CVE-2019-13536 - OpenCVE

Delta Electronics TPEditor, Versions 1.94 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to remotely execute arbitrary code.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Deltaww	Tpeditor

Configuration 1 [-]

cpe:2.3:a:deltaww:tpeditor:*:*:*:*:*:*:*:*

References

Link	Resource
https://www.us-cert.gov/ics/advisories/icsa-19-253-01	Mitigation Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2019-09-11T20:49:37

Updated: 2019-09-11T20:49:37

Reserved: 2019-07-11T00:00:00

Link: CVE-2019-13536

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-09-11T21:15:11.673

Modified: 2021-10-28T15:08:59.307

Link: CVE-2019-13536

JSON object: View

Redhat Information

No data.

CWE

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:deltaww:tpeditor:*:*:*:*:*:*:*:*", "matchCriteriaId": "8ABADF07-A120-43E6-B9DE-B8AB20EDAD86", "versionEndIncluding": "1.94", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Delta Electronics TPEditor, Versions 1.94 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to remotely execute arbitrary code."}, {"lang": "es", "value": "Delta Electronics TPEditor, versiones 1.94 y anteriores. M\u00faltiples vulnerabilidades de desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria pueden ser explotadas mediante el procesamiento de archivos de proyecto especialmente dise\u00f1ados, lo que puede permitir a un atacante ejecutar c\u00f3digo arbitrario remotamente."}], "id": "CVE-2019-13536", "lastModified": "2021-10-28T15:08:59.307", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-09-11T21:15:11.673", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-122"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}