Nattisamson

**Name of the Vulnerable Software and Affected Versions** Delta Electronics DIAScreen (affected versions not specified) **Description** A crafted DPA file could force Delta Electronics DIAScreen to overflow a stack-based buffer, which could allow an attacker to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Delta Electronics CNCSoft-B versions 1.0.0.4 and prior **Description** The issue is caused by a stack-based buffer overflow in the CNCSoft-B software, which may allow an attacker to execute arbitrary code. This can be exploited by remote attackers, potentially requiring user interaction, such as visiting a specific link. The vulnerability may allow for remote code execution on affected installations. **Recommendations** For Delta Electronics CNCSoft-B versions 1.0.0.4 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CNCSoft-B version 1.0.0.4 DOPSoft versions 4.0.0.82 and prior **Description** The issue is caused by a stack-based buffer overflow in Delta Electronics' CNCSoft-B and DOPSoft, which could allow an attacker to execute arbitrary code. This overflow occurs during the parsing of DPA files. **Recommendations** For CNCSoft-B version 1.0.0.4, update to a version that fixes the stack-based buffer overflow issue. For DOPSoft versions 4.0.0.82 and prior, update to a version that fixes the stack-based buffer overflow issue. As a temporary workaround, consider restricting access to the DPA file parsing functionality until a patch is available.

**Name of the Vulnerable Software and Affected Versions** CNCSoft-B DOPSoft versions 1.0.0.4 and prior **Description** The issue is related to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code. **Recommendations** For versions 1.0.0.4 and prior, update to a version that fixes the stack-based buffer overflow issue. As a temporary workaround, consider restricting access to the DOPSoft application to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Delta Electronics DIAScreen versions 1.2.1.23 and prior **Description** The issue is related to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. This is a result of a buffer overflow vulnerability in the DIAScreen development environment for industrial control system management. **Recommendations** For Delta Electronics DIAScreen versions 1.2.1.23 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Delta Electronics DIAScreen versions 1.2.1.23 and prior **Description** The issue is related to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code. This is a result of a vulnerability in the development environment for industrial equipment control systems, specifically in the DIAScreen software. **Recommendations** For Delta Electronics DIAScreen versions 1.2.1.23 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Delta Electronics DIAScreen versions 1.2.1.23 and prior **Description** The issue is related to a buffer overflow in memory due to improper restrictions of operations. This could allow an attacker to remotely execute arbitrary code. **Recommendations** For Delta Electronics DIAScreen versions 1.2.1.23 and prior, consider restricting access to the system until a patch is available to prevent potential exploitation. As a temporary workaround, consider disabling any functionality that may trigger the buffer overflow until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DOPSoft versions all **Description** The issue is an Out-of-bounds Read vulnerability in Delta Electronics DOPSoft. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior **Description** The issue is related to a heap-based buffer overflow that could allow an attacker to execute arbitrary code. This occurs when processing DPA files, potentially enabling an attacker to execute arbitrary code by opening a specially crafted malicious file or webpage. **Recommendations** For versions 1.0.0.4 and prior, consider restricting the processing of DPA files until a patch is available. As a temporary workaround, avoid opening specially crafted files or accessing potentially malicious web pages that could exploit this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: WECON LeviStudioU versions 2019-09-21 and prior Description: The issue concerns multiple stack-based buffer overflow instances while parsing project files, which may allow an attacker to execute arbitrary code. This occurs in various tags, including Alarm, XY, BaseSet, Trend, and HmiSet, where parameters such as `WordAddr`, `CurScrIdAddr`, `HMINAME`, `Style`, `bitaddr`, `ScrIdWordAddr`, `PowerEnterTime`, and `EnterTime` are vulnerable to buffer overflow attacks. Recommendations: For WECON LeviStudioU versions 2019-09-21 and prior, as a temporary workaround, consider disabling the parsing of project files until a patch is available. Restrict access to the UMP file parsing functionality to minimize the risk of exploitation. Avoid using vulnerable tags and parameters, such as `WordAddr`, `CurScrIdAddr`, `HMINAME`, `Style`, `bitaddr`, `ScrIdWordAddr`, `PowerEnterTime`, and `EnterTime`, in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wecon PLC Editor versions 1.3.8 and prior **Description** The issue is related to an out-of-bounds write in memory while processing project files, which may allow an attacker to execute arbitrary code. This can be exploited by an attacker to gain unauthorized access and control. **Recommendations** For Wecon PLC Editor versions 1.3.8 and prior, as a temporary workaround, consider restricting access to project files until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wecon PLC Editor versions 1.3.8 and prior **Description** The issue is related to a stack-based buffer overflow that occurs while processing project files, potentially allowing an attacker to execute arbitrary code. This is a result of the software's inability to properly handle certain file types, leading to a buffer overflow in the stack. The exploitation of this issue may enable an attacker to run arbitrary code, posing a significant security risk. **Recommendations** For Wecon PLC Editor versions 1.3.8 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Advantech WebAccess versions 9.02 and prior **Description** The issue is a heap-based buffer overflow that may allow an attacker to remotely execute code. **Recommendations** For Advantech WebAccess versions 9.02 and prior, update to a version later than 9.02 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** FATEK Automation WinProladder versions 3.30 and prior **Description** The issue is related to improper validation of user-supplied data when parsing project files, which could result in an unexpected sign extension. This could allow a remote attacker to execute arbitrary code by having a user open a specially crafted malicious file. **Recommendations** For versions 3.30 and prior, update to a version that properly validates user-supplied data to prevent unexpected sign extension and arbitrary code execution. As a temporary workaround, consider restricting the opening of project files from untrusted sources to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** FATEK Automation WinProladder versions 3.30 and prior **Description** The issue is related to an out-of-bounds read, which may allow an attacker to read unauthorized information. **Recommendations** For versions 3.30 and prior, update to a version later than 3.30 to resolve the issue. As a temporary workaround, consider restricting access to sensitive information until a patch is available.

**Name of the Vulnerable Software and Affected Versions** FATEK Automation WinProladder versions 3.30 and prior **Description** The issue is related to a stack-based buffer overflow in the FATEK Automation WinProladder software. This occurs due to improper validation of user-supplied data when parsing project files. An attacker could exploit this to execute arbitrary code, potentially by tricking a user into opening a specially crafted malicious file. **Recommendations** For versions 3.30 and prior, ensure proper validation of user-supplied data when parsing project files to prevent a stack-based buffer overflow. As a temporary workaround, consider restricting the opening of project files from untrusted sources until a patch is available.

**Name of the Vulnerable Software and Affected Versions** FATEK Automation WinProladder versions 3.30 and prior **Description** The issue is related to the lack of proper validation of user-supplied data when parsing project files, which could result in a memory-corruption condition. This could allow an attacker to execute arbitrary code in the context of the current process. The vulnerability is also described as a buffer overflow condition during the syntactic analysis of project files, which could be exploited by a remote attacker using a specially crafted file. **Recommendations** For FATEK Automation WinProladder versions 3.30 and prior, update to a version that includes proper validation of user-supplied data when parsing project files to prevent memory-corruption conditions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FATEK Automation WinProladder versions 3.30 and prior **Description** The issue is related to a use after free vulnerability when parsing project files, which may allow arbitrary code execution if a valid user opens a malformed project file. This could potentially enable an attacker to execute arbitrary code. **Recommendations** For versions 3.30 and prior, avoid opening malformed project files until a patch is available. As a temporary workaround, consider restricting access to project file parsing functionality until a fix is released. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FATEK Automation WinProladder versions 3.30 and prior **Description** The issue is related to the lack of proper validation of user-supplied data when parsing project files, which could result in a heap-corruption condition or buffer overflow. This could allow an attacker to execute code in the context of the current process by leveraging the vulnerability with a specially crafted file. **Recommendations** For versions 3.30 and prior, consider disabling the project file parsing functionality until a patch is available to prevent potential code execution. Restrict access to the WinProladder software to minimize the risk of exploitation. Avoid using the software to parse untrusted project files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Advantech WebAccess versions 9.02 and prior **Description** The issue is caused by a stack-based buffer overflow vulnerability due to a lack of proper validation of the length of user-supplied data. This may allow a remote attacker to execute arbitrary code. **Recommendations** For Advantech WebAccess versions 9.02 and prior, update to a version that includes a fix for the stack-based buffer overflow vulnerability to prevent remote code execution. As a temporary workaround, consider restricting access to the affected software to minimize the risk of exploitation.