Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-38404

Summary
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At-17 Sep, 2021 | 18:54
Updated At-23 Apr, 2025 | 19:27
Rejected At-
Credits

Delta Electronics DOPSoft 2 Heap-based Buffer Overflow

Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:icscert
Assigner Org ID:7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At:17 Sep, 2021 | 18:54
Updated At:23 Apr, 2025 | 19:27
Rejected At:
▼CVE Numbering Authority (CNA)
Delta Electronics DOPSoft 2 Heap-based Buffer Overflow

Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process.

Affected Products
Vendor
Delta Electronics, Inc.Delta Electronics
Product
DOPSoft 2
Versions
Affected
  • From unspecified through 2.00.07 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-122CWE-122 Heap-based Buffer Overflow
Type: CWE
CWE ID: CWE-122
Description: CWE-122 Heap-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

DOPSoft 2 will not receive an update to mitigate these vulnerabilities because it is an end-of-life product. Delta Electronics recommends users to switch to the replacement software when available

Configurations
Workarounds
Exploits
Credits
kimiya, working with Trend Micro’s Zero Day Initiative
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://us-cert.cisa.gov/ics/advisories/icsa-21-252-02
x_refsource_MISC
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsa-21-252-02
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://us-cert.cisa.gov/ics/advisories/icsa-21-252-02
x_refsource_MISC
x_transferred
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsa-21-252-02
Resource:
x_refsource_MISC
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ics-cert@hq.dhs.gov
Published At:17 Sep, 2021 | 19:15
Updated At:04 Oct, 2021 | 18:12

Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
Delta Electronics, Inc.
deltaww
>>dopsoft>>Versions from 2.00(inclusive) to 2.00.07(inclusive)
cpe:2.3:a:deltaww:dopsoft:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-122Primaryics-cert@hq.dhs.gov
CWE ID: CWE-122
Type: Primary
Source: ics-cert@hq.dhs.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://us-cert.cisa.gov/ics/advisories/icsa-21-252-02ics-cert@hq.dhs.gov
Third Party Advisory
US Government Resource
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsa-21-252-02
Source: ics-cert@hq.dhs.gov
Resource:
Third Party Advisory
US Government Resource

Change History

0
Information is not available yet

Similar CVEs

0Records found
CVE-2018-7507
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.8||HIGH
EPSS-1.11% / 77.28%
||
7 Day CHG~0.00%
Published-04 May, 2018 | 19:00
Updated-16 Sep, 2024 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length heap buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash.

Action-Not Available
Vendor-ICS-CERTDelta Electronics, Inc.
Product-wplsoftDelta Electronics WPLSoft
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-33007
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.51% / 65.49%
||
7 Day CHG~0.00%
Published-30 Aug, 2021 | 16:29
Updated-03 Aug, 2024 | 23:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow in Delta Electronics TPEditor: v1.98.06 and prior may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code.

Action-Not Available
Vendor-n/aDelta Electronics, Inc.
Product-tpeditorDelta Electronics TPEditor
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-22880
Matching Score-10
Assigner-Delta Electronics, Inc.
ShareView Details
Matching Score-10
Assigner-Delta Electronics, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 4.89%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 07:26
Updated-11 Jul, 2025 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in CNCSoft-G2

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-cncsoft-g2CNCSoft-G2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-22881
Matching Score-10
Assigner-Delta Electronics, Inc.
ShareView Details
Matching Score-10
Assigner-Delta Electronics, Inc.
CVSS Score-8.4||HIGH
EPSS-0.02% / 3.93%
||
7 Day CHG~0.00%
Published-26 Feb, 2025 | 01:44
Updated-11 Jul, 2025 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in CNCSoft-G2

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-cncsoft-g2CNCSoft-G2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-47964
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.4||HIGH
EPSS-0.04% / 10.64%
||
7 Day CHG~0.00%
Published-10 Oct, 2024 | 17:16
Updated-17 Oct, 2024 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow vulnerability in Delta Electronics CNCSoft-G2

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-cncsoft-g2CNCSoft-G2cncsoft-g2
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-16223
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.66% / 70.27%
||
7 Day CHG~0.00%
Published-06 Aug, 2020 | 23:11
Updated-04 Aug, 2024 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Delta Electronics TPEditor Versions 1.97 and prior. A heap-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.

Action-Not Available
Vendor-n/aDelta Electronics, Inc.
Product-tpeditorDelta Electronics TPEditor
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-14482
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.52% / 65.69%
||
7 Day CHG~0.00%
Published-30 Jun, 2020 | 17:43
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Opening a specially crafted project file may overflow the heap, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.

Action-Not Available
Vendor-n/aDelta Electronics, Inc.
Product-dopsoftDelta Industrial Automation DOPSoft
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-24014
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.05% / 13.52%
||
7 Day CHG~0.00%
Published-07 Jun, 2023 | 20:50
Updated-06 Jan, 2025 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Delta Electronics CNCSoft-B DOPSoft Heap-based buffer overflow

Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to heap-based buffer overflow, which could allow an attacker to execute arbitrary code.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-cncsoft-bCNCSoft-B DOPSoft
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-13536
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.50% / 65.09%
||
7 Day CHG~0.00%
Published-11 Sep, 2019 | 20:49
Updated-04 Aug, 2024 | 23:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Delta Electronics TPEditor, Versions 1.94 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to remotely execute arbitrary code.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-tpeditorTPEditor
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-10982
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.93% / 75.09%
||
7 Day CHG~0.00%
Published-24 Jul, 2019 | 14:51
Updated-04 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. There is a lack of user input validation before copying data from project files onto the heap.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-cnssoft_screeneditorCNCSoft ScreenEditor
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-10951
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.92% / 74.99%
||
7 Day CHG~0.00%
Published-17 Apr, 2019 | 14:04
Updated-04 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. There is a lack of user input validation before copying data from project files onto the heap.

Action-Not Available
Vendor-n/aDelta Electronics, Inc.
Product-cncsoft_screeneditorDelta Industrial Automation CNCSoft
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-7494
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.8||HIGH
EPSS-1.11% / 77.28%
||
7 Day CHG~0.00%
Published-04 May, 2018 | 19:00
Updated-16 Sep, 2024 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length stack buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash.

Action-Not Available
Vendor-ICS-CERTDelta Electronics, Inc.
Product-wplsoftDelta Electronics WPLSoft
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-7509
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.8||HIGH
EPSS-1.11% / 77.28%
||
7 Day CHG~0.00%
Published-04 May, 2018 | 19:00
Updated-16 Sep, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WPLSoft in Delta Electronics versions 2.45.0 and prior writes data from a file outside the bounds of the intended buffer space, which could cause memory corruption or may allow remote code execution.

Action-Not Available
Vendor-ICS-CERTDelta Electronics, Inc.
Product-wplsoftDelta Electronics WPLSoft
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-5476
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.39% / 59.17%
||
7 Day CHG~0.00%
Published-15 Mar, 2018 | 23:00
Updated-05 Aug, 2024 | 05:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Stack-based Buffer Overflow issue was discovered in Delta Electronics Delta Industrial Automation DOPSoft, Version 4.00.01 or prior. Stack-based buffer overflow vulnerabilities caused by processing specially crafted .dop or .dpb files may allow an attacker to remotely execute arbitrary code.

Action-Not Available
Vendor-n/aDelta Electronics, Inc.
Product-delta_industrial_automation_dopsoftDelta Electronics Delta Industrial Automation DOPSoft
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-38402
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-1.98% / 82.81%
||
7 Day CHG~0.00%
Published-17 Sep, 2021 | 18:54
Updated-23 Apr, 2025 | 19:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Delta Electronics DOPSoft 2 Stack-Based Buffer Overflow

Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could lead to a stack-based buffer overflow while trying to copy to a buffer during font string handling. An attacker could leverage this vulnerability to execute code in the context of the current process.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-dopsoftDOPSoft 2
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-0251
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.05% / 13.52%
||
7 Day CHG~0.00%
Published-08 Feb, 2023 | 22:47
Updated-07 Nov, 2023 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2023-0251

Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a buffer overflow through improper restrictions of operations within memory, which could allow an attacker to remotely execute arbitrary code.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-diascreenDIAScreen
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-0250
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-1.32% / 79.04%
||
7 Day CHG~0.00%
Published-08 Feb, 2023 | 22:45
Updated-07 Nov, 2023 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2023-0250

Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-diascreenDIAScreen
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-0249
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.05%
||
7 Day CHG~0.00%
Published-08 Feb, 2023 | 22:43
Updated-07 Nov, 2023 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2023-0249

Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to out-of-bounds write, which may allow an attacker to remotely execute arbitrary code.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-diascreenDIAScreen
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-0123
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.77%
||
7 Day CHG~0.00%
Published-02 Feb, 2023 | 22:57
Updated-07 Nov, 2023 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2023-0123

Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-dopsoftDOPSoft
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-0124
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.06%
||
7 Day CHG~0.00%
Published-02 Feb, 2023 | 22:59
Updated-07 Nov, 2023 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2023-0124

Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to an out-of-bounds write, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-dopsoftDOPSoft
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-1941
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.42%
||
7 Day CHG~0.00%
Published-01 Mar, 2024 | 00:17
Updated-22 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Delta Electronics CNCSoft-B Stack-based Buffer Overflow

Delta Electronics CNCSoft-B versions 1.0.0.4 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-CNCSoft-B cncsoft-b
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-1595
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.42%
||
7 Day CHG~0.00%
Published-29 Feb, 2024 | 19:16
Updated-22 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Delta Electronics CNCSoft-B DOPSoft Uncontrolled Search Path Element

Delta Electronics CNCSoft-B DOPSoft prior to v4.0.0.82 insecurely loads libraries, which may allow an attacker to use DLL hijacking and take over the system where the software is installed.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-CNCSoft-B v1.0.0.4 DOPSoftcncsoft-b
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-4634
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-1.04% / 76.48%
||
7 Day CHG~0.00%
Published-02 Feb, 2023 | 22:53
Updated-07 Nov, 2023 | 03:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2022-4634

All versions prior to Delta Electronic’s CNCSoft version 1.01.34 (running ScreenEditor versions 1.01.5 and prior) are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-cncsoftscreeneditorScreenEditorCNCSoft
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-53419
Matching Score-8
Assigner-Delta Electronics, Inc.
ShareView Details
Matching Score-8
Assigner-Delta Electronics, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.55%
||
7 Day CHG~0.00%
Published-26 Aug, 2025 | 07:02
Updated-27 Aug, 2025 | 00:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
COMMGR Code Injection Vulnerability

Delta Electronics COMMGR has Code Injection vulnerability.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-COMMGR
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-12677
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.5||HIGH
EPSS-0.25% / 48.43%
||
7 Day CHG+0.01%
Published-20 Dec, 2024 | 16:44
Updated-24 Dec, 2024 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Delta Electronics DTM Soft Deserialization of Untrusted Data

Delta Electronics DTM Soft deserializes objects, which could allow an attacker to execute arbitrary code.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-DTM Soft
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-53415
Matching Score-8
Assigner-Delta Electronics, Inc.
ShareView Details
Matching Score-8
Assigner-Delta Electronics, Inc.
CVSS Score-7.8||HIGH
EPSS-0.31% / 53.38%
||
7 Day CHG~0.00%
Published-30 Jun, 2025 | 09:09
Updated-01 Jul, 2025 | 08:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Parsing Deserialization of Untrusted Data in DTM Soft

Delta Electronics DTM Soft Project File Parsing Deserialization of Untrusted Data Remote Code Execution

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-DTM Soft
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-53416
Matching Score-8
Assigner-Delta Electronics, Inc.
ShareView Details
Matching Score-8
Assigner-Delta Electronics, Inc.
CVSS Score-7.8||HIGH
EPSS-0.31% / 53.38%
||
7 Day CHG~0.00%
Published-30 Jun, 2025 | 09:14
Updated-15 Jul, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Parsing Deserialization of Untrusted Data in DTN Soft

Delta Electronics DTN Soft Project File Parsing Deserialization of Untrusted Data Remote Code Execution

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-DTN Soft
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2018-17927
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.47% / 63.64%
||
7 Day CHG~0.00%
Published-11 Oct, 2018 | 22:00
Updated-17 Sep, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and prior, multiple out-of-bounds write vulnerabilities may be exploited by processing specially crafted project files lacking user input validation, which may cause the system to write outside the intended buffer area and may allow remote code execution.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-tpeditorDelta Industrial Automation TPEditor
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-5068
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.08%
||
7 Day CHG~0.00%
Published-21 Sep, 2023 | 22:01
Updated-16 Jan, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Delta Electronics DIAScreen Out-of-bounds Write

Delta Electronics DIAScreen may write past the end of an allocated buffer while parsing a specially crafted input file. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-diascreenDIAScreen
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-4124
Matching Score-8
Assigner-759f5e80-c8e1-4224-bead-956d7b33c98b
ShareView Details
Matching Score-8
Assigner-759f5e80-c8e1-4224-bead-956d7b33c98b
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.11%
||
7 Day CHG~0.00%
Published-30 Apr, 2025 | 08:20
Updated-16 May, 2025 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ISPSoft File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-ispsoftISPSoft
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-32965
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.21% / 43.46%
||
7 Day CHG~0.00%
Published-24 May, 2022 | 17:56
Updated-16 Apr, 2025 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Delta Electronics DIAScreen - Type Confusion, Out-of-bounds Write

Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to type confusion, which may allow an attacker to remotely execute arbitrary code.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-diascreenDIAScreen
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2021-33019
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.36% / 57.37%
||
7 Day CHG~0.00%
Published-30 Aug, 2021 | 17:09
Updated-03 Aug, 2024 | 23:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability in Delta Electronics DOPSoft Version 4.00.11 and prior may be exploited by processing a specially crafted project file, which may allow an attacker to execute arbitrary code.

Action-Not Available
Vendor-n/aDelta Electronics, Inc.
Product-dopsoftDelta Electronics DOPSoft
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-14800
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.19% / 41.67%
||
7 Day CHG~0.00%
Published-03 Oct, 2018 | 13:00
Updated-17 Sep, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Delta Electronics ISPSoft version 3.0.5 and prior allow an attacker, by opening a crafted file, to cause the application to read past the boundary allocated to a stack object, which could allow execution of code under the context of the application.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-ispsoftISPSoft
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-4125
Matching Score-8
Assigner-759f5e80-c8e1-4224-bead-956d7b33c98b
ShareView Details
Matching Score-8
Assigner-759f5e80-c8e1-4224-bead-956d7b33c98b
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.11%
||
7 Day CHG~0.00%
Published-30 Apr, 2025 | 08:21
Updated-16 May, 2025 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ISPSoft File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-ispsoftISPSoft
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-4685
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.55%
||
7 Day CHG~0.00%
Published-07 Sep, 2023 | 17:49
Updated-11 Oct, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2023-4685

Delta Electronics' CNCSoft-B version 1.0.0.4 and DOPSoft versions 4.0.0.82 and prior are vulnerable to stack-based buffer overflow, which could allow an attacker to execute arbitrary code.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-cncsoft-bdopsoftCNCSoft-B DOPSoft
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-17929
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.50% / 64.75%
||
7 Day CHG~0.00%
Published-11 Oct, 2018 | 22:00
Updated-17 Sep, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and prior, multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files lacking user input validation before copying data from project files onto the stack and may allow an attacker to remotely execute arbitrary code.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-tpeditorDelta Industrial Automation TPEditor
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-43818
Matching Score-8
Assigner-Exodus Intelligence
ShareView Details
Matching Score-8
Assigner-Exodus Intelligence
CVSS Score-8.8||HIGH
EPSS-0.92% / 75.07%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 21:15
Updated-17 Jun, 2025 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Delta Electronics Delta Industrial Automation DOPSoft DPS File wTextLen Buffer Overflow Remote Code Execution

A buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-dopsoftDOPSoft
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-43816
Matching Score-8
Assigner-Exodus Intelligence
ShareView Details
Matching Score-8
Assigner-Exodus Intelligence
CVSS Score-6.3||MEDIUM
EPSS-0.06% / 20.12%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 21:15
Updated-13 Nov, 2024 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Delta Electronics Delta Industrial Automation DOPSoft DPS File wKPFStringLen Buffer Overflow Remote Code Execution

A buffer overflow vulnerability exists in Delta Electronics Delta Industrial Automation DOPSoft version 2 when parsing the wKPFStringLen field of a DPS file. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve code execution.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-dopsoftDOPSoft
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-43817
Matching Score-8
Assigner-Exodus Intelligence
ShareView Details
Matching Score-8
Assigner-Exodus Intelligence
CVSS Score-7.5||HIGH
EPSS-0.10% / 28.06%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 21:15
Updated-17 Jun, 2025 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Delta Electronics Delta Industrial Automation DOPSoft DPS File wMailContentLen Buffer Overflow Remote Code Execution

A buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft version 2 when parsing the wMailContentLen field of a DPS file. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve code execution.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-dopsoftDOPSoft
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-43815
Matching Score-8
Assigner-Exodus Intelligence
ShareView Details
Matching Score-8
Assigner-Exodus Intelligence
CVSS Score-7.1||HIGH
EPSS-0.07% / 21.17%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 21:15
Updated-02 Jun, 2025 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Delta Electronics Delta Industrial Automation DOPSoft DPS File wScreenDESCTextLen Buffer Overflow Remote Code Execution

A buffer overflow vulnerability exists in Delta Electronics Delta Industrial Automation DOPSoft version 2 when parsing the wScreenDESCTextLen field of a DPS file. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve code execution.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-dopsoftDOPSoft
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-43822
Matching Score-8
Assigner-Exodus Intelligence
ShareView Details
Matching Score-8
Assigner-Exodus Intelligence
CVSS Score-8.8||HIGH
EPSS-0.89% / 74.48%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 21:16
Updated-16 Jun, 2025 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Delta Electronics Delta Industrial Automation DOPSoft DPS File wLogTitlesTimeLen Buffer Overflow Remote Code Execution

A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wLogTitlesTimeLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-dopsoftDOPSoft
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-27412
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.21% / 43.75%
||
7 Day CHG~0.00%
Published-02 Jul, 2021 | 10:52
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code.

Action-Not Available
Vendor-n/aDelta Electronics, Inc.
Product-dopsoftDelta Electronics DOPSoft
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-22672
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.30% / 52.83%
||
7 Day CHG~0.00%
Published-10 May, 2021 | 12:29
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Delta Electronics' CNCSoft ScreenEditor in versions prior to v1.01.30 could allow the corruption of data, a denial-of-service condition, or code execution. The vulnerability may allow an attacker to remotely execute arbitrary code.

Action-Not Available
Vendor-n/aDelta Electronics, Inc.
Product-cncsoft_screeneditorDelta Electronics CNCSoft ScreenEditor
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-22882
Matching Score-8
Assigner-Delta Electronics, Inc.
ShareView Details
Matching Score-8
Assigner-Delta Electronics, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.89%
||
7 Day CHG-0.00%
Published-30 Apr, 2025 | 07:34
Updated-25 Aug, 2025 | 03:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ISPSoft File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to leverage debugging logic to execute arbitrary code when parsing CBDGL file.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-ispsoftISPSoft
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-22884
Matching Score-8
Assigner-Delta Electronics, Inc.
ShareView Details
Matching Score-8
Assigner-Delta Electronics, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.89%
||
7 Day CHG-0.00%
Published-30 Apr, 2025 | 07:37
Updated-25 Aug, 2025 | 03:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ISPSoft File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-ispsoftISPSoft
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-22883
Matching Score-8
Assigner-759f5e80-c8e1-4224-bead-956d7b33c98b
ShareView Details
Matching Score-8
Assigner-759f5e80-c8e1-4224-bead-956d7b33c98b
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.11%
||
7 Day CHG~0.00%
Published-30 Apr, 2025 | 07:36
Updated-16 May, 2025 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ISPSoft File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-ispsoftISPSoft
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-7502
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.5||HIGH
EPSS-0.05% / 16.36%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 16:50
Updated-12 Aug, 2024 | 18:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Delta Electronics DIAScreen Stack-Based Buffer Overflow

A crafted DPA file could force Delta Electronics DIAScreen to overflow a stack-based buffer, which could allow an attacker to execute arbitrary code.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-diascreenDIAScreendiascreen
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-47962
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.4||HIGH
EPSS-0.07% / 22.72%
||
7 Day CHG~0.00%
Published-10 Oct, 2024 | 17:14
Updated-17 Oct, 2024 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack-based Buffer Overflow vulnerability in Delta Electronics CNCSoft-G2

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can manipulate an insider to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-cncsoft-g2CNCSoft-G2cncsoft-g2
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-47966
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.4||HIGH
EPSS-0.04% / 10.54%
||
7 Day CHG~0.00%
Published-10 Oct, 2024 | 17:18
Updated-17 Oct, 2024 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use of Uninitialized Variable vulnerability in Delta Electronics CNCSoft-G2

Delta Electronics CNCSoft-G2 lacks proper initialization of memory prior to accessing it. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-cncsoft-g2CNCSoft-G2cncsoft-g2
CWE ID-CWE-457
Use of Uninitialized Variable
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2024-47131
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.4||HIGH
EPSS-0.04% / 8.60%
||
7 Day CHG~0.00%
Published-11 Nov, 2024 | 14:53
Updated-30 Jan, 2025 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Delta Electronics DIAScreen Stack-based Buffer Overflow

If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetObjectInfo can be exploited, allowing the attacker to remotely execute arbitrary code.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-diascreenDIAScreendiascreen
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
Details not found