",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-25407",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-25-967",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-22945",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-967"
},
{
"db": "CNVD",
"id": "CNVD-2025-22945"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-014780"
},
{
"db": "NVD",
"id": "CVE-2025-58319"
}
]
},
"id": "VAR-202509-3232",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-22945"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-22945"
}
]
},
"last_update_date": "2025-11-19T23:24:22.946000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Delta Electronics has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00017_CNCSoft-G2_File%20Parsing%20Stack-based%20Buffer%20Overflow%20Vulnerability.pdf"
},
{
"title": "Patch for Delta Electronics CNCSoft-G2 Stack Buffer Overflow Vulnerability (CNVD-2025-22945)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/738696"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-967"
},
{
"db": "CNVD",
"id": "CNVD-2025-22945"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-014780"
},
{
"db": "NVD",
"id": "CVE-2025-58319"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://filecenter.deltaww.com/news/download/doc/delta-pcsa-2025-00017_cncsoft-g2_file%20parsing%20stack-based%20buffer%20overflow%20vulnerability.pdf"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-58319"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-967"
},
{
"db": "CNVD",
"id": "CNVD-2025-22945"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-014780"
},
{
"db": "NVD",
"id": "CVE-2025-58319"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-25-967"
},
{
"db": "CNVD",
"id": "CNVD-2025-22945"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-014780"
},
{
"db": "NVD",
"id": "CVE-2025-58319"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-10-27T00:00:00",
"db": "ZDI",
"id": "ZDI-25-967"
},
{
"date": "2025-09-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-22945"
},
{
"date": "2025-09-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-014780"
},
{
"date": "2025-09-24T07:15:40.940000",
"db": "NVD",
"id": "CVE-2025-58319"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-10-27T00:00:00",
"db": "ZDI",
"id": "ZDI-25-967"
},
{
"date": "2025-09-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-22945"
},
{
"date": "2025-09-30T09:01:00",
"db": "JVNDB",
"id": "JVNDB-2025-014780"
},
{
"date": "2025-09-25T18:19:38.530000",
"db": "NVD",
"id": "CVE-2025-58319"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta\u00a0Electronics,\u00a0INC.\u00a0 of \u00a0cncsoft-g2\u00a0 Stack-based buffer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-014780"
}
],
"trust": 0.8
}
}
VAR-202506-0683
Vulnerability from variot - Updated: 2025-11-19 23:02Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of cncsoft-g2 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2.
Delta Electronics CNCSoft-G2 V2.1.0.20 and earlier versions have a buffer overflow vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202506-0683",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cncsoft-g2",
"scope": null,
"trust": 2.2,
"vendor": "delta",
"version": null
},
{
"model": "cncsoft-g2",
"scope": "lt",
"trust": 1.0,
"vendor": "deltaww",
"version": "2.1.0.27"
},
{
"model": "cncsoft-g2",
"scope": "eq",
"trust": 0.8,
"vendor": "delta",
"version": null
},
{
"model": "cncsoft-g2",
"scope": "eq",
"trust": 0.8,
"vendor": "delta",
"version": "2.1.0.27"
},
{
"model": "electronics cncsoft-g2",
"scope": "lte",
"trust": 0.6,
"vendor": "delta",
"version": "\u003c=v2.1.0.20"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-411"
},
{
"db": "ZDI",
"id": "ZDI-25-985"
},
{
"db": "CNVD",
"id": "CNVD-2025-12362"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008952"
},
{
"db": "NVD",
"id": "CVE-2025-47728"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Natnael Samson (@NattiSamson)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-411"
},
{
"db": "ZDI",
"id": "ZDI-25-985"
}
],
"trust": 1.4
},
"cve": "CVE-2025-47728",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.1,
"id": "CNVD-2025-12362",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2025-47728",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.4,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.3,
"id": "CVE-2025-47728",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2025-47728",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2025-47728",
"trust": 1.4,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2025-47728",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"id": "CVE-2025-47728",
"trust": 1.0,
"value": "High"
},
{
"author": "NVD",
"id": "CVE-2025-47728",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-12362",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-411"
},
{
"db": "ZDI",
"id": "ZDI-25-985"
},
{
"db": "CNVD",
"id": "CNVD-2025-12362"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008952"
},
{
"db": "NVD",
"id": "CVE-2025-47728"
},
{
"db": "NVD",
"id": "CVE-2025-47728"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta Electronics CNCSoft-G2\u00a0lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of cncsoft-g2 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. \n\nDelta Electronics CNCSoft-G2 V2.1.0.20 and earlier versions have a buffer overflow vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-47728"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008952"
},
{
"db": "ZDI",
"id": "ZDI-25-411"
},
{
"db": "ZDI",
"id": "ZDI-25-985"
},
{
"db": "CNVD",
"id": "CNVD-2025-12362"
}
],
"trust": 3.42
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-47728",
"trust": 4.6
},
{
"db": "JVN",
"id": "JVNVU95080112",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-25-240-04",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008952",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-26167",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-25-411",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-27323",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-25-985",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-12362",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-411"
},
{
"db": "ZDI",
"id": "ZDI-25-985"
},
{
"db": "CNVD",
"id": "CNVD-2025-12362"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008952"
},
{
"db": "NVD",
"id": "CVE-2025-47728"
}
]
},
"id": "VAR-202506-0683",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12362"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12362"
}
]
},
"last_update_date": "2025-11-19T23:02:39.200000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Delta Electronics has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00007_CNCSoft-G2%20-%20File%20Parsing%20Memory%20Corruption.pdf"
},
{
"title": "Delta Electronics has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-240-04"
},
{
"title": "Patch for Delta Electronics CNCSoft-G2 Buffer Overflow Vulnerability (CNVD-2025-12362)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/697051"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-411"
},
{
"db": "ZDI",
"id": "ZDI-25-985"
},
{
"db": "CNVD",
"id": "CNVD-2025-12362"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-008952"
},
{
"db": "NVD",
"id": "CVE-2025-47728"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://filecenter.deltaww.com/news/download/doc/delta-pcsa-2025-00007_cncsoft-g2%20-%20file%20parsing%20memory%20corruption.pdf"
},
{
"trust": 1.5,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-240-04"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-47728"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95080112/index.html"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-411"
},
{
"db": "ZDI",
"id": "ZDI-25-985"
},
{
"db": "CNVD",
"id": "CNVD-2025-12362"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008952"
},
{
"db": "NVD",
"id": "CVE-2025-47728"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-25-411"
},
{
"db": "ZDI",
"id": "ZDI-25-985"
},
{
"db": "CNVD",
"id": "CNVD-2025-12362"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008952"
},
{
"db": "NVD",
"id": "CVE-2025-47728"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-19T00:00:00",
"db": "ZDI",
"id": "ZDI-25-411"
},
{
"date": "2025-11-10T00:00:00",
"db": "ZDI",
"id": "ZDI-25-985"
},
{
"date": "2025-06-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-12362"
},
{
"date": "2025-07-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-008952"
},
{
"date": "2025-06-04T08:15:22.453000",
"db": "NVD",
"id": "CVE-2025-47728"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-19T00:00:00",
"db": "ZDI",
"id": "ZDI-25-411"
},
{
"date": "2025-11-10T00:00:00",
"db": "ZDI",
"id": "ZDI-25-985"
},
{
"date": "2025-06-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-12362"
},
{
"date": "2025-09-01T06:45:00",
"db": "JVNDB",
"id": "JVNDB-2025-008952"
},
{
"date": "2025-07-11T17:52:28.613000",
"db": "NVD",
"id": "CVE-2025-47728"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta\u00a0Electronics,\u00a0INC.\u00a0 of \u00a0cncsoft-g2\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-008952"
}
],
"trust": 0.8
}
}
VAR-202509-3422
Vulnerability from variot - Updated: 2025-10-10 23:43Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of cncsoft-g2 Exists in a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state.
Delta Electronics CNCSoft-G2 suffers from a stack buffer overflow vulnerability due to improper memory buffer manipulation restrictions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202509-3422",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cncsoft-g2",
"scope": "lt",
"trust": 1.0,
"vendor": "deltaww",
"version": "2.1.0.34"
},
{
"model": "cncsoft-g2",
"scope": null,
"trust": 0.8,
"vendor": "delta",
"version": null
},
{
"model": "cncsoft-g2",
"scope": "eq",
"trust": 0.8,
"vendor": "delta",
"version": null
},
{
"model": "cncsoft-g2",
"scope": "eq",
"trust": 0.8,
"vendor": "delta",
"version": "2.1.0.34"
},
{
"model": "electronics cncsoft-g2",
"scope": "lte",
"trust": 0.6,
"vendor": "delta",
"version": "\u003c=2.1.0.27"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-22946"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-015155"
},
{
"db": "NVD",
"id": "CVE-2025-58317"
}
]
},
"cve": "CVE-2025-58317",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2025-22946",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2025-58317",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2025-015155",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"id": "CVE-2025-58317",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2025-015155",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-22946",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-22946"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-015155"
},
{
"db": "NVD",
"id": "CVE-2025-58317"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta Electronics CNCSoft-G2\u00a0lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of cncsoft-g2 Exists in a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. \n\nDelta Electronics CNCSoft-G2 suffers from a stack buffer overflow vulnerability due to improper memory buffer manipulation restrictions",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-58317"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-015155"
},
{
"db": "CNVD",
"id": "CNVD-2025-22946"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-58317",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2025-015155",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-22946",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-22946"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-015155"
},
{
"db": "NVD",
"id": "CVE-2025-58317"
}
]
},
"id": "VAR-202509-3422",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-22946"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-22946"
}
]
},
"last_update_date": "2025-10-10T23:43:17.121000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Delta Electronics CNCSoft-G2 Stack Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/738701"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-22946"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-015155"
},
{
"db": "NVD",
"id": "CVE-2025-58317"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://filecenter.deltaww.com/news/download/doc/delta-pcsa-2025-00017_cncsoft-g2_file%20parsing%20stack-based%20buffer%20overflow%20vulnerability.pdf"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-58317"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-22946"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-015155"
},
{
"db": "NVD",
"id": "CVE-2025-58317"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-22946"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-015155"
},
{
"db": "NVD",
"id": "CVE-2025-58317"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-09-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-22946"
},
{
"date": "2025-10-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-015155"
},
{
"date": "2025-09-24T07:15:40.597000",
"db": "NVD",
"id": "CVE-2025-58317"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-09-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-22946"
},
{
"date": "2025-10-06T08:44:00",
"db": "JVNDB",
"id": "JVNDB-2025-015155"
},
{
"date": "2025-09-25T18:19:30.327000",
"db": "NVD",
"id": "CVE-2025-58317"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta\u00a0Electronics,\u00a0INC.\u00a0 of \u00a0cncsoft-g2\u00a0 Stack-based buffer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-015155"
}
],
"trust": 0.8
}
}
VAR-202502-0854
Vulnerability from variot - Updated: 2025-07-16 22:58Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of cncsoft-g2 Exists in a heap-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202502-0854",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cncsoft-g2",
"scope": null,
"trust": 1.5,
"vendor": "delta",
"version": null
},
{
"model": "cncsoft-g2",
"scope": "lt",
"trust": 1.0,
"vendor": "deltaww",
"version": "2.1.0.20"
},
{
"model": "cncsoft-g2",
"scope": "eq",
"trust": 0.8,
"vendor": "delta",
"version": "2.1.0.20"
},
{
"model": "cncsoft-g2",
"scope": "eq",
"trust": 0.8,
"vendor": "delta",
"version": null
},
{
"model": "electronics cncsoft-g2",
"scope": "lt",
"trust": 0.6,
"vendor": "delta",
"version": "v2.1.0.20"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-098"
},
{
"db": "CNVD",
"id": "CNVD-2025-06657"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008836"
},
{
"db": "NVD",
"id": "CVE-2025-22880"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Bobby Gould of Trend Micro Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-098"
}
],
"trust": 0.7
},
"cve": "CVE-2025-22880",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2025-06657",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2025-22880",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2025-008836",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2025-22880",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"id": "CVE-2025-22880",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2025-008836",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2025-22880",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-06657",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-098"
},
{
"db": "CNVD",
"id": "CNVD-2025-06657"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008836"
},
{
"db": "NVD",
"id": "CVE-2025-22880"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of cncsoft-g2 Exists in a heap-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-22880"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008836"
},
{
"db": "ZDI",
"id": "ZDI-25-098"
},
{
"db": "CNVD",
"id": "CNVD-2025-06657"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-22880",
"trust": 3.9
},
{
"db": "ICS CERT",
"id": "ICSA-24-191-01",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU94497573",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008836",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-25300",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-25-098",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-06657",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-098"
},
{
"db": "CNVD",
"id": "CNVD-2025-06657"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008836"
},
{
"db": "NVD",
"id": "CVE-2025-22880"
}
]
},
"id": "VAR-202502-0854",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-06657"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-06657"
}
]
},
"last_update_date": "2025-07-16T22:58:59.324000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Delta Electronics has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-01"
},
{
"title": "Patch for Delta Electronics CNCSoft-G2 Buffer Overflow Vulnerability (CNVD-2025-06657)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/676736"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-098"
},
{
"db": "CNVD",
"id": "CNVD-2025-06657"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-122",
"trust": 1.0
},
{
"problemtype": "Heap-based buffer overflow (CWE-122) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-008836"
},
{
"db": "NVD",
"id": "CVE-2025-22880"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://filecenter.deltaww.com/news/download/doc/delta-pcsa-2025-00002_cncsoft-g2%20-%20heap-based%20buffer%20overflow_v1.pdf"
},
{
"trust": 1.5,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-01"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94497573/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-22880"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-098"
},
{
"db": "CNVD",
"id": "CNVD-2025-06657"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008836"
},
{
"db": "NVD",
"id": "CVE-2025-22880"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-25-098"
},
{
"db": "CNVD",
"id": "CNVD-2025-06657"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008836"
},
{
"db": "NVD",
"id": "CVE-2025-22880"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-02-25T00:00:00",
"db": "ZDI",
"id": "ZDI-25-098"
},
{
"date": "2025-04-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-06657"
},
{
"date": "2025-07-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-008836"
},
{
"date": "2025-02-07T08:15:28.737000",
"db": "NVD",
"id": "CVE-2025-22880"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-02-25T00:00:00",
"db": "ZDI",
"id": "ZDI-25-098"
},
{
"date": "2025-04-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-06657"
},
{
"date": "2025-07-15T01:16:00",
"db": "JVNDB",
"id": "JVNDB-2025-008836"
},
{
"date": "2025-07-11T17:49:00.267000",
"db": "NVD",
"id": "CVE-2025-22880"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta\u00a0Electronics,\u00a0INC.\u00a0 of \u00a0cncsoft-g2\u00a0 Heap-based buffer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-008836"
}
],
"trust": 0.8
}
}
VAR-202502-2329
Vulnerability from variot - Updated: 2025-07-12 23:14Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics CNCSoft-G2 is a human-machine interface (HMI) software from Delta Electronics, a Chinese company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202502-2329",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cncsoft-g2",
"scope": "lt",
"trust": 1.0,
"vendor": "deltaww",
"version": "2.1.0.20"
},
{
"model": "electronics cncsoft-g2",
"scope": null,
"trust": 0.6,
"vendor": "delta",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12364"
},
{
"db": "NVD",
"id": "CVE-2025-22881"
}
]
},
"cve": "CVE-2025-22881",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2025-12364",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2025-22881",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2025-22881",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"id": "CVE-2025-22881",
"trust": 1.0,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-12364",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12364"
},
{
"db": "NVD",
"id": "CVE-2025-22881"
},
{
"db": "NVD",
"id": "CVE-2025-22881"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics CNCSoft-G2 is a human-machine interface (HMI) software from Delta Electronics, a Chinese company",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-22881"
},
{
"db": "CNVD",
"id": "CNVD-2025-12364"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-22881",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2025-12364",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12364"
},
{
"db": "NVD",
"id": "CVE-2025-22881"
}
]
},
"id": "VAR-202502-2329",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12364"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12364"
}
]
},
"last_update_date": "2025-07-12T23:14:25.942000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Delta Electronics CNCSoft-G2 Buffer Overflow Vulnerability (CNVD-2025-12364)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/697096"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12364"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-122",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-22881"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://filecenter.deltaww.com/news/download/doc/delta-pcsa-2025-00003_cncsoft-g2%20-%20heap-based%20buffer%20overflow_v1.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12364"
},
{
"db": "NVD",
"id": "CVE-2025-22881"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-12364"
},
{
"db": "NVD",
"id": "CVE-2025-22881"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-12364"
},
{
"date": "2025-02-26T08:14:25.137000",
"db": "NVD",
"id": "CVE-2025-22881"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-12364"
},
{
"date": "2025-07-11T17:49:26.300000",
"db": "NVD",
"id": "CVE-2025-22881"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta Electronics CNCSoft-G2 Buffer Overflow Vulnerability (CNVD-2025-12364)",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12364"
}
],
"trust": 0.6
}
}
VAR-202407-0235
Vulnerability from variot - Updated: 2025-02-27 02:48Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics Provided by CNCSoft-G2 The following multiple vulnerabilities exist in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. Delta Electronics CNCSoft-G2 is a human-machine interface (HMI) software from Delta Electronics, a Chinese company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202407-0235",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cncsoft-g2",
"scope": null,
"trust": 2.2,
"vendor": "delta",
"version": null
},
{
"model": "cncsoft-g2",
"scope": "eq",
"trust": 1.0,
"vendor": "deltaww",
"version": "2.0.0.5"
},
{
"model": "cncsoft-g2",
"scope": "eq",
"trust": 0.8,
"vendor": "delta",
"version": "2.0.0.5"
},
{
"model": "cncsoft-g2",
"scope": "eq",
"trust": 0.8,
"vendor": "delta",
"version": null
},
{
"model": "electronics cncsoft-g2",
"scope": "eq",
"trust": 0.6,
"vendor": "delta",
"version": "2.0.0.5"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-948"
},
{
"db": "ZDI",
"id": "ZDI-24-942"
},
{
"db": "CNVD",
"id": "CNVD-2024-32989"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-006906"
},
{
"db": "NVD",
"id": "CVE-2024-39882"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Bobby Gould and Fritz Sands of Trend Micro Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-948"
},
{
"db": "ZDI",
"id": "ZDI-24-942"
}
],
"trust": 1.4
},
"cve": "CVE-2024-39882",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2024-32989",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-39882",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.4,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2024-39882",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2024-39882",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2024-39882",
"trust": 1.4,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2024-39882",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2024-39882",
"trust": 1.0,
"value": "High"
},
{
"author": "NVD",
"id": "CVE-2024-39882",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2024-32989",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-948"
},
{
"db": "ZDI",
"id": "ZDI-24-942"
},
{
"db": "CNVD",
"id": "CNVD-2024-32989"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-006906"
},
{
"db": "NVD",
"id": "CVE-2024-39882"
},
{
"db": "NVD",
"id": "CVE-2024-39882"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. Delta Electronics Provided by CNCSoft-G2 The following multiple vulnerabilities exist in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. Delta Electronics CNCSoft-G2 is a human-machine interface (HMI) software from Delta Electronics, a Chinese company",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-39882"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-006906"
},
{
"db": "ZDI",
"id": "ZDI-24-948"
},
{
"db": "ZDI",
"id": "ZDI-24-942"
},
{
"db": "CNVD",
"id": "CNVD-2024-32989"
}
],
"trust": 3.42
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-39882",
"trust": 4.6
},
{
"db": "ICS CERT",
"id": "ICSA-24-191-01",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU94497573",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-006906",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-23920",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-948",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-23914",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-942",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2024-32989",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-948"
},
{
"db": "ZDI",
"id": "ZDI-24-942"
},
{
"db": "CNVD",
"id": "CNVD-2024-32989"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-006906"
},
{
"db": "NVD",
"id": "CVE-2024-39882"
}
]
},
"id": "VAR-202407-0235",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-32989"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-32989"
}
]
},
"last_update_date": "2025-02-27T02:48:09.881000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Delta Electronics has issued an update to correct this vulnerability.",
"trust": 1.4,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-01"
},
{
"title": "Patch for Delta Electronics CNCSoft-G2 Out-of-Bounds Read Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/571006"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-948"
},
{
"db": "ZDI",
"id": "ZDI-24-942"
},
{
"db": "CNVD",
"id": "CNVD-2024-32989"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds read (CWE-125) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-006906"
},
{
"db": "NVD",
"id": "CVE-2024-39882"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-01"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94497573/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-39882"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-948"
},
{
"db": "ZDI",
"id": "ZDI-24-942"
},
{
"db": "CNVD",
"id": "CNVD-2024-32989"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-006906"
},
{
"db": "NVD",
"id": "CVE-2024-39882"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-24-948"
},
{
"db": "ZDI",
"id": "ZDI-24-942"
},
{
"db": "CNVD",
"id": "CNVD-2024-32989"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-006906"
},
{
"db": "NVD",
"id": "CVE-2024-39882"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-07-22T00:00:00",
"db": "ZDI",
"id": "ZDI-24-948"
},
{
"date": "2024-07-22T00:00:00",
"db": "ZDI",
"id": "ZDI-24-942"
},
{
"date": "2024-07-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-32989"
},
{
"date": "2024-08-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-006906"
},
{
"date": "2024-07-09T22:15:03.013000",
"db": "NVD",
"id": "CVE-2024-39882"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-08-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-948"
},
{
"date": "2024-08-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-942"
},
{
"date": "2024-07-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-32989"
},
{
"date": "2025-02-25T07:02:00",
"db": "JVNDB",
"id": "JVNDB-2024-006906"
},
{
"date": "2024-08-29T17:34:50.673000",
"db": "NVD",
"id": "CVE-2024-39882"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-948"
},
{
"db": "ZDI",
"id": "ZDI-24-942"
}
],
"trust": 1.4
}
}
VAR-202410-0262
Vulnerability from variot - Updated: 2024-12-13 23:05Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of cncsoft-g2 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202410-0262",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cncsoft-g2",
"scope": null,
"trust": 2.2,
"vendor": "delta",
"version": null
},
{
"model": "cncsoft-g2",
"scope": "eq",
"trust": 1.0,
"vendor": "deltaww",
"version": "2.1.0.10"
},
{
"model": "cncsoft-g2",
"scope": "eq",
"trust": 0.8,
"vendor": "delta",
"version": null
},
{
"model": "cncsoft-g2",
"scope": "eq",
"trust": 0.8,
"vendor": "delta",
"version": "2.1.0.10"
},
{
"model": "electronics cncsoft-g2",
"scope": "eq",
"trust": 0.6,
"vendor": "delta",
"version": "2.1.0.10"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1399"
},
{
"db": "ZDI",
"id": "ZDI-24-1656"
},
{
"db": "CNVD",
"id": "CNVD-2024-40829"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010605"
},
{
"db": "NVD",
"id": "CVE-2024-47964"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Bobby Gould and Fritz Sands of Trend Micro Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1399"
}
],
"trust": 0.7
},
"cve": "CVE-2024-47964",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2024-40829",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-47964",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.4,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-47964",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2024-47964",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2024-47964",
"trust": 1.4,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2024-47964",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2024-47964",
"trust": 1.0,
"value": "High"
},
{
"author": "NVD",
"id": "CVE-2024-47964",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2024-40829",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1399"
},
{
"db": "ZDI",
"id": "ZDI-24-1656"
},
{
"db": "CNVD",
"id": "CNVD-2024-40829"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010605"
},
{
"db": "NVD",
"id": "CVE-2024-47964"
},
{
"db": "NVD",
"id": "CVE-2024-47964"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of cncsoft-g2 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-47964"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010605"
},
{
"db": "ZDI",
"id": "ZDI-24-1399"
},
{
"db": "ZDI",
"id": "ZDI-24-1656"
},
{
"db": "CNVD",
"id": "CNVD-2024-40829"
}
],
"trust": 3.42
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-47964",
"trust": 4.6
},
{
"db": "ICS CERT",
"id": "ICSA-24-284-21",
"trust": 1.8
},
{
"db": "JVN",
"id": "JVNVU90166601",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010605",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-25037",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-1399",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-25292",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-1656",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2024-40829",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1399"
},
{
"db": "ZDI",
"id": "ZDI-24-1656"
},
{
"db": "CNVD",
"id": "CNVD-2024-40829"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010605"
},
{
"db": "NVD",
"id": "CVE-2024-47964"
}
]
},
"id": "VAR-202410-0262",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-40829"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-40829"
}
]
},
"last_update_date": "2024-12-13T23:05:13.078000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Delta Electronics has issued an update to correct this vulnerability.",
"trust": 1.4,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-284-21"
},
{
"title": "Patch for Delta Electronics CNCSoft-G2 Buffer Overflow Vulnerability (CNVD-2024-40829)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/599661"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1399"
},
{
"db": "ZDI",
"id": "ZDI-24-1656"
},
{
"db": "CNVD",
"id": "CNVD-2024-40829"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-122",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Heap-based buffer overflow (CWE-122) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010605"
},
{
"db": "NVD",
"id": "CVE-2024-47964"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-284-21"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90166601/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-47964"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2024-47964/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1399"
},
{
"db": "ZDI",
"id": "ZDI-24-1656"
},
{
"db": "CNVD",
"id": "CNVD-2024-40829"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010605"
},
{
"db": "NVD",
"id": "CVE-2024-47964"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-24-1399"
},
{
"db": "ZDI",
"id": "ZDI-24-1656"
},
{
"db": "CNVD",
"id": "CNVD-2024-40829"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010605"
},
{
"db": "NVD",
"id": "CVE-2024-47964"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1399"
},
{
"date": "2024-12-11T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1656"
},
{
"date": "2024-10-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-40829"
},
{
"date": "2024-10-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-010605"
},
{
"date": "2024-10-10T18:15:08.470000",
"db": "NVD",
"id": "CVE-2024-47964"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1399"
},
{
"date": "2024-12-11T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1656"
},
{
"date": "2024-10-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-40829"
},
{
"date": "2024-10-18T08:50:00",
"db": "JVNDB",
"id": "JVNDB-2024-010605"
},
{
"date": "2024-10-17T14:37:25.183000",
"db": "NVD",
"id": "CVE-2024-47964"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta Electronics CNCSoft-G2 DPAX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1399"
},
{
"db": "ZDI",
"id": "ZDI-24-1656"
}
],
"trust": 1.4
}
}
VAR-202410-0261
Vulnerability from variot - Updated: 2024-10-24 22:50Delta Electronics CNCSoft-G2 lacks proper initialization of memory prior to accessing it. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of cncsoft-g2 Exists in the use of uninitialized resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202410-0261",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cncsoft-g2",
"scope": null,
"trust": 1.5,
"vendor": "delta",
"version": null
},
{
"model": "cncsoft-g2",
"scope": "eq",
"trust": 1.0,
"vendor": "deltaww",
"version": "2.1.0.10"
},
{
"model": "cncsoft-g2",
"scope": "eq",
"trust": 0.8,
"vendor": "delta",
"version": null
},
{
"model": "cncsoft-g2",
"scope": "eq",
"trust": 0.8,
"vendor": "delta",
"version": "2.1.0.10"
},
{
"model": "electronics cncsoft-g2",
"scope": "eq",
"trust": 0.6,
"vendor": "delta",
"version": "2.1.0.10"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1411"
},
{
"db": "CNVD",
"id": "CNVD-2024-40828"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010632"
},
{
"db": "NVD",
"id": "CVE-2024-47966"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Bobby Gould and Fritz Sands of Trend Micro Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1411"
}
],
"trust": 0.7
},
"cve": "CVE-2024-47966",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2024-40828",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-47966",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2024-47966",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-47966",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-47966",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2024-47966",
"trust": 1.0,
"value": "High"
},
{
"author": "NVD",
"id": "CVE-2024-47966",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2024-47966",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2024-40828",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1411"
},
{
"db": "CNVD",
"id": "CNVD-2024-40828"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010632"
},
{
"db": "NVD",
"id": "CVE-2024-47966"
},
{
"db": "NVD",
"id": "CVE-2024-47966"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta Electronics CNCSoft-G2 lacks proper initialization of memory prior to accessing it. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of cncsoft-g2 Exists in the use of uninitialized resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-47966"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010632"
},
{
"db": "ZDI",
"id": "ZDI-24-1411"
},
{
"db": "CNVD",
"id": "CNVD-2024-40828"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-47966",
"trust": 3.9
},
{
"db": "ICS CERT",
"id": "ICSA-24-284-21",
"trust": 1.8
},
{
"db": "JVN",
"id": "JVNVU90166601",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010632",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-24765",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-1411",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2024-40828",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1411"
},
{
"db": "CNVD",
"id": "CNVD-2024-40828"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010632"
},
{
"db": "NVD",
"id": "CVE-2024-47966"
}
]
},
"id": "VAR-202410-0261",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-40828"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-40828"
}
]
},
"last_update_date": "2024-10-24T22:50:44.898000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Delta Electronics has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-284-21"
},
{
"title": "Patch for Delta Electronics CNCSoft-G2 Uninitialized Variable Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/599666"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1411"
},
{
"db": "CNVD",
"id": "CNVD-2024-40828"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-908",
"trust": 1.0
},
{
"problemtype": "CWE-457",
"trust": 1.0
},
{
"problemtype": "Using uninitialized variables (CWE-457) [ others ]",
"trust": 0.8
},
{
"problemtype": " Use of uninitialized resources (CWE-908) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010632"
},
{
"db": "NVD",
"id": "CVE-2024-47966"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-284-21"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90166601/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-47966"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2024-47966/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1411"
},
{
"db": "CNVD",
"id": "CNVD-2024-40828"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010632"
},
{
"db": "NVD",
"id": "CVE-2024-47966"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-24-1411"
},
{
"db": "CNVD",
"id": "CNVD-2024-40828"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010632"
},
{
"db": "NVD",
"id": "CVE-2024-47966"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1411"
},
{
"date": "2024-10-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-40828"
},
{
"date": "2024-10-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-010632"
},
{
"date": "2024-10-10T18:15:08.710000",
"db": "NVD",
"id": "CVE-2024-47966"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1411"
},
{
"date": "2024-10-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-40828"
},
{
"date": "2024-10-18T09:04:00",
"db": "JVNDB",
"id": "JVNDB-2024-010632"
},
{
"date": "2024-10-17T14:36:15.057000",
"db": "NVD",
"id": "CVE-2024-47966"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta\u00a0Electronics,\u00a0INC.\u00a0 of \u00a0cncsoft-g2\u00a0 Vulnerability in using uninitialized resources in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010632"
}
],
"trust": 0.8
}
}
VAR-202410-0259
Vulnerability from variot - Updated: 2024-10-24 22:50Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of cncsoft-g2 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202410-0259",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cncsoft-g2",
"scope": null,
"trust": 8.5,
"vendor": "delta",
"version": null
},
{
"model": "cncsoft-g2",
"scope": "eq",
"trust": 1.0,
"vendor": "deltaww",
"version": "2.1.0.10"
},
{
"model": "cncsoft-g2",
"scope": "eq",
"trust": 0.8,
"vendor": "delta",
"version": null
},
{
"model": "cncsoft-g2",
"scope": "eq",
"trust": 0.8,
"vendor": "delta",
"version": "2.1.0.10"
},
{
"model": "electronics cncsoft-g2",
"scope": "eq",
"trust": 0.6,
"vendor": "delta",
"version": "2.1.0.10"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1409"
},
{
"db": "ZDI",
"id": "ZDI-24-1408"
},
{
"db": "ZDI",
"id": "ZDI-24-1403"
},
{
"db": "ZDI",
"id": "ZDI-24-1400"
},
{
"db": "ZDI",
"id": "ZDI-24-1394"
},
{
"db": "ZDI",
"id": "ZDI-24-1393"
},
{
"db": "ZDI",
"id": "ZDI-24-1392"
},
{
"db": "ZDI",
"id": "ZDI-24-1391"
},
{
"db": "ZDI",
"id": "ZDI-24-1386"
},
{
"db": "ZDI",
"id": "ZDI-24-1385"
},
{
"db": "ZDI",
"id": "ZDI-24-1384"
},
{
"db": "CNVD",
"id": "CNVD-2024-40830"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010833"
},
{
"db": "NVD",
"id": "CVE-2024-47963"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Bobby Gould and Fritz Sands of Trend Micro Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1400"
},
{
"db": "ZDI",
"id": "ZDI-24-1394"
},
{
"db": "ZDI",
"id": "ZDI-24-1393"
},
{
"db": "ZDI",
"id": "ZDI-24-1392"
},
{
"db": "ZDI",
"id": "ZDI-24-1391"
},
{
"db": "ZDI",
"id": "ZDI-24-1386"
},
{
"db": "ZDI",
"id": "ZDI-24-1385"
},
{
"db": "ZDI",
"id": "ZDI-24-1384"
}
],
"trust": 5.6
},
"cve": "CVE-2024-47963",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2024-40830",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-47963",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 7.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-47963",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2024-47963",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2024-47963",
"trust": 7.7,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2024-47963",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2024-47963",
"trust": 1.0,
"value": "High"
},
{
"author": "NVD",
"id": "CVE-2024-47963",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2024-40830",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1409"
},
{
"db": "ZDI",
"id": "ZDI-24-1408"
},
{
"db": "ZDI",
"id": "ZDI-24-1403"
},
{
"db": "ZDI",
"id": "ZDI-24-1400"
},
{
"db": "ZDI",
"id": "ZDI-24-1394"
},
{
"db": "ZDI",
"id": "ZDI-24-1393"
},
{
"db": "ZDI",
"id": "ZDI-24-1392"
},
{
"db": "ZDI",
"id": "ZDI-24-1391"
},
{
"db": "ZDI",
"id": "ZDI-24-1386"
},
{
"db": "ZDI",
"id": "ZDI-24-1385"
},
{
"db": "ZDI",
"id": "ZDI-24-1384"
},
{
"db": "CNVD",
"id": "CNVD-2024-40830"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010833"
},
{
"db": "NVD",
"id": "CVE-2024-47963"
},
{
"db": "NVD",
"id": "CVE-2024-47963"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of cncsoft-g2 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-47963"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010833"
},
{
"db": "ZDI",
"id": "ZDI-24-1409"
},
{
"db": "ZDI",
"id": "ZDI-24-1408"
},
{
"db": "ZDI",
"id": "ZDI-24-1403"
},
{
"db": "ZDI",
"id": "ZDI-24-1400"
},
{
"db": "ZDI",
"id": "ZDI-24-1394"
},
{
"db": "ZDI",
"id": "ZDI-24-1393"
},
{
"db": "ZDI",
"id": "ZDI-24-1392"
},
{
"db": "ZDI",
"id": "ZDI-24-1391"
},
{
"db": "ZDI",
"id": "ZDI-24-1386"
},
{
"db": "ZDI",
"id": "ZDI-24-1385"
},
{
"db": "ZDI",
"id": "ZDI-24-1384"
},
{
"db": "CNVD",
"id": "CNVD-2024-40830"
}
],
"trust": 9.09
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-47963",
"trust": 10.9
},
{
"db": "ICS CERT",
"id": "ICSA-24-284-21",
"trust": 1.8
},
{
"db": "JVN",
"id": "JVNVU90166601",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010833",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-24199",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-1409",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-24197",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-1408",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-25270",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-1403",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-25034",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-1400",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-24826",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-1394",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-24829",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-1393",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-24910",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-1392",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-24971",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-1391",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-24825",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-1386",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-24827",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-1385",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-24828",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-1384",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2024-40830",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1409"
},
{
"db": "ZDI",
"id": "ZDI-24-1408"
},
{
"db": "ZDI",
"id": "ZDI-24-1403"
},
{
"db": "ZDI",
"id": "ZDI-24-1400"
},
{
"db": "ZDI",
"id": "ZDI-24-1394"
},
{
"db": "ZDI",
"id": "ZDI-24-1393"
},
{
"db": "ZDI",
"id": "ZDI-24-1392"
},
{
"db": "ZDI",
"id": "ZDI-24-1391"
},
{
"db": "ZDI",
"id": "ZDI-24-1386"
},
{
"db": "ZDI",
"id": "ZDI-24-1385"
},
{
"db": "ZDI",
"id": "ZDI-24-1384"
},
{
"db": "CNVD",
"id": "CNVD-2024-40830"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010833"
},
{
"db": "NVD",
"id": "CVE-2024-47963"
}
]
},
"id": "VAR-202410-0259",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-40830"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-40830"
}
]
},
"last_update_date": "2024-10-24T22:50:44.828000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Delta Electronics has issued an update to correct this vulnerability.",
"trust": 7.7,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-284-21"
},
{
"title": "Patch for Delta Electronics CNCSoft-G2 Out-of-Bounds Write Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/599656"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1409"
},
{
"db": "ZDI",
"id": "ZDI-24-1408"
},
{
"db": "ZDI",
"id": "ZDI-24-1403"
},
{
"db": "ZDI",
"id": "ZDI-24-1400"
},
{
"db": "ZDI",
"id": "ZDI-24-1394"
},
{
"db": "ZDI",
"id": "ZDI-24-1393"
},
{
"db": "ZDI",
"id": "ZDI-24-1392"
},
{
"db": "ZDI",
"id": "ZDI-24-1391"
},
{
"db": "ZDI",
"id": "ZDI-24-1386"
},
{
"db": "ZDI",
"id": "ZDI-24-1385"
},
{
"db": "ZDI",
"id": "ZDI-24-1384"
},
{
"db": "CNVD",
"id": "CNVD-2024-40830"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010833"
},
{
"db": "NVD",
"id": "CVE-2024-47963"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 9.5,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-284-21"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90166601/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-47963"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2024-47963/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1409"
},
{
"db": "ZDI",
"id": "ZDI-24-1408"
},
{
"db": "ZDI",
"id": "ZDI-24-1403"
},
{
"db": "ZDI",
"id": "ZDI-24-1400"
},
{
"db": "ZDI",
"id": "ZDI-24-1394"
},
{
"db": "ZDI",
"id": "ZDI-24-1393"
},
{
"db": "ZDI",
"id": "ZDI-24-1392"
},
{
"db": "ZDI",
"id": "ZDI-24-1391"
},
{
"db": "ZDI",
"id": "ZDI-24-1386"
},
{
"db": "ZDI",
"id": "ZDI-24-1385"
},
{
"db": "ZDI",
"id": "ZDI-24-1384"
},
{
"db": "CNVD",
"id": "CNVD-2024-40830"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010833"
},
{
"db": "NVD",
"id": "CVE-2024-47963"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-24-1409"
},
{
"db": "ZDI",
"id": "ZDI-24-1408"
},
{
"db": "ZDI",
"id": "ZDI-24-1403"
},
{
"db": "ZDI",
"id": "ZDI-24-1400"
},
{
"db": "ZDI",
"id": "ZDI-24-1394"
},
{
"db": "ZDI",
"id": "ZDI-24-1393"
},
{
"db": "ZDI",
"id": "ZDI-24-1392"
},
{
"db": "ZDI",
"id": "ZDI-24-1391"
},
{
"db": "ZDI",
"id": "ZDI-24-1386"
},
{
"db": "ZDI",
"id": "ZDI-24-1385"
},
{
"db": "ZDI",
"id": "ZDI-24-1384"
},
{
"db": "CNVD",
"id": "CNVD-2024-40830"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010833"
},
{
"db": "NVD",
"id": "CVE-2024-47963"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1409"
},
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1408"
},
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1403"
},
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1400"
},
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1394"
},
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1393"
},
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1392"
},
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1391"
},
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1386"
},
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1385"
},
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1384"
},
{
"date": "2024-10-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-40830"
},
{
"date": "2024-10-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-010833"
},
{
"date": "2024-10-10T18:15:08.330000",
"db": "NVD",
"id": "CVE-2024-47963"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1409"
},
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1408"
},
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1403"
},
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1400"
},
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1394"
},
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1393"
},
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1392"
},
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1391"
},
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1386"
},
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1385"
},
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1384"
},
{
"date": "2024-10-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-40830"
},
{
"date": "2024-10-22T07:28:00",
"db": "JVNDB",
"id": "JVNDB-2024-010833"
},
{
"date": "2024-10-17T14:37:38.160000",
"db": "NVD",
"id": "CVE-2024-47963"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1409"
},
{
"db": "ZDI",
"id": "ZDI-24-1408"
},
{
"db": "ZDI",
"id": "ZDI-24-1394"
},
{
"db": "ZDI",
"id": "ZDI-24-1393"
},
{
"db": "ZDI",
"id": "ZDI-24-1391"
},
{
"db": "ZDI",
"id": "ZDI-24-1386"
},
{
"db": "ZDI",
"id": "ZDI-24-1385"
},
{
"db": "ZDI",
"id": "ZDI-24-1384"
}
],
"trust": 5.6
}
}
VAR-202410-0260
Vulnerability from variot - Updated: 2024-10-23 22:45Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can manipulate an insider to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of cncsoft-g2 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202410-0260",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cncsoft-g2",
"scope": null,
"trust": 9.9,
"vendor": "delta",
"version": null
},
{
"model": "cncsoft-g2",
"scope": "eq",
"trust": 1.0,
"vendor": "deltaww",
"version": "2.1.0.10"
},
{
"model": "cncsoft-g2",
"scope": "eq",
"trust": 0.8,
"vendor": "delta",
"version": null
},
{
"model": "cncsoft-g2",
"scope": "eq",
"trust": 0.8,
"vendor": "delta",
"version": "2.1.0.10"
},
{
"model": "electronics cncsoft-g2",
"scope": "eq",
"trust": 0.6,
"vendor": "delta",
"version": "2.1.0.10"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1410"
},
{
"db": "ZDI",
"id": "ZDI-24-1407"
},
{
"db": "ZDI",
"id": "ZDI-24-1406"
},
{
"db": "ZDI",
"id": "ZDI-24-1405"
},
{
"db": "ZDI",
"id": "ZDI-24-1404"
},
{
"db": "ZDI",
"id": "ZDI-24-1402"
},
{
"db": "ZDI",
"id": "ZDI-24-1401"
},
{
"db": "ZDI",
"id": "ZDI-24-1398"
},
{
"db": "ZDI",
"id": "ZDI-24-1397"
},
{
"db": "ZDI",
"id": "ZDI-24-1396"
},
{
"db": "ZDI",
"id": "ZDI-24-1395"
},
{
"db": "ZDI",
"id": "ZDI-24-1390"
},
{
"db": "ZDI",
"id": "ZDI-24-1389"
},
{
"db": "CNVD",
"id": "CNVD-2024-40831"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010520"
},
{
"db": "NVD",
"id": "CVE-2024-47962"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Natnael Samson (@NattiSamson)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1410"
},
{
"db": "ZDI",
"id": "ZDI-24-1407"
},
{
"db": "ZDI",
"id": "ZDI-24-1406"
},
{
"db": "ZDI",
"id": "ZDI-24-1405"
},
{
"db": "ZDI",
"id": "ZDI-24-1404"
},
{
"db": "ZDI",
"id": "ZDI-24-1402"
},
{
"db": "ZDI",
"id": "ZDI-24-1401"
},
{
"db": "ZDI",
"id": "ZDI-24-1398"
},
{
"db": "ZDI",
"id": "ZDI-24-1397"
},
{
"db": "ZDI",
"id": "ZDI-24-1395"
},
{
"db": "ZDI",
"id": "ZDI-24-1390"
},
{
"db": "ZDI",
"id": "ZDI-24-1389"
}
],
"trust": 8.4
},
"cve": "CVE-2024-47962",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2024-40831",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-47962",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 9.1,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-47962",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2024-47962",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2024-47962",
"trust": 9.1,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2024-47962",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2024-47962",
"trust": 1.0,
"value": "High"
},
{
"author": "NVD",
"id": "CVE-2024-47962",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2024-40831",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1410"
},
{
"db": "ZDI",
"id": "ZDI-24-1407"
},
{
"db": "ZDI",
"id": "ZDI-24-1406"
},
{
"db": "ZDI",
"id": "ZDI-24-1405"
},
{
"db": "ZDI",
"id": "ZDI-24-1404"
},
{
"db": "ZDI",
"id": "ZDI-24-1402"
},
{
"db": "ZDI",
"id": "ZDI-24-1401"
},
{
"db": "ZDI",
"id": "ZDI-24-1398"
},
{
"db": "ZDI",
"id": "ZDI-24-1397"
},
{
"db": "ZDI",
"id": "ZDI-24-1396"
},
{
"db": "ZDI",
"id": "ZDI-24-1395"
},
{
"db": "ZDI",
"id": "ZDI-24-1390"
},
{
"db": "ZDI",
"id": "ZDI-24-1389"
},
{
"db": "CNVD",
"id": "CNVD-2024-40831"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010520"
},
{
"db": "NVD",
"id": "CVE-2024-47962"
},
{
"db": "NVD",
"id": "CVE-2024-47962"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can manipulate an insider to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of cncsoft-g2 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-47962"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010520"
},
{
"db": "ZDI",
"id": "ZDI-24-1410"
},
{
"db": "ZDI",
"id": "ZDI-24-1407"
},
{
"db": "ZDI",
"id": "ZDI-24-1406"
},
{
"db": "ZDI",
"id": "ZDI-24-1405"
},
{
"db": "ZDI",
"id": "ZDI-24-1404"
},
{
"db": "ZDI",
"id": "ZDI-24-1402"
},
{
"db": "ZDI",
"id": "ZDI-24-1401"
},
{
"db": "ZDI",
"id": "ZDI-24-1398"
},
{
"db": "ZDI",
"id": "ZDI-24-1397"
},
{
"db": "ZDI",
"id": "ZDI-24-1396"
},
{
"db": "ZDI",
"id": "ZDI-24-1395"
},
{
"db": "ZDI",
"id": "ZDI-24-1390"
},
{
"db": "ZDI",
"id": "ZDI-24-1389"
},
{
"db": "CNVD",
"id": "CNVD-2024-40831"
}
],
"trust": 10.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-47962",
"trust": 12.3
},
{
"db": "ICS CERT",
"id": "ICSA-24-284-21",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010520",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-24200",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-1410",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-24196",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-1407",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-24202",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-1406",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-24201",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-1405",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-23768",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-1404",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-25055",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-1402",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-25056",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-1401",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-24788",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-1398",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-24790",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-1397",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-24994",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-1396",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-24758",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-1395",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-24363",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-1390",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-24358",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-1389",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2024-40831",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1410"
},
{
"db": "ZDI",
"id": "ZDI-24-1407"
},
{
"db": "ZDI",
"id": "ZDI-24-1406"
},
{
"db": "ZDI",
"id": "ZDI-24-1405"
},
{
"db": "ZDI",
"id": "ZDI-24-1404"
},
{
"db": "ZDI",
"id": "ZDI-24-1402"
},
{
"db": "ZDI",
"id": "ZDI-24-1401"
},
{
"db": "ZDI",
"id": "ZDI-24-1398"
},
{
"db": "ZDI",
"id": "ZDI-24-1397"
},
{
"db": "ZDI",
"id": "ZDI-24-1396"
},
{
"db": "ZDI",
"id": "ZDI-24-1395"
},
{
"db": "ZDI",
"id": "ZDI-24-1390"
},
{
"db": "ZDI",
"id": "ZDI-24-1389"
},
{
"db": "CNVD",
"id": "CNVD-2024-40831"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010520"
},
{
"db": "NVD",
"id": "CVE-2024-47962"
}
]
},
"id": "VAR-202410-0260",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-40831"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-40831"
}
]
},
"last_update_date": "2024-10-23T22:45:45.163000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Delta Electronics has issued an update to correct this vulnerability.",
"trust": 9.1,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-284-21"
},
{
"title": "Patch for Delta Electronics CNCSoft-G2 Buffer Overflow Vulnerability (CNVD-2024-40831)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/599651"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1410"
},
{
"db": "ZDI",
"id": "ZDI-24-1407"
},
{
"db": "ZDI",
"id": "ZDI-24-1406"
},
{
"db": "ZDI",
"id": "ZDI-24-1405"
},
{
"db": "ZDI",
"id": "ZDI-24-1404"
},
{
"db": "ZDI",
"id": "ZDI-24-1402"
},
{
"db": "ZDI",
"id": "ZDI-24-1401"
},
{
"db": "ZDI",
"id": "ZDI-24-1398"
},
{
"db": "ZDI",
"id": "ZDI-24-1397"
},
{
"db": "ZDI",
"id": "ZDI-24-1396"
},
{
"db": "ZDI",
"id": "ZDI-24-1395"
},
{
"db": "ZDI",
"id": "ZDI-24-1390"
},
{
"db": "ZDI",
"id": "ZDI-24-1389"
},
{
"db": "CNVD",
"id": "CNVD-2024-40831"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010520"
},
{
"db": "NVD",
"id": "CVE-2024-47962"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 10.9,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-284-21"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-47962"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2024-47962/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1410"
},
{
"db": "ZDI",
"id": "ZDI-24-1407"
},
{
"db": "ZDI",
"id": "ZDI-24-1406"
},
{
"db": "ZDI",
"id": "ZDI-24-1405"
},
{
"db": "ZDI",
"id": "ZDI-24-1404"
},
{
"db": "ZDI",
"id": "ZDI-24-1402"
},
{
"db": "ZDI",
"id": "ZDI-24-1401"
},
{
"db": "ZDI",
"id": "ZDI-24-1398"
},
{
"db": "ZDI",
"id": "ZDI-24-1397"
},
{
"db": "ZDI",
"id": "ZDI-24-1396"
},
{
"db": "ZDI",
"id": "ZDI-24-1395"
},
{
"db": "ZDI",
"id": "ZDI-24-1390"
},
{
"db": "ZDI",
"id": "ZDI-24-1389"
},
{
"db": "CNVD",
"id": "CNVD-2024-40831"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010520"
},
{
"db": "NVD",
"id": "CVE-2024-47962"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-24-1410"
},
{
"db": "ZDI",
"id": "ZDI-24-1407"
},
{
"db": "ZDI",
"id": "ZDI-24-1406"
},
{
"db": "ZDI",
"id": "ZDI-24-1405"
},
{
"db": "ZDI",
"id": "ZDI-24-1404"
},
{
"db": "ZDI",
"id": "ZDI-24-1402"
},
{
"db": "ZDI",
"id": "ZDI-24-1401"
},
{
"db": "ZDI",
"id": "ZDI-24-1398"
},
{
"db": "ZDI",
"id": "ZDI-24-1397"
},
{
"db": "ZDI",
"id": "ZDI-24-1396"
},
{
"db": "ZDI",
"id": "ZDI-24-1395"
},
{
"db": "ZDI",
"id": "ZDI-24-1390"
},
{
"db": "ZDI",
"id": "ZDI-24-1389"
},
{
"db": "CNVD",
"id": "CNVD-2024-40831"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010520"
},
{
"db": "NVD",
"id": "CVE-2024-47962"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1410"
},
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1407"
},
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1406"
},
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1405"
},
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1404"
},
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1402"
},
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1401"
},
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1398"
},
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1397"
},
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1396"
},
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1395"
},
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1390"
},
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1389"
},
{
"date": "2024-10-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-40831"
},
{
"date": "2024-10-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-010520"
},
{
"date": "2024-10-10T18:15:08.183000",
"db": "NVD",
"id": "CVE-2024-47962"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1410"
},
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1407"
},
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1406"
},
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1405"
},
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1404"
},
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1402"
},
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1401"
},
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1398"
},
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1397"
},
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1396"
},
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1395"
},
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1390"
},
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1389"
},
{
"date": "2024-10-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-40831"
},
{
"date": "2024-10-18T01:37:00",
"db": "JVNDB",
"id": "JVNDB-2024-010520"
},
{
"date": "2024-10-17T14:37:59.900000",
"db": "NVD",
"id": "CVE-2024-47962"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1410"
},
{
"db": "ZDI",
"id": "ZDI-24-1407"
},
{
"db": "ZDI",
"id": "ZDI-24-1406"
},
{
"db": "ZDI",
"id": "ZDI-24-1404"
},
{
"db": "ZDI",
"id": "ZDI-24-1396"
},
{
"db": "ZDI",
"id": "ZDI-24-1395"
},
{
"db": "ZDI",
"id": "ZDI-24-1390"
},
{
"db": "ZDI",
"id": "ZDI-24-1389"
}
],
"trust": 5.6
}
}
VAR-202410-0263
Vulnerability from variot - Updated: 2024-10-23 22:45Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of cncsoft-g2 Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202410-0263",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cncsoft-g2",
"scope": null,
"trust": 1.5,
"vendor": "delta",
"version": null
},
{
"model": "cncsoft-g2",
"scope": "eq",
"trust": 1.0,
"vendor": "deltaww",
"version": "2.1.0.10"
},
{
"model": "cncsoft-g2",
"scope": "eq",
"trust": 0.8,
"vendor": "delta",
"version": null
},
{
"model": "cncsoft-g2",
"scope": "eq",
"trust": 0.8,
"vendor": "delta",
"version": "2.1.0.10"
},
{
"model": "electronics cncsoft-g2",
"scope": "eq",
"trust": 0.6,
"vendor": "delta",
"version": "2.1.0.10"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1388"
},
{
"db": "CNVD",
"id": "CNVD-2024-40832"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010571"
},
{
"db": "NVD",
"id": "CVE-2024-47965"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Bobby Gould and Fritz Sands of Trend Micro Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1388"
}
],
"trust": 0.7
},
"cve": "CVE-2024-47965",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2024-40832",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-47965",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2024-47965",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-47965",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-47965",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2024-47965",
"trust": 1.0,
"value": "High"
},
{
"author": "NVD",
"id": "CVE-2024-47965",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2024-47965",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2024-40832",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1388"
},
{
"db": "CNVD",
"id": "CNVD-2024-40832"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010571"
},
{
"db": "NVD",
"id": "CVE-2024-47965"
},
{
"db": "NVD",
"id": "CVE-2024-47965"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. Delta Electronics, INC. of cncsoft-g2 Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-47965"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010571"
},
{
"db": "ZDI",
"id": "ZDI-24-1388"
},
{
"db": "CNVD",
"id": "CNVD-2024-40832"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-47965",
"trust": 3.9
},
{
"db": "ICS CERT",
"id": "ICSA-24-284-21",
"trust": 1.8
},
{
"db": "JVN",
"id": "JVNVU90166601",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010571",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-24766",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-1388",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2024-40832",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1388"
},
{
"db": "CNVD",
"id": "CNVD-2024-40832"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010571"
},
{
"db": "NVD",
"id": "CVE-2024-47965"
}
]
},
"id": "VAR-202410-0263",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-40832"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-40832"
}
]
},
"last_update_date": "2024-10-23T22:45:45.101000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Delta Electronics has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-284-21"
},
{
"title": "Patch for Delta Electronics CNCSoft-G2 Out-of-Bounds Read Vulnerability (CNVD-2024-40832)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/599646"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1388"
},
{
"db": "CNVD",
"id": "CNVD-2024-40832"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds read (CWE-125) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010571"
},
{
"db": "NVD",
"id": "CVE-2024-47965"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-284-21"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90166601/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-47965"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2024-47965/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1388"
},
{
"db": "CNVD",
"id": "CNVD-2024-40832"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010571"
},
{
"db": "NVD",
"id": "CVE-2024-47965"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-24-1388"
},
{
"db": "CNVD",
"id": "CNVD-2024-40832"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010571"
},
{
"db": "NVD",
"id": "CVE-2024-47965"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1388"
},
{
"date": "2024-10-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-40832"
},
{
"date": "2024-10-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-010571"
},
{
"date": "2024-10-10T18:15:08.587000",
"db": "NVD",
"id": "CVE-2024-47965"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1388"
},
{
"date": "2024-10-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-40832"
},
{
"date": "2024-10-18T03:41:00",
"db": "JVNDB",
"id": "JVNDB-2024-010571"
},
{
"date": "2024-10-17T14:36:54.353000",
"db": "NVD",
"id": "CVE-2024-47965"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Delta\u00a0Electronics,\u00a0INC.\u00a0 of \u00a0cncsoft-g2\u00a0 Out-of-bounds read vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010571"
}
],
"trust": 0.8
}
}
CVE-2025-58319 (GCVE-0-2025-58319)
Vulnerability from nvd – Published: 2025-09-24 06:42 – Updated: 2025-09-24 13:10
VLAI?
Title
File Parsing Memory Corruption in CNCSoft-G2
Summary
Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
Severity ?
7.8 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Delta Electronics | CNCSoft-G2 |
Affected:
0 , < 2.1.0.34
(custom)
|
Credits
Jessie Cooper of CISA
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58319",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T13:09:42.496667Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T13:10:05.302Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "CNCSoft-G2",
"vendor": "Delta Electronics",
"versions": [
{
"lessThan": "2.1.0.34",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "coordinator",
"value": "Jessie Cooper of CISA"
}
],
"datePublic": "2025-09-24T06:02:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cstrong\u003eDelta Electronics CNCSoft-G2\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.\u003c/span\u003e"
}
],
"value": "Delta Electronics CNCSoft-G2\u00a0lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T06:42:08.525Z",
"orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"shortName": "Deltaww"
},
"references": [
{
"url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00017_CNCSoft-G2_File%20Parsing%20Stack-based%20Buffer%20Overflow%20Vulnerability.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Download and update to: v2.1.0.34 or later\u003cbr\u003e"
}
],
"value": "Download and update to: v2.1.0.34 or later"
}
],
"source": {
"defect": [
"CISA"
],
"discovery": "EXTERNAL"
},
"title": "File Parsing Memory Corruption in CNCSoft-G2",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"assignerShortName": "Deltaww",
"cveId": "CVE-2025-58319",
"datePublished": "2025-09-24T06:42:08.525Z",
"dateReserved": "2025-08-28T06:15:58.626Z",
"dateUpdated": "2025-09-24T13:10:05.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-58317 (GCVE-0-2025-58317)
Vulnerability from nvd – Published: 2025-09-24 06:38 – Updated: 2025-09-24 13:13
VLAI?
Title
File Parsing Memory Corruption in CNCSoft-G2
Summary
Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
Severity ?
7.8 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Delta Electronics | CNCSoft-G2 |
Affected:
0 , < 2.1.0.34
(custom)
|
Credits
Natnael Samson working with Trend Micro Zero Day Initiative
Jason Forbush of CISA
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58317",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T13:13:22.686691Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T13:13:34.500Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "CNCSoft-G2",
"vendor": "Delta Electronics",
"versions": [
{
"lessThan": "2.1.0.34",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Natnael Samson working with Trend Micro Zero Day Initiative"
},
{
"lang": "en",
"type": "coordinator",
"value": "Jason Forbush of CISA"
}
],
"datePublic": "2025-09-24T06:02:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cstrong\u003eDelta Electronics CNCSoft-G2\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.\u003c/span\u003e"
}
],
"value": "Delta Electronics CNCSoft-G2\u00a0lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T06:38:43.161Z",
"orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"shortName": "Deltaww"
},
"references": [
{
"url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00017_CNCSoft-G2_File%20Parsing%20Stack-based%20Buffer%20Overflow%20Vulnerability.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Download and update to: v2.1.0.34 or later\u003cbr\u003e"
}
],
"value": "Download and update to: v2.1.0.34 or later"
}
],
"source": {
"defect": [
"CISA"
],
"discovery": "EXTERNAL"
},
"title": "File Parsing Memory Corruption in CNCSoft-G2",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"assignerShortName": "Deltaww",
"cveId": "CVE-2025-58317",
"datePublished": "2025-09-24T06:38:43.161Z",
"dateReserved": "2025-08-28T06:15:58.626Z",
"dateUpdated": "2025-09-24T13:13:34.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47728 (GCVE-0-2025-47728)
Vulnerability from nvd – Published: 2025-06-04 08:11 – Updated: 2025-08-27 01:03
VLAI?
Title
File Parsing Memory Corruption in CNCSoft-G2
Summary
Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
Severity ?
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Delta Electronics | CNCSoft-G2 |
Affected:
0 , < 2.1.0.27
(custom)
|
Credits
Kholoud Altookhy from Trend Micro's Zero Day Initiative
Jason Forbush of CISA
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47728",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-04T13:26:47.796513Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T13:26:55.450Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "CNCSoft-G2",
"vendor": "Delta Electronics",
"versions": [
{
"lessThan": "2.1.0.27",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Kholoud Altookhy from Trend Micro\u0027s Zero Day Initiative"
},
{
"lang": "en",
"type": "coordinator",
"value": "Jason Forbush of CISA"
}
],
"datePublic": "2025-06-04T08:05:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cstrong\u003eDelta Electronics CNCSoft-G2\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.\u003c/span\u003e"
}
],
"value": "Delta Electronics CNCSoft-G2\u00a0lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T01:03:04.682Z",
"orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"shortName": "Deltaww"
},
"references": [
{
"url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00007_CNCSoft-G2%20-%20File%20Parsing%20Memory%20Corruption.pdf"
}
],
"source": {
"defect": [
"CISA"
],
"discovery": "EXTERNAL"
},
"title": "File Parsing Memory Corruption in CNCSoft-G2",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"assignerShortName": "Deltaww",
"cveId": "CVE-2025-47728",
"datePublished": "2025-06-04T08:11:06.007Z",
"dateReserved": "2025-05-08T08:08:01.077Z",
"dateUpdated": "2025-08-27T01:03:04.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22881 (GCVE-0-2025-22881)
Vulnerability from nvd – Published: 2025-02-26 01:44 – Updated: 2025-02-26 15:43
VLAI?
Title
Heap-based Buffer Overflow in CNCSoft-G2
Summary
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.
Severity ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Delta Electronics | CNCSoft-G2 |
Affected:
0 , ≤ 2.1.0.10
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22881",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T14:49:19.074255Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T15:43:08.047Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "CNCSoft-G2",
"vendor": "Delta Electronics",
"versions": [
{
"lessThanOrEqual": "2.1.0.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-02-26T01:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process."
}
],
"value": "Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-44",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-44 Overflow Binary Resource File"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T01:44:17.551Z",
"orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"shortName": "Deltaww"
},
"references": [
{
"url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00003_CNCSoft-G2%20-%20Heap-based%20Buffer%20Overflow_v1.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDelta Electronics recommends users update to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://downloadcenter.deltaww.com/en-US/DownloadCenter?v=1\u0026amp;q=cncsoft\u0026amp;sort_expr=cdate\u0026amp;sort_dir=DESC\"\u003eCNCSoft-G2 V2.1.0.20\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;or later.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Delta Electronics recommends users update to CNCSoft-G2 V2.1.0.20 https://downloadcenter.deltaww.com/en-US/DownloadCenter \u00a0or later."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in CNCSoft-G2",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"assignerShortName": "Deltaww",
"cveId": "CVE-2025-22881",
"datePublished": "2025-02-26T01:44:17.551Z",
"dateReserved": "2025-01-09T03:48:26.774Z",
"dateUpdated": "2025-02-26T15:43:08.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22880 (GCVE-0-2025-22880)
Vulnerability from nvd – Published: 2025-02-07 07:26 – Updated: 2025-02-07 15:54
VLAI?
Title
Heap-based Buffer Overflow in CNCSoft-G2
Summary
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.
Severity ?
7.8 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Delta Electronics | CNCSoft-G2 |
Affected:
0 , < 2.1.0.20
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22880",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T15:49:27.000208Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T15:54:27.041Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "CNCSoft-G2",
"vendor": "Delta Electronics",
"versions": [
{
"lessThan": "2.1.0.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-02-07T07:20:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process."
}
],
"value": "Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-44",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-44 Overflow Binary Resource File"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T07:26:04.691Z",
"orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"shortName": "Deltaww"
},
"references": [
{
"url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00002_CNCSoft-G2%20-%20Heap-based%20Buffer%20Overflow_v1.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDelta Electronics recommends users update to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://downloadcenter.deltaww.com/en-US/DownloadCenter?v=1\u0026amp;q=cncsoft\u0026amp;sort_expr=cdate\u0026amp;sort_dir=DESC\"\u003eCNCSoft-G2 V2.1.0.20\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;or later.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Delta Electronics recommends users update to CNCSoft-G2 V2.1.0.20 https://downloadcenter.deltaww.com/en-US/DownloadCenter \u00a0or later."
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-09-28T06:24:00.000Z",
"value": "Reported"
},
{
"lang": "en",
"time": "2024-12-04T06:26:00.000Z",
"value": "New patch (CNCSoft-G2 v2.1.0.20) released"
}
],
"title": "Heap-based Buffer Overflow in CNCSoft-G2",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"assignerShortName": "Deltaww",
"cveId": "CVE-2025-22880",
"datePublished": "2025-02-07T07:26:04.691Z",
"dateReserved": "2025-01-09T03:48:26.774Z",
"dateUpdated": "2025-02-07T15:54:27.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47966 (GCVE-0-2024-47966)
Vulnerability from nvd – Published: 2024-10-10 17:18 – Updated: 2024-10-10 17:37
VLAI?
Title
Use of Uninitialized Variable vulnerability in Delta Electronics CNCSoft-G2
Summary
Delta Electronics CNCSoft-G2 lacks proper initialization of memory prior to accessing it. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.
Severity ?
CWE
- CWE-457 - Use of Uninitialized Variable
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Delta Electronics | CNCSoft-G2 |
Affected:
2.1.0.10
|
Credits
Bobby Gould, Fritz Sands, and Natnael Samson working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:delta_electronics:cncsoft-g2:2.1.0.10:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cncsoft-g2",
"vendor": "delta_electronics",
"versions": [
{
"status": "affected",
"version": "2.1.0.10"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47966",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T17:35:10.512564Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T17:37:04.833Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CNCSoft-G2",
"vendor": "Delta Electronics",
"versions": [
{
"status": "affected",
"version": "2.1.0.10"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bobby Gould, Fritz Sands, and Natnael Samson working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDelta Electronics CNCSoft-G2 lacks proper initialization of memory prior to accessing it. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "Delta Electronics CNCSoft-G2 lacks proper initialization of memory prior to accessing it. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-457",
"description": "CWE-457 Use of Uninitialized Variable",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T17:18:58.817Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-284-21"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDelta Electronics recommends users update to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://downloadcenter.deltaww.com/en-US/DownloadCenter?v=1\u0026amp;q=CNCSoft-g2\u0026amp;sort_expr=cdate\u0026amp;sort_dir=DESC\"\u003eCNCSoft-G2 v2.1.0.16\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;or later.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Delta Electronics recommends users update to CNCSoft-G2 v2.1.0.16 https://downloadcenter.deltaww.com/en-US/DownloadCenter \u00a0or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Use of Uninitialized Variable vulnerability in Delta Electronics CNCSoft-G2",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-47966",
"datePublished": "2024-10-10T17:18:58.817Z",
"dateReserved": "2024-10-07T17:01:16.643Z",
"dateUpdated": "2024-10-10T17:37:04.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47965 (GCVE-0-2024-47965)
Vulnerability from nvd – Published: 2024-10-10 17:18 – Updated: 2024-10-10 17:41
VLAI?
Title
Out-of-bounds Read vulnerability in Delta Electronics CNCSoft-G2
Summary
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.
Severity ?
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Delta Electronics | CNCSoft-G2 |
Affected:
2.1.0.10
|
Credits
Bobby Gould, Fritz Sands, and Natnael Samson working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:delta_electronics:cncsoft-g2:2.1.0.10:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cncsoft-g2",
"vendor": "delta_electronics",
"versions": [
{
"status": "affected",
"version": "2.1.0.10"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47965",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T17:40:16.943724Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T17:41:01.289Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CNCSoft-G2",
"vendor": "Delta Electronics",
"versions": [
{
"status": "affected",
"version": "2.1.0.10"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bobby Gould, Fritz Sands, and Natnael Samson working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDelta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T17:18:01.407Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-284-21"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDelta Electronics recommends users update to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://downloadcenter.deltaww.com/en-US/DownloadCenter?v=1\u0026amp;q=CNCSoft-g2\u0026amp;sort_expr=cdate\u0026amp;sort_dir=DESC\"\u003eCNCSoft-G2 v2.1.0.16\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;or later.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Delta Electronics recommends users update to CNCSoft-G2 v2.1.0.16 https://downloadcenter.deltaww.com/en-US/DownloadCenter \u00a0or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds Read vulnerability in Delta Electronics CNCSoft-G2",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-47965",
"datePublished": "2024-10-10T17:18:01.407Z",
"dateReserved": "2024-10-07T17:01:16.642Z",
"dateUpdated": "2024-10-10T17:41:01.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47964 (GCVE-0-2024-47964)
Vulnerability from nvd – Published: 2024-10-10 17:16 – Updated: 2024-10-10 17:42
VLAI?
Title
Heap-based Buffer Overflow vulnerability in Delta Electronics CNCSoft-G2
Summary
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.
Severity ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Delta Electronics | CNCSoft-G2 |
Affected:
2.1.0.10
|
Credits
Bobby Gould, Fritz Sands, and Natnael Samson working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:delta_electronics:cncsoft-g2:2.1.0.10:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cncsoft-g2",
"vendor": "delta_electronics",
"versions": [
{
"status": "affected",
"version": "2.1.0.10"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47964",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T17:41:41.260226Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T17:42:30.381Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CNCSoft-G2",
"vendor": "Delta Electronics",
"versions": [
{
"status": "affected",
"version": "2.1.0.10"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bobby Gould, Fritz Sands, and Natnael Samson working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDelta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T17:16:51.747Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-284-21"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDelta Electronics recommends users update to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://downloadcenter.deltaww.com/en-US/DownloadCenter?v=1\u0026amp;q=CNCSoft-g2\u0026amp;sort_expr=cdate\u0026amp;sort_dir=DESC\"\u003eCNCSoft-G2 v2.1.0.16\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;or later.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Delta Electronics recommends users update to CNCSoft-G2 v2.1.0.16 https://downloadcenter.deltaww.com/en-US/DownloadCenter \u00a0or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Heap-based Buffer Overflow vulnerability in Delta Electronics CNCSoft-G2",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-47964",
"datePublished": "2024-10-10T17:16:51.747Z",
"dateReserved": "2024-10-07T17:01:16.642Z",
"dateUpdated": "2024-10-10T17:42:30.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47963 (GCVE-0-2024-47963)
Vulnerability from nvd – Published: 2024-10-10 17:15 – Updated: 2024-10-10 17:43
VLAI?
Title
Out-of-bounds Write vulnerability in Delta Electronics CNCSoft-G2
Summary
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.
Severity ?
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Delta Electronics | CNCSoft-G2 |
Affected:
2.1.0.10
|
Credits
Bobby Gould, Fritz Sands, and Natnael Samson working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:delta_electronics:cncsoft-g2:2.1.0.10:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cncsoft-g2",
"vendor": "delta_electronics",
"versions": [
{
"status": "affected",
"version": "2.1.0.10"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47963",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T17:43:14.190343Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T17:43:56.182Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CNCSoft-G2",
"vendor": "Delta Electronics",
"versions": [
{
"status": "affected",
"version": "2.1.0.10"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bobby Gould, Fritz Sands, and Natnael Samson working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDelta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T17:15:54.044Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-284-21"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDelta Electronics recommends users update to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://downloadcenter.deltaww.com/en-US/DownloadCenter?v=1\u0026amp;q=CNCSoft-g2\u0026amp;sort_expr=cdate\u0026amp;sort_dir=DESC\"\u003eCNCSoft-G2 v2.1.0.16\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;or later.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Delta Electronics recommends users update to CNCSoft-G2 v2.1.0.16 https://downloadcenter.deltaww.com/en-US/DownloadCenter \u00a0or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds Write vulnerability in Delta Electronics CNCSoft-G2",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-47963",
"datePublished": "2024-10-10T17:15:54.044Z",
"dateReserved": "2024-10-07T17:01:16.642Z",
"dateUpdated": "2024-10-10T17:43:56.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47962 (GCVE-0-2024-47962)
Vulnerability from nvd – Published: 2024-10-10 17:14 – Updated: 2024-10-10 17:45
VLAI?
Title
Stack-based Buffer Overflow vulnerability in Delta Electronics CNCSoft-G2
Summary
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can manipulate an insider to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.
Severity ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Delta Electronics | CNCSoft-G2 |
Affected:
2.1.0.10
|
Credits
Bobby Gould, Fritz Sands, and Natnael Samson working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:delta_electronics:cncsoft-g2:2.1.0.10:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cncsoft-g2",
"vendor": "delta_electronics",
"versions": [
{
"status": "affected",
"version": "2.1.0.10"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47962",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T17:44:29.384286Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T17:45:02.444Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CNCSoft-G2",
"vendor": "Delta Electronics",
"versions": [
{
"status": "affected",
"version": "2.1.0.10"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bobby Gould, Fritz Sands, and Natnael Samson working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDelta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can manipulate an insider to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.\u003c/span\u003e"
}
],
"value": "Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can manipulate an insider to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T17:14:30.805Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-284-21"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDelta Electronics recommends users update to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://downloadcenter.deltaww.com/en-US/DownloadCenter?v=1\u0026amp;q=CNCSoft-g2\u0026amp;sort_expr=cdate\u0026amp;sort_dir=DESC\"\u003eCNCSoft-G2 v2.1.0.16\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;or later.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Delta Electronics recommends users update to CNCSoft-G2 v2.1.0.16 https://downloadcenter.deltaww.com/en-US/DownloadCenter \u00a0or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stack-based Buffer Overflow vulnerability in Delta Electronics CNCSoft-G2",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-47962",
"datePublished": "2024-10-10T17:14:30.805Z",
"dateReserved": "2024-10-07T17:01:16.642Z",
"dateUpdated": "2024-10-10T17:45:02.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-58319 (GCVE-0-2025-58319)
Vulnerability from cvelistv5 – Published: 2025-09-24 06:42 – Updated: 2025-09-24 13:10
VLAI?
Title
File Parsing Memory Corruption in CNCSoft-G2
Summary
Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
Severity ?
7.8 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Delta Electronics | CNCSoft-G2 |
Affected:
0 , < 2.1.0.34
(custom)
|
Credits
Jessie Cooper of CISA
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58319",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T13:09:42.496667Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T13:10:05.302Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "CNCSoft-G2",
"vendor": "Delta Electronics",
"versions": [
{
"lessThan": "2.1.0.34",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "coordinator",
"value": "Jessie Cooper of CISA"
}
],
"datePublic": "2025-09-24T06:02:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cstrong\u003eDelta Electronics CNCSoft-G2\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.\u003c/span\u003e"
}
],
"value": "Delta Electronics CNCSoft-G2\u00a0lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T06:42:08.525Z",
"orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"shortName": "Deltaww"
},
"references": [
{
"url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00017_CNCSoft-G2_File%20Parsing%20Stack-based%20Buffer%20Overflow%20Vulnerability.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Download and update to: v2.1.0.34 or later\u003cbr\u003e"
}
],
"value": "Download and update to: v2.1.0.34 or later"
}
],
"source": {
"defect": [
"CISA"
],
"discovery": "EXTERNAL"
},
"title": "File Parsing Memory Corruption in CNCSoft-G2",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"assignerShortName": "Deltaww",
"cveId": "CVE-2025-58319",
"datePublished": "2025-09-24T06:42:08.525Z",
"dateReserved": "2025-08-28T06:15:58.626Z",
"dateUpdated": "2025-09-24T13:10:05.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-58317 (GCVE-0-2025-58317)
Vulnerability from cvelistv5 – Published: 2025-09-24 06:38 – Updated: 2025-09-24 13:13
VLAI?
Title
File Parsing Memory Corruption in CNCSoft-G2
Summary
Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
Severity ?
7.8 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Delta Electronics | CNCSoft-G2 |
Affected:
0 , < 2.1.0.34
(custom)
|
Credits
Natnael Samson working with Trend Micro Zero Day Initiative
Jason Forbush of CISA
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58317",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T13:13:22.686691Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T13:13:34.500Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "CNCSoft-G2",
"vendor": "Delta Electronics",
"versions": [
{
"lessThan": "2.1.0.34",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Natnael Samson working with Trend Micro Zero Day Initiative"
},
{
"lang": "en",
"type": "coordinator",
"value": "Jason Forbush of CISA"
}
],
"datePublic": "2025-09-24T06:02:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cstrong\u003eDelta Electronics CNCSoft-G2\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.\u003c/span\u003e"
}
],
"value": "Delta Electronics CNCSoft-G2\u00a0lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T06:38:43.161Z",
"orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"shortName": "Deltaww"
},
"references": [
{
"url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00017_CNCSoft-G2_File%20Parsing%20Stack-based%20Buffer%20Overflow%20Vulnerability.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Download and update to: v2.1.0.34 or later\u003cbr\u003e"
}
],
"value": "Download and update to: v2.1.0.34 or later"
}
],
"source": {
"defect": [
"CISA"
],
"discovery": "EXTERNAL"
},
"title": "File Parsing Memory Corruption in CNCSoft-G2",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"assignerShortName": "Deltaww",
"cveId": "CVE-2025-58317",
"datePublished": "2025-09-24T06:38:43.161Z",
"dateReserved": "2025-08-28T06:15:58.626Z",
"dateUpdated": "2025-09-24T13:13:34.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47728 (GCVE-0-2025-47728)
Vulnerability from cvelistv5 – Published: 2025-06-04 08:11 – Updated: 2025-08-27 01:03
VLAI?
Title
File Parsing Memory Corruption in CNCSoft-G2
Summary
Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
Severity ?
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Delta Electronics | CNCSoft-G2 |
Affected:
0 , < 2.1.0.27
(custom)
|
Credits
Kholoud Altookhy from Trend Micro's Zero Day Initiative
Jason Forbush of CISA
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47728",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-04T13:26:47.796513Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T13:26:55.450Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "CNCSoft-G2",
"vendor": "Delta Electronics",
"versions": [
{
"lessThan": "2.1.0.27",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Kholoud Altookhy from Trend Micro\u0027s Zero Day Initiative"
},
{
"lang": "en",
"type": "coordinator",
"value": "Jason Forbush of CISA"
}
],
"datePublic": "2025-06-04T08:05:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cstrong\u003eDelta Electronics CNCSoft-G2\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.\u003c/span\u003e"
}
],
"value": "Delta Electronics CNCSoft-G2\u00a0lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T01:03:04.682Z",
"orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"shortName": "Deltaww"
},
"references": [
{
"url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00007_CNCSoft-G2%20-%20File%20Parsing%20Memory%20Corruption.pdf"
}
],
"source": {
"defect": [
"CISA"
],
"discovery": "EXTERNAL"
},
"title": "File Parsing Memory Corruption in CNCSoft-G2",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"assignerShortName": "Deltaww",
"cveId": "CVE-2025-47728",
"datePublished": "2025-06-04T08:11:06.007Z",
"dateReserved": "2025-05-08T08:08:01.077Z",
"dateUpdated": "2025-08-27T01:03:04.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22881 (GCVE-0-2025-22881)
Vulnerability from cvelistv5 – Published: 2025-02-26 01:44 – Updated: 2025-02-26 15:43
VLAI?
Title
Heap-based Buffer Overflow in CNCSoft-G2
Summary
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.
Severity ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Delta Electronics | CNCSoft-G2 |
Affected:
0 , ≤ 2.1.0.10
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22881",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T14:49:19.074255Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T15:43:08.047Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "CNCSoft-G2",
"vendor": "Delta Electronics",
"versions": [
{
"lessThanOrEqual": "2.1.0.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-02-26T01:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process."
}
],
"value": "Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-44",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-44 Overflow Binary Resource File"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T01:44:17.551Z",
"orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"shortName": "Deltaww"
},
"references": [
{
"url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00003_CNCSoft-G2%20-%20Heap-based%20Buffer%20Overflow_v1.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDelta Electronics recommends users update to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://downloadcenter.deltaww.com/en-US/DownloadCenter?v=1\u0026amp;q=cncsoft\u0026amp;sort_expr=cdate\u0026amp;sort_dir=DESC\"\u003eCNCSoft-G2 V2.1.0.20\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;or later.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Delta Electronics recommends users update to CNCSoft-G2 V2.1.0.20 https://downloadcenter.deltaww.com/en-US/DownloadCenter \u00a0or later."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in CNCSoft-G2",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"assignerShortName": "Deltaww",
"cveId": "CVE-2025-22881",
"datePublished": "2025-02-26T01:44:17.551Z",
"dateReserved": "2025-01-09T03:48:26.774Z",
"dateUpdated": "2025-02-26T15:43:08.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22880 (GCVE-0-2025-22880)
Vulnerability from cvelistv5 – Published: 2025-02-07 07:26 – Updated: 2025-02-07 15:54
VLAI?
Title
Heap-based Buffer Overflow in CNCSoft-G2
Summary
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.
Severity ?
7.8 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Delta Electronics | CNCSoft-G2 |
Affected:
0 , < 2.1.0.20
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22880",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T15:49:27.000208Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T15:54:27.041Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "CNCSoft-G2",
"vendor": "Delta Electronics",
"versions": [
{
"lessThan": "2.1.0.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-02-07T07:20:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process."
}
],
"value": "Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-44",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-44 Overflow Binary Resource File"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T07:26:04.691Z",
"orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"shortName": "Deltaww"
},
"references": [
{
"url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00002_CNCSoft-G2%20-%20Heap-based%20Buffer%20Overflow_v1.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDelta Electronics recommends users update to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://downloadcenter.deltaww.com/en-US/DownloadCenter?v=1\u0026amp;q=cncsoft\u0026amp;sort_expr=cdate\u0026amp;sort_dir=DESC\"\u003eCNCSoft-G2 V2.1.0.20\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;or later.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Delta Electronics recommends users update to CNCSoft-G2 V2.1.0.20 https://downloadcenter.deltaww.com/en-US/DownloadCenter \u00a0or later."
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-09-28T06:24:00.000Z",
"value": "Reported"
},
{
"lang": "en",
"time": "2024-12-04T06:26:00.000Z",
"value": "New patch (CNCSoft-G2 v2.1.0.20) released"
}
],
"title": "Heap-based Buffer Overflow in CNCSoft-G2",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"assignerShortName": "Deltaww",
"cveId": "CVE-2025-22880",
"datePublished": "2025-02-07T07:26:04.691Z",
"dateReserved": "2025-01-09T03:48:26.774Z",
"dateUpdated": "2025-02-07T15:54:27.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47966 (GCVE-0-2024-47966)
Vulnerability from cvelistv5 – Published: 2024-10-10 17:18 – Updated: 2024-10-10 17:37
VLAI?
Title
Use of Uninitialized Variable vulnerability in Delta Electronics CNCSoft-G2
Summary
Delta Electronics CNCSoft-G2 lacks proper initialization of memory prior to accessing it. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.
Severity ?
CWE
- CWE-457 - Use of Uninitialized Variable
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Delta Electronics | CNCSoft-G2 |
Affected:
2.1.0.10
|
Credits
Bobby Gould, Fritz Sands, and Natnael Samson working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:delta_electronics:cncsoft-g2:2.1.0.10:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cncsoft-g2",
"vendor": "delta_electronics",
"versions": [
{
"status": "affected",
"version": "2.1.0.10"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47966",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T17:35:10.512564Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T17:37:04.833Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CNCSoft-G2",
"vendor": "Delta Electronics",
"versions": [
{
"status": "affected",
"version": "2.1.0.10"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bobby Gould, Fritz Sands, and Natnael Samson working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDelta Electronics CNCSoft-G2 lacks proper initialization of memory prior to accessing it. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "Delta Electronics CNCSoft-G2 lacks proper initialization of memory prior to accessing it. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-457",
"description": "CWE-457 Use of Uninitialized Variable",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T17:18:58.817Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-284-21"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDelta Electronics recommends users update to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://downloadcenter.deltaww.com/en-US/DownloadCenter?v=1\u0026amp;q=CNCSoft-g2\u0026amp;sort_expr=cdate\u0026amp;sort_dir=DESC\"\u003eCNCSoft-G2 v2.1.0.16\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;or later.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Delta Electronics recommends users update to CNCSoft-G2 v2.1.0.16 https://downloadcenter.deltaww.com/en-US/DownloadCenter \u00a0or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Use of Uninitialized Variable vulnerability in Delta Electronics CNCSoft-G2",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-47966",
"datePublished": "2024-10-10T17:18:58.817Z",
"dateReserved": "2024-10-07T17:01:16.643Z",
"dateUpdated": "2024-10-10T17:37:04.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47965 (GCVE-0-2024-47965)
Vulnerability from cvelistv5 – Published: 2024-10-10 17:18 – Updated: 2024-10-10 17:41
VLAI?
Title
Out-of-bounds Read vulnerability in Delta Electronics CNCSoft-G2
Summary
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.
Severity ?
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Delta Electronics | CNCSoft-G2 |
Affected:
2.1.0.10
|
Credits
Bobby Gould, Fritz Sands, and Natnael Samson working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:delta_electronics:cncsoft-g2:2.1.0.10:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cncsoft-g2",
"vendor": "delta_electronics",
"versions": [
{
"status": "affected",
"version": "2.1.0.10"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47965",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T17:40:16.943724Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T17:41:01.289Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CNCSoft-G2",
"vendor": "Delta Electronics",
"versions": [
{
"status": "affected",
"version": "2.1.0.10"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bobby Gould, Fritz Sands, and Natnael Samson working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDelta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T17:18:01.407Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-284-21"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDelta Electronics recommends users update to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://downloadcenter.deltaww.com/en-US/DownloadCenter?v=1\u0026amp;q=CNCSoft-g2\u0026amp;sort_expr=cdate\u0026amp;sort_dir=DESC\"\u003eCNCSoft-G2 v2.1.0.16\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;or later.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Delta Electronics recommends users update to CNCSoft-G2 v2.1.0.16 https://downloadcenter.deltaww.com/en-US/DownloadCenter \u00a0or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds Read vulnerability in Delta Electronics CNCSoft-G2",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-47965",
"datePublished": "2024-10-10T17:18:01.407Z",
"dateReserved": "2024-10-07T17:01:16.642Z",
"dateUpdated": "2024-10-10T17:41:01.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47964 (GCVE-0-2024-47964)
Vulnerability from cvelistv5 – Published: 2024-10-10 17:16 – Updated: 2024-10-10 17:42
VLAI?
Title
Heap-based Buffer Overflow vulnerability in Delta Electronics CNCSoft-G2
Summary
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.
Severity ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Delta Electronics | CNCSoft-G2 |
Affected:
2.1.0.10
|
Credits
Bobby Gould, Fritz Sands, and Natnael Samson working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:delta_electronics:cncsoft-g2:2.1.0.10:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cncsoft-g2",
"vendor": "delta_electronics",
"versions": [
{
"status": "affected",
"version": "2.1.0.10"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47964",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T17:41:41.260226Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T17:42:30.381Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CNCSoft-G2",
"vendor": "Delta Electronics",
"versions": [
{
"status": "affected",
"version": "2.1.0.10"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bobby Gould, Fritz Sands, and Natnael Samson working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDelta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T17:16:51.747Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-284-21"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDelta Electronics recommends users update to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://downloadcenter.deltaww.com/en-US/DownloadCenter?v=1\u0026amp;q=CNCSoft-g2\u0026amp;sort_expr=cdate\u0026amp;sort_dir=DESC\"\u003eCNCSoft-G2 v2.1.0.16\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;or later.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Delta Electronics recommends users update to CNCSoft-G2 v2.1.0.16 https://downloadcenter.deltaww.com/en-US/DownloadCenter \u00a0or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Heap-based Buffer Overflow vulnerability in Delta Electronics CNCSoft-G2",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-47964",
"datePublished": "2024-10-10T17:16:51.747Z",
"dateReserved": "2024-10-07T17:01:16.642Z",
"dateUpdated": "2024-10-10T17:42:30.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}