ID

VAR-202407-0233


CVE

CVE-2024-39880


TITLE

Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Trust: 9.8

sources: ZDI: ZDI-24-944 // ZDI: ZDI-24-943 // ZDI: ZDI-24-940 // ZDI: ZDI-24-937 // ZDI: ZDI-24-936 // ZDI: ZDI-24-935 // ZDI: ZDI-24-939 // ZDI: ZDI-24-938 // ZDI: ZDI-24-934 // ZDI: ZDI-24-933 // ZDI: ZDI-24-931 // ZDI: ZDI-24-930 // ZDI: ZDI-24-929 // ZDI: ZDI-24-925

DESCRIPTION

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. Delta Electronics CNCSoft-G2 is a human-machine interface (HMI) software from Delta Electronics, a Chinese company

Trust: 12.78

sources: NVD: CVE-2024-39880 // ZDI: ZDI-24-943 // ZDI: ZDI-24-918 // ZDI: ZDI-24-919 // ZDI: ZDI-24-922 // ZDI: ZDI-24-924 // ZDI: ZDI-24-925 // ZDI: ZDI-24-929 // ZDI: ZDI-24-930 // ZDI: ZDI-24-944 // ZDI: ZDI-24-933 // ZDI: ZDI-24-934 // ZDI: ZDI-24-938 // ZDI: ZDI-24-939 // ZDI: ZDI-24-935 // ZDI: ZDI-24-936 // ZDI: ZDI-24-937 // ZDI: ZDI-24-940 // ZDI: ZDI-24-931 // CNVD: CNVD-2024-32986

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-32986

AFFECTED PRODUCTS

vendor:deltamodel:cncsoft-g2scope: - version: -

Trust: 12.6

vendor:deltawwmodel:cncsoft-g2scope:eqversion:2.0.0.5

Trust: 1.0

vendor:deltamodel:electronics cncsoft-g2scope:eqversion:2.0.0.5

Trust: 0.6

sources: ZDI: ZDI-24-944 // ZDI: ZDI-24-943 // ZDI: ZDI-24-940 // ZDI: ZDI-24-937 // ZDI: ZDI-24-936 // ZDI: ZDI-24-935 // ZDI: ZDI-24-939 // ZDI: ZDI-24-938 // ZDI: ZDI-24-934 // ZDI: ZDI-24-933 // ZDI: ZDI-24-931 // ZDI: ZDI-24-930 // ZDI: ZDI-24-929 // ZDI: ZDI-24-925 // ZDI: ZDI-24-924 // ZDI: ZDI-24-922 // ZDI: ZDI-24-919 // ZDI: ZDI-24-918 // CNVD: CNVD-2024-32986 // NVD: CVE-2024-39880

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2024-39880
value: HIGH

Trust: 12.6

nvd@nist.gov: CVE-2024-39880
value: HIGH

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2024-39880
value: HIGH

Trust: 1.0

CNVD: CNVD-2024-32986
value: HIGH

Trust: 0.6

CNVD: CNVD-2024-32986
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

ZDI: CVE-2024-39880
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 12.6

nvd@nist.gov: CVE-2024-39880
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2024-39880
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: ZDI: ZDI-24-944 // ZDI: ZDI-24-943 // ZDI: ZDI-24-940 // ZDI: ZDI-24-937 // ZDI: ZDI-24-936 // ZDI: ZDI-24-935 // ZDI: ZDI-24-939 // ZDI: ZDI-24-938 // ZDI: ZDI-24-934 // ZDI: ZDI-24-933 // ZDI: ZDI-24-931 // ZDI: ZDI-24-930 // ZDI: ZDI-24-929 // ZDI: ZDI-24-925 // ZDI: ZDI-24-924 // ZDI: ZDI-24-922 // ZDI: ZDI-24-919 // ZDI: ZDI-24-918 // CNVD: CNVD-2024-32986 // NVD: CVE-2024-39880 // NVD: CVE-2024-39880

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-787

Trust: 1.0

sources: NVD: CVE-2024-39880

PATCH

title:Delta Electronics has issued an update to correct this vulnerability.url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-01

Trust: 12.6

title:Patch for Delta Electronics CNCSoft-G2 Buffer Overflow Vulnerability (CNVD-2024-32986)url:https://www.cnvd.org.cn/patchInfo/show/571021

Trust: 0.6

sources: ZDI: ZDI-24-944 // ZDI: ZDI-24-943 // ZDI: ZDI-24-940 // ZDI: ZDI-24-937 // ZDI: ZDI-24-936 // ZDI: ZDI-24-935 // ZDI: ZDI-24-939 // ZDI: ZDI-24-938 // ZDI: ZDI-24-934 // ZDI: ZDI-24-933 // ZDI: ZDI-24-931 // ZDI: ZDI-24-930 // ZDI: ZDI-24-929 // ZDI: ZDI-24-925 // ZDI: ZDI-24-924 // ZDI: ZDI-24-922 // ZDI: ZDI-24-919 // ZDI: ZDI-24-918 // CNVD: CNVD-2024-32986

EXTERNAL IDS

db:NVDid:CVE-2024-39880

Trust: 14.2

db:ICS CERTid:ICSA-24-191-01

Trust: 1.6

db:ZDI_CANid:ZDI-CAN-23916

Trust: 0.7

db:ZDIid:ZDI-24-944

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-23915

Trust: 0.7

db:ZDIid:ZDI-24-943

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-23841

Trust: 0.7

db:ZDIid:ZDI-24-940

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-23811

Trust: 0.7

db:ZDIid:ZDI-24-937

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-23809

Trust: 0.7

db:ZDIid:ZDI-24-936

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-23807

Trust: 0.7

db:ZDIid:ZDI-24-935

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-23832

Trust: 0.7

db:ZDIid:ZDI-24-939

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-23831

Trust: 0.7

db:ZDIid:ZDI-24-938

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-23770

Trust: 0.7

db:ZDIid:ZDI-24-934

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-23769

Trust: 0.7

db:ZDIid:ZDI-24-933

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-23766

Trust: 0.7

db:ZDIid:ZDI-24-931

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-23765

Trust: 0.7

db:ZDIid:ZDI-24-930

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-23764

Trust: 0.7

db:ZDIid:ZDI-24-929

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-23580

Trust: 0.7

db:ZDIid:ZDI-24-925

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-23579

Trust: 0.7

db:ZDIid:ZDI-24-924

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-23577

Trust: 0.7

db:ZDIid:ZDI-24-922

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-23574

Trust: 0.7

db:ZDIid:ZDI-24-919

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-23573

Trust: 0.7

db:ZDIid:ZDI-24-918

Trust: 0.7

db:CNVDid:CNVD-2024-32986

Trust: 0.6

sources: ZDI: ZDI-24-944 // ZDI: ZDI-24-943 // ZDI: ZDI-24-940 // ZDI: ZDI-24-937 // ZDI: ZDI-24-936 // ZDI: ZDI-24-935 // ZDI: ZDI-24-939 // ZDI: ZDI-24-938 // ZDI: ZDI-24-934 // ZDI: ZDI-24-933 // ZDI: ZDI-24-931 // ZDI: ZDI-24-930 // ZDI: ZDI-24-929 // ZDI: ZDI-24-925 // ZDI: ZDI-24-924 // ZDI: ZDI-24-922 // ZDI: ZDI-24-919 // ZDI: ZDI-24-918 // CNVD: CNVD-2024-32986 // NVD: CVE-2024-39880

REFERENCES

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-01

Trust: 14.2

sources: ZDI: ZDI-24-944 // ZDI: ZDI-24-943 // ZDI: ZDI-24-940 // ZDI: ZDI-24-937 // ZDI: ZDI-24-936 // ZDI: ZDI-24-935 // ZDI: ZDI-24-939 // ZDI: ZDI-24-938 // ZDI: ZDI-24-934 // ZDI: ZDI-24-933 // ZDI: ZDI-24-931 // ZDI: ZDI-24-930 // ZDI: ZDI-24-929 // ZDI: ZDI-24-925 // ZDI: ZDI-24-924 // ZDI: ZDI-24-922 // ZDI: ZDI-24-919 // ZDI: ZDI-24-918 // CNVD: CNVD-2024-32986 // NVD: CVE-2024-39880

CREDITS

Natnael Samson (@NattiSamson)

Trust: 10.5

sources: ZDI: ZDI-24-937 // ZDI: ZDI-24-936 // ZDI: ZDI-24-935 // ZDI: ZDI-24-939 // ZDI: ZDI-24-938 // ZDI: ZDI-24-934 // ZDI: ZDI-24-933 // ZDI: ZDI-24-931 // ZDI: ZDI-24-930 // ZDI: ZDI-24-929 // ZDI: ZDI-24-925 // ZDI: ZDI-24-924 // ZDI: ZDI-24-922 // ZDI: ZDI-24-919 // ZDI: ZDI-24-918

SOURCES

db:ZDIid:ZDI-24-944
db:ZDIid:ZDI-24-943
db:ZDIid:ZDI-24-940
db:ZDIid:ZDI-24-937
db:ZDIid:ZDI-24-936
db:ZDIid:ZDI-24-935
db:ZDIid:ZDI-24-939
db:ZDIid:ZDI-24-938
db:ZDIid:ZDI-24-934
db:ZDIid:ZDI-24-933
db:ZDIid:ZDI-24-931
db:ZDIid:ZDI-24-930
db:ZDIid:ZDI-24-929
db:ZDIid:ZDI-24-925
db:ZDIid:ZDI-24-924
db:ZDIid:ZDI-24-922
db:ZDIid:ZDI-24-919
db:ZDIid:ZDI-24-918
db:CNVDid:CNVD-2024-32986
db:NVDid:CVE-2024-39880

LAST UPDATE DATE

2024-10-16T23:03:50.509000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-24-944date:2024-08-15T00:00:00
db:ZDIid:ZDI-24-943date:2024-08-15T00:00:00
db:ZDIid:ZDI-24-940date:2024-08-15T00:00:00
db:ZDIid:ZDI-24-937date:2024-08-15T00:00:00
db:ZDIid:ZDI-24-936date:2024-08-15T00:00:00
db:ZDIid:ZDI-24-935date:2024-08-15T00:00:00
db:ZDIid:ZDI-24-939date:2024-08-15T00:00:00
db:ZDIid:ZDI-24-938date:2024-08-15T00:00:00
db:ZDIid:ZDI-24-934date:2024-08-15T00:00:00
db:ZDIid:ZDI-24-933date:2024-08-15T00:00:00
db:ZDIid:ZDI-24-931date:2024-08-15T00:00:00
db:ZDIid:ZDI-24-930date:2024-08-15T00:00:00
db:ZDIid:ZDI-24-929date:2024-08-15T00:00:00
db:ZDIid:ZDI-24-925date:2024-08-15T00:00:00
db:ZDIid:ZDI-24-924date:2024-08-15T00:00:00
db:ZDIid:ZDI-24-922date:2024-08-15T00:00:00
db:ZDIid:ZDI-24-919date:2024-08-15T00:00:00
db:ZDIid:ZDI-24-918date:2024-08-15T00:00:00
db:CNVDid:CNVD-2024-32986date:2024-07-17T00:00:00
db:NVDid:CVE-2024-39880date:2024-08-29T17:38:18.727

SOURCES RELEASE DATE

db:ZDIid:ZDI-24-944date:2024-07-22T00:00:00
db:ZDIid:ZDI-24-943date:2024-07-22T00:00:00
db:ZDIid:ZDI-24-940date:2024-07-22T00:00:00
db:ZDIid:ZDI-24-937date:2024-07-22T00:00:00
db:ZDIid:ZDI-24-936date:2024-07-22T00:00:00
db:ZDIid:ZDI-24-935date:2024-07-22T00:00:00
db:ZDIid:ZDI-24-939date:2024-07-22T00:00:00
db:ZDIid:ZDI-24-938date:2024-07-22T00:00:00
db:ZDIid:ZDI-24-934date:2024-07-22T00:00:00
db:ZDIid:ZDI-24-933date:2024-07-22T00:00:00
db:ZDIid:ZDI-24-931date:2024-07-22T00:00:00
db:ZDIid:ZDI-24-930date:2024-07-22T00:00:00
db:ZDIid:ZDI-24-929date:2024-07-22T00:00:00
db:ZDIid:ZDI-24-925date:2024-07-22T00:00:00
db:ZDIid:ZDI-24-924date:2024-07-22T00:00:00
db:ZDIid:ZDI-24-922date:2024-07-22T00:00:00
db:ZDIid:ZDI-24-919date:2024-07-22T00:00:00
db:ZDIid:ZDI-24-918date:2024-07-22T00:00:00
db:CNVDid:CNVD-2024-32986date:2024-07-17T00:00:00
db:NVDid:CVE-2024-39880date:2024-07-09T22:15:02.740