CVE-2023-25177 - OpenCVE

Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to stack-based buffer overflow, which could allow an attacker to execute arbitrary code.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Deltaww	Cncsoft-b

Configuration 1 [-]

cpe:2.3:a:deltaww:cncsoft-b:*:*:*:*:*:*:*:*

References

Link	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-157-01	Patch Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2023-06-07T20:51:51.041Z

Updated: 2023-06-07T20:51:51.041Z

Reserved: 2023-02-08T21:31:13.048Z

Link: CVE-2023-25177

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-06-07T21:15:13.193

Modified: 2023-06-14T14:01:14.447

Link: CVE-2023-25177

JSON object: View

Redhat Information

No data.

CWE

CWE-121

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-25177", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2023-02-08T21:31:13.048Z", "datePublished": "2023-06-07T20:51:51.041Z", "dateUpdated": "2023-06-07T20:51:51.041Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "CNCSoft-B DOPSoft", "vendor": "Delta Electronics", "versions": [{"lessThan": "4.0.0.82", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Natnael Samson, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\nDelta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are \nvulnerable to stack-based buffer overflow, which could allow an attacker\n to execute arbitrary code.\n\n"}], "value": "\nDelta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are \nvulnerable to stack-based buffer overflow, which could allow an attacker\n to execute arbitrary code.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "CWE-121 Stack-based buffer overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-06-07T20:51:51.041Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-157-01"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n<p>Delta Electronics has released the following mitigations:  </p>\n<ul><li>Update to <a target=\"_blank\" rel=\"nofollow\" href=\"https://downloadcenter.deltaww.com/en-US/DownloadCenter?v=1&q=cncsoft&sort_expr=cdate&sort_dir=DESC\">CNCSoft-B (v1.0.0.4) DOPSoft v4.0.0.82</a> or later.\n\n</li></ul>"}], "value": "Delta Electronics has released the following mitigations: \u00a0\n\n\n * Update to CNCSoft-B (v1.0.0.4) DOPSoft v4.0.0.82 https://downloadcenter.deltaww.com/en-US/DownloadCenter or later.\n\n\n\n\n"}], "source": {"discovery": "EXTERNAL"}, "title": "Delta Electronics CNCSoft-B DOPSoft Stack-based buffer overflow", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}