PT-2021-11359 · Delta Electronics · Dopsoft

Kimiya

Published

2021-01-11

Updated

2021-03-09

CVE-2020-27275

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Delta Electronics DOPSoft versions 4.0.8.21 and prior

Description: The issue is related to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code.

Recommendations: For versions 4.0.8.21 and prior, consider restricting access to project file processing until a patch is available. As a temporary workaround, avoid using the vulnerable project file processing functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2020-27275

ZDI-21-028

ZDI-21-029

ZDI-21-032

ZDI-21-034

ZDI-21-035

ZDI-21-036

ZDI-21-037

ZDI-21-038

Affected Products

Dopsoft

PT-2021-11359 · Delta Electronics · Dopsoft

CVE-2020-27275

Weakness Enumeration

Related Identifiers

Affected Products

References · 12