PT-2021-3762 · Delta Electronics · Diascreen

Kimiya

Published

2021-07-27

Updated

2022-06-07

CVE-2021-32965

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Delta Electronics DIAScreen versions prior to 1.1.0

Description The issue is related to type confusion errors in the software for programmable logic controllers DIAScreen. This may allow an attacker to remotely execute arbitrary code by sending specially crafted data to the application. The vulnerability is associated with errors in mixing data types.

Recommendations For versions prior to 1.1.0, update to version 1.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the DIAScreen software to minimize the risk of exploitation. Avoid using the software for parsing XLS files until the issue is resolved.

Fix

Type Confusion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-843

Related Identifiers

BDU:2021-04017

CVE-2021-32965

ZDI-21-1374

ZDI-22-025

ZDI-22-026

ZDI-22-027

Affected Products

Diascreen

PT-2021-3762 · Delta Electronics · Diascreen

CVE-2021-32965

Weakness Enumeration

Related Identifiers

Affected Products

References · 11