CVE-2020-27281
published 2021-01-11CVE-2020-27281: A stack-based buffer overflow may exist in Delta Electronics CNCSoft ScreenEditor versions 1.01.26 and prior when processing specially crafted project files…
PriorityP342high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
2.02%
78.5th percentile
A stack-based buffer overflow may exist in Delta Electronics CNCSoft ScreenEditor versions 1.01.26 and prior when processing specially crafted project files, which may allow an attacker to execute arbitrary code.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| deltaww | cncsoft_screeneditor | <= 1.01.26 | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Delta Electronics CNCSoft ScreenEditor
cisa_ics·2021-01-06·CVSS 7.8
[HIGH] Delta Electronics CNCSoft ScreenEditor
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Delta Electronics CNCSoft ScreenEditor
Last RevisedJanuary 06, 2021
Alert CodeICSA-21-005-06
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.8
- ATTENTION: Low skill level to exploit
- Vendor: Delta Electronics
- Equipment: CNCSoft ScreenEditor
- Vulnerability: Stack-based Buffer Overflow
## 2. RISK EVALUATION
Successful exploitation of this vulnerability may allow arbitrary code execution.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of CNCSoft ScreenEditor are affected:
- CNCSoft ScreenEditor Versions 1.01.26 and prior
## 3.2 VULNERABILITY OVERVIEW
#
GHSA
GHSA-mhr3-6pv8-895v: A stack-based buffer overflow may exist in Delta Electronics CNCSoft ScreenEditor versions 1
ghsa_unreviewed·2022-05-24
CVE-2020-27281 [HIGH] CWE-787 GHSA-mhr3-6pv8-895v: A stack-based buffer overflow may exist in Delta Electronics CNCSoft ScreenEditor versions 1
A stack-based buffer overflow may exist in Delta Electronics CNCSoft ScreenEditor versions 1.01.26 and prior when processing specially crafted project files, which may allow an attacker to execute arbitrary code.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-01-11
Published