Details of VAR-202101-0356

ID

VAR-202101-0356

CVE

CVE-2020-27275

TITLE

Delta Industrial Automation DOPSoft XLS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Trust: 4.9

sources: ZDI: ZDI-21-038 // ZDI: ZDI-21-037 // ZDI: ZDI-21-036 // ZDI: ZDI-21-035 // ZDI: ZDI-21-034 // ZDI: ZDI-21-032 // ZDI: ZDI-21-029

DESCRIPTION

Delta Electronics DOPSoft Version 4.0.8.21 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code. Delta Electronics Provides HMI Related product DOPSoft and CNCSoft ScreenEditor The following multiple vulnerabilities exist in. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DPA files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. DOPSoft is a human-machine interface (HMI) programming software launched by Delta Electronics

Trust: 7.2

sources: NVD: CVE-2020-27275 // JVNDB: JVNDB-2021-001001 // ZDI: ZDI-21-038 // ZDI: ZDI-21-037 // ZDI: ZDI-21-036 // ZDI: ZDI-21-035 // ZDI: ZDI-21-034 // ZDI: ZDI-21-032 // ZDI: ZDI-21-029 // ZDI: ZDI-21-028 // CNVD: CNVD-2021-04430

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-04430

AFFECTED PRODUCTS

vendor:	delta industrial automation	model:	dopsoft	scope:	-	version:	-	Trust: 5.6
vendor:	deltaww	model:	dopsoft	scope:	lte	version:	4.0.8.21	Trust: 1.0
vendor:	delta	model:	cncsoft screeneditor	scope:	eq	version:	version 1.01.26	Trust: 0.8
vendor:	delta	model:	dopsoft	scope:	eq	version:	version 4.0.8.21	Trust: 0.8
vendor:	delta	model:	electronics dopsoft	scope:	lte	version:	<=4.0.8.21	Trust: 0.6

sources: ZDI: ZDI-21-038 // ZDI: ZDI-21-037 // ZDI: ZDI-21-036 // ZDI: ZDI-21-035 // ZDI: ZDI-21-034 // ZDI: ZDI-21-032 // ZDI: ZDI-21-029 // ZDI: ZDI-21-028 // CNVD: CNVD-2021-04430 // JVNDB: JVNDB-2021-001001 // NVD: CVE-2020-27275

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2020-27275
value:	HIGH
Trust: 5.6
IPA:	JVNDB-2021-001001
value:	HIGH
Trust: 2.4
nvd@nist.gov:	CVE-2020-27275
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2021-04430
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202101-255
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-27275
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2021-04430
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

ZDI:	CVE-2020-27275
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 5.6
IPA score:	JVNDB-2021-001001
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 2.4
nvd@nist.gov:	CVE-2020-27275
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.8
problemtype:	CWE-121	Trust: 0.8
problemtype:	CWE-822	Trust: 0.8

sources: JVNDB: JVNDB-2021-001001 // NVD: CVE-2020-27275

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202101-255

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202101-255

CONFIGURATIONS

sources: JVNDB: JVNDB-2021-001001

PATCH

title:	-	url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-005-05	Trust: 5.6
title:	CNCSoft - Delta \| Download Center	url:	https://downloadcenter.deltaww.com/en-US/DownloadCenter?v=1&CID=06&itemID=060202&dataType=8	Trust: 0.8
title:	DOPSoft - Delta \| Download Center	url:	https://downloadcenter.deltaww.com/en-US/DownloadCenter?v=1&CID=06&itemID=060302&dataType=8&q=DOPSoft	Trust: 0.8
title:	Patch for DOPSoft out-of-bounds write vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/244816	Trust: 0.6
title:	Delta Electronics Industrial Automation DOPSoft Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138909	Trust: 0.6

EXTERNAL IDS

db:	NVD	id:	CVE-2020-27275	Trust: 8.6
db:	ICS CERT	id:	ICSA-21-005-05	Trust: 3.0
db:	ZDI	id:	ZDI-21-038	Trust: 2.3
db:	ZDI	id:	ZDI-21-037	Trust: 2.3
db:	ZDI	id:	ZDI-21-036	Trust: 2.3
db:	ZDI	id:	ZDI-21-035	Trust: 2.3
db:	ZDI	id:	ZDI-21-034	Trust: 2.3
db:	ZDI	id:	ZDI-21-032	Trust: 2.3
db:	ZDI	id:	ZDI-21-029	Trust: 2.3
db:	ZDI	id:	ZDI-21-028	Trust: 2.3
db:	ICS CERT	id:	ICSA-21-005-06	Trust: 0.8
db:	JVN	id:	JVNVU91044574	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-001001	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-11662	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-11660	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-11666	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-11658	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-11664	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-11661	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-11645	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-11644	Trust: 0.7
db:	CNVD	id:	CNVD-2021-04430	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0045	Trust: 0.6
db:	CNNVD	id:	CNNVD-202101-255	Trust: 0.6

REFERENCES

url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-005-05	Trust: 9.2
url:	https://www.zerodayinitiative.com/advisories/zdi-21-028/	Trust: 1.6
url:	https://www.zerodayinitiative.com/advisories/zdi-21-038/	Trust: 1.6
url:	https://www.zerodayinitiative.com/advisories/zdi-21-029/	Trust: 1.6
url:	https://www.zerodayinitiative.com/advisories/zdi-21-035/	Trust: 1.6
url:	https://www.zerodayinitiative.com/advisories/zdi-21-034/	Trust: 1.6
url:	https://www.zerodayinitiative.com/advisories/zdi-21-037/	Trust: 1.6
url:	https://www.zerodayinitiative.com/advisories/zdi-21-036/	Trust: 1.6
url:	https://www.zerodayinitiative.com/advisories/zdi-21-032/	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27275	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27277	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27281	Trust: 0.8
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-005-06	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu91044574	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2021.0045/	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-27275	Trust: 0.6

CREDITS

kimiya

Trust: 5.6

sources: ZDI: ZDI-21-038 // ZDI: ZDI-21-037 // ZDI: ZDI-21-036 // ZDI: ZDI-21-035 // ZDI: ZDI-21-034 // ZDI: ZDI-21-032 // ZDI: ZDI-21-029 // ZDI: ZDI-21-028

SOURCES

db:	ZDI	id:	ZDI-21-038
db:	ZDI	id:	ZDI-21-037
db:	ZDI	id:	ZDI-21-036
db:	ZDI	id:	ZDI-21-035
db:	ZDI	id:	ZDI-21-034
db:	ZDI	id:	ZDI-21-032
db:	ZDI	id:	ZDI-21-029
db:	ZDI	id:	ZDI-21-028
db:	CNVD	id:	CNVD-2021-04430
db:	JVNDB	id:	JVNDB-2021-001001
db:	CNNVD	id:	CNNVD-202101-255
db:	NVD	id:	CVE-2020-27275

LAST UPDATE DATE

2024-11-23T21:51:06.283000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-21-038	date:	2021-01-14T00:00:00
db:	ZDI	id:	ZDI-21-037	date:	2021-01-14T00:00:00
db:	ZDI	id:	ZDI-21-036	date:	2021-01-14T00:00:00
db:	ZDI	id:	ZDI-21-035	date:	2021-01-14T00:00:00
db:	ZDI	id:	ZDI-21-034	date:	2021-01-14T00:00:00
db:	ZDI	id:	ZDI-21-032	date:	2021-01-14T00:00:00
db:	ZDI	id:	ZDI-21-029	date:	2021-01-14T00:00:00
db:	ZDI	id:	ZDI-21-028	date:	2021-01-14T00:00:00
db:	CNVD	id:	CNVD-2021-04430	date:	2021-01-20T00:00:00
db:	JVNDB	id:	JVNDB-2021-001001	date:	2021-01-07T07:38:37
db:	CNNVD	id:	CNNVD-202101-255	date:	2021-01-20T00:00:00
db:	NVD	id:	CVE-2020-27275	date:	2024-11-21T05:20:58.840

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-21-038	date:	2021-01-14T00:00:00
db:	ZDI	id:	ZDI-21-037	date:	2021-01-14T00:00:00
db:	ZDI	id:	ZDI-21-036	date:	2021-01-14T00:00:00
db:	ZDI	id:	ZDI-21-035	date:	2021-01-14T00:00:00
db:	ZDI	id:	ZDI-21-034	date:	2021-01-14T00:00:00
db:	ZDI	id:	ZDI-21-032	date:	2021-01-14T00:00:00
db:	ZDI	id:	ZDI-21-029	date:	2021-01-14T00:00:00
db:	ZDI	id:	ZDI-21-028	date:	2021-01-14T00:00:00
db:	CNVD	id:	CNVD-2021-04430	date:	2021-01-20T00:00:00
db:	JVNDB	id:	JVNDB-2021-001001	date:	2021-01-07T07:38:37
db:	CNNVD	id:	CNNVD-202101-255	date:	2021-01-05T00:00:00
db:	NVD	id:	CVE-2020-27275	date:	2021-01-11T16:15:15.147