Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities found for WPLSoft by Delta Electronics
CVE-2023-5130 (GCVE-0-2023-5130)
Vulnerability from cvelistv5 – Published: 2024-01-18 21:14 – Updated: 2024-11-13 19:17
VLAI
Title
Delta Electronics WPLSoft Buffer-Overflow
Summary
A buffer overflow vulnerability exists in Delta Electronics WPLSoft. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DVP file to achieve code execution.
Severity
8.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://blog.exodusintel.com/2024/01/18/delta-ele… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Delta Electronics | WPLSoft |
Affected:
2.42.11
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.806Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://blog.exodusintel.com/2024/01/18/delta-electronics-wplsoft-buffer-overflow/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5130",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T19:17:33.322269Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T19:17:54.553Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "WPLSoft",
"vendor": "Delta Electronics",
"versions": [
{
"status": "affected",
"version": "2.42.11"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Exodus Intelligence"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(245, 245, 245);\"\u003eA buffer overflow vulnerability exists in Delta Electronics WPLSoft. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DVP file to achieve code execution.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A buffer overflow vulnerability exists in Delta Electronics WPLSoft. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DVP file to achieve code execution.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV2_0": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:P/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-18T21:14:26.662Z",
"orgId": "902ff664-2e36-43e3-a1aa-3210c82d1b67",
"shortName": "XI"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://blog.exodusintel.com/2024/01/18/delta-electronics-wplsoft-buffer-overflow/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Delta Electronics WPLSoft Buffer-Overflow",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "902ff664-2e36-43e3-a1aa-3210c82d1b67",
"assignerShortName": "XI",
"cveId": "CVE-2023-5130",
"datePublished": "2024-01-18T21:14:26.662Z",
"dateReserved": "2023-09-22T16:18:18.191Z",
"dateUpdated": "2024-11-13T19:17:54.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5461 (GCVE-0-2023-5461)
Vulnerability from cvelistv5 – Published: 2023-10-09 20:00 – Updated: 2024-09-19 18:33
VLAI
Title
Delta Electronics WPLSoft Modbus cleartext transmission
Summary
A vulnerability was found in Delta Electronics WPLSoft 2.51. It has been classified as problematic. Affected is an unknown function of the component Modbus Handler. The manipulation leads to cleartext transmission of sensitive information. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241584. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.241584 | vdb-entry |
| https://vuldb.com/?ctiid.241584 | signaturepermissions-required |
| https://drive.google.com/drive/folders/17nBJt3tej… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Delta Electronics | WPLSoft |
Affected:
2.51
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.750Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.241584"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.241584"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://drive.google.com/drive/folders/17nBJt3tejqipE_L-lMEhYXeGhG0eii-_"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5461",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T18:33:13.312818Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T18:33:57.954Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Modbus Handler"
],
"product": "WPLSoft",
"vendor": "Delta Electronics",
"versions": [
{
"status": "affected",
"version": "2.51"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Delta Electronics WPLSoft 2.51. It has been classified as problematic. Affected is an unknown function of the component Modbus Handler. The manipulation leads to cleartext transmission of sensitive information. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241584. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in Delta Electronics WPLSoft 2.51 ausgemacht. Betroffen hiervon ist ein unbekannter Ablauf der Komponente Modbus Handler. Mit der Manipulation mit unbekannten Daten kann eine cleartext transmission of sensitive information-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-09T20:00:06.688Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.241584"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.241584"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/drive/folders/17nBJt3tejqipE_L-lMEhYXeGhG0eii-_"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-10-09T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-10-09T15:51:43.000Z",
"value": "VulDB last update"
}
],
"title": "Delta Electronics WPLSoft Modbus cleartext transmission"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-5461",
"datePublished": "2023-10-09T20:00:06.688Z",
"dateReserved": "2023-10-09T13:46:31.730Z",
"dateUpdated": "2024-09-19T18:33:57.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5460 (GCVE-0-2023-5460)
Vulnerability from cvelistv5 – Published: 2023-10-09 19:00 – Updated: 2024-08-02 07:59
VLAI
Title
Delta Electronics WPLSoft Modbus Data Packet heap-based overflow
Summary
A vulnerability was found in Delta Electronics WPLSoft up to 2.51 and classified as problematic. This issue affects some unknown processing of the component Modbus Data Packet Handler. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241583. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.241583 | vdb-entry |
| https://vuldb.com/?ctiid.241583 | signaturepermissions-required |
| https://drive.google.com/drive/folders/1oYxs_KxK4… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Delta Electronics | WPLSoft |
Affected:
2.0
Affected: 2.1 Affected: 2.2 Affected: 2.3 Affected: 2.4 Affected: 2.5 Affected: 2.6 Affected: 2.7 Affected: 2.8 Affected: 2.9 Affected: 2.10 Affected: 2.11 Affected: 2.12 Affected: 2.13 Affected: 2.14 Affected: 2.15 Affected: 2.16 Affected: 2.17 Affected: 2.18 Affected: 2.19 Affected: 2.20 Affected: 2.21 Affected: 2.22 Affected: 2.23 Affected: 2.24 Affected: 2.25 Affected: 2.26 Affected: 2.27 Affected: 2.28 Affected: 2.29 Affected: 2.30 Affected: 2.31 Affected: 2.32 Affected: 2.33 Affected: 2.34 Affected: 2.35 Affected: 2.36 Affected: 2.37 Affected: 2.38 Affected: 2.39 Affected: 2.40 Affected: 2.41 Affected: 2.42 Affected: 2.43 Affected: 2.44 Affected: 2.45 Affected: 2.46 Affected: 2.47 Affected: 2.48 Affected: 2.49 Affected: 2.50 Affected: 2.51 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.241583"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.241583"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://drive.google.com/drive/folders/1oYxs_KxK4Ftd7OsexGk6upkxhJ3-m8M3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Modbus Data Packet Handler"
],
"product": "WPLSoft",
"vendor": "Delta Electronics",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
},
{
"status": "affected",
"version": "2.3"
},
{
"status": "affected",
"version": "2.4"
},
{
"status": "affected",
"version": "2.5"
},
{
"status": "affected",
"version": "2.6"
},
{
"status": "affected",
"version": "2.7"
},
{
"status": "affected",
"version": "2.8"
},
{
"status": "affected",
"version": "2.9"
},
{
"status": "affected",
"version": "2.10"
},
{
"status": "affected",
"version": "2.11"
},
{
"status": "affected",
"version": "2.12"
},
{
"status": "affected",
"version": "2.13"
},
{
"status": "affected",
"version": "2.14"
},
{
"status": "affected",
"version": "2.15"
},
{
"status": "affected",
"version": "2.16"
},
{
"status": "affected",
"version": "2.17"
},
{
"status": "affected",
"version": "2.18"
},
{
"status": "affected",
"version": "2.19"
},
{
"status": "affected",
"version": "2.20"
},
{
"status": "affected",
"version": "2.21"
},
{
"status": "affected",
"version": "2.22"
},
{
"status": "affected",
"version": "2.23"
},
{
"status": "affected",
"version": "2.24"
},
{
"status": "affected",
"version": "2.25"
},
{
"status": "affected",
"version": "2.26"
},
{
"status": "affected",
"version": "2.27"
},
{
"status": "affected",
"version": "2.28"
},
{
"status": "affected",
"version": "2.29"
},
{
"status": "affected",
"version": "2.30"
},
{
"status": "affected",
"version": "2.31"
},
{
"status": "affected",
"version": "2.32"
},
{
"status": "affected",
"version": "2.33"
},
{
"status": "affected",
"version": "2.34"
},
{
"status": "affected",
"version": "2.35"
},
{
"status": "affected",
"version": "2.36"
},
{
"status": "affected",
"version": "2.37"
},
{
"status": "affected",
"version": "2.38"
},
{
"status": "affected",
"version": "2.39"
},
{
"status": "affected",
"version": "2.40"
},
{
"status": "affected",
"version": "2.41"
},
{
"status": "affected",
"version": "2.42"
},
{
"status": "affected",
"version": "2.43"
},
{
"status": "affected",
"version": "2.44"
},
{
"status": "affected",
"version": "2.45"
},
{
"status": "affected",
"version": "2.46"
},
{
"status": "affected",
"version": "2.47"
},
{
"status": "affected",
"version": "2.48"
},
{
"status": "affected",
"version": "2.49"
},
{
"status": "affected",
"version": "2.50"
},
{
"status": "affected",
"version": "2.51"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Delta Electronics WPLSoft up to 2.51 and classified as problematic. This issue affects some unknown processing of the component Modbus Data Packet Handler. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241583. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in Delta Electronics WPLSoft bis 2.51 gefunden. Betroffen davon ist ein unbekannter Prozess der Komponente Modbus Data Packet Handler. Dank Manipulation mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.7,
"vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-09T19:00:07.910Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.241583"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.241583"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/drive/folders/1oYxs_KxK4Ftd7OsexGk6upkxhJ3-m8M3"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-10-09T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-10-09T15:51:41.000Z",
"value": "VulDB last update"
}
],
"title": "Delta Electronics WPLSoft Modbus Data Packet heap-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-5460",
"datePublished": "2023-10-09T19:00:07.910Z",
"dateReserved": "2023-10-09T13:46:25.782Z",
"dateUpdated": "2024-08-02T07:59:44.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5130 (GCVE-0-2023-5130)
Vulnerability from nvd – Published: 2024-01-18 21:14 – Updated: 2024-11-13 19:17
VLAI
Title
Delta Electronics WPLSoft Buffer-Overflow
Summary
A buffer overflow vulnerability exists in Delta Electronics WPLSoft. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DVP file to achieve code execution.
Severity
8.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://blog.exodusintel.com/2024/01/18/delta-ele… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Delta Electronics | WPLSoft |
Affected:
2.42.11
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.806Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://blog.exodusintel.com/2024/01/18/delta-electronics-wplsoft-buffer-overflow/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5130",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T19:17:33.322269Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T19:17:54.553Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "WPLSoft",
"vendor": "Delta Electronics",
"versions": [
{
"status": "affected",
"version": "2.42.11"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Exodus Intelligence"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(245, 245, 245);\"\u003eA buffer overflow vulnerability exists in Delta Electronics WPLSoft. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DVP file to achieve code execution.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A buffer overflow vulnerability exists in Delta Electronics WPLSoft. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DVP file to achieve code execution.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV2_0": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:P/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-18T21:14:26.662Z",
"orgId": "902ff664-2e36-43e3-a1aa-3210c82d1b67",
"shortName": "XI"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://blog.exodusintel.com/2024/01/18/delta-electronics-wplsoft-buffer-overflow/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Delta Electronics WPLSoft Buffer-Overflow",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "902ff664-2e36-43e3-a1aa-3210c82d1b67",
"assignerShortName": "XI",
"cveId": "CVE-2023-5130",
"datePublished": "2024-01-18T21:14:26.662Z",
"dateReserved": "2023-09-22T16:18:18.191Z",
"dateUpdated": "2024-11-13T19:17:54.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5461 (GCVE-0-2023-5461)
Vulnerability from nvd – Published: 2023-10-09 20:00 – Updated: 2024-09-19 18:33
VLAI
Title
Delta Electronics WPLSoft Modbus cleartext transmission
Summary
A vulnerability was found in Delta Electronics WPLSoft 2.51. It has been classified as problematic. Affected is an unknown function of the component Modbus Handler. The manipulation leads to cleartext transmission of sensitive information. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241584. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.241584 | vdb-entry |
| https://vuldb.com/?ctiid.241584 | signaturepermissions-required |
| https://drive.google.com/drive/folders/17nBJt3tej… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Delta Electronics | WPLSoft |
Affected:
2.51
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.750Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.241584"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.241584"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://drive.google.com/drive/folders/17nBJt3tejqipE_L-lMEhYXeGhG0eii-_"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5461",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T18:33:13.312818Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T18:33:57.954Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Modbus Handler"
],
"product": "WPLSoft",
"vendor": "Delta Electronics",
"versions": [
{
"status": "affected",
"version": "2.51"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Delta Electronics WPLSoft 2.51. It has been classified as problematic. Affected is an unknown function of the component Modbus Handler. The manipulation leads to cleartext transmission of sensitive information. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241584. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in Delta Electronics WPLSoft 2.51 ausgemacht. Betroffen hiervon ist ein unbekannter Ablauf der Komponente Modbus Handler. Mit der Manipulation mit unbekannten Daten kann eine cleartext transmission of sensitive information-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-09T20:00:06.688Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.241584"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.241584"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/drive/folders/17nBJt3tejqipE_L-lMEhYXeGhG0eii-_"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-10-09T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-10-09T15:51:43.000Z",
"value": "VulDB last update"
}
],
"title": "Delta Electronics WPLSoft Modbus cleartext transmission"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-5461",
"datePublished": "2023-10-09T20:00:06.688Z",
"dateReserved": "2023-10-09T13:46:31.730Z",
"dateUpdated": "2024-09-19T18:33:57.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5460 (GCVE-0-2023-5460)
Vulnerability from nvd – Published: 2023-10-09 19:00 – Updated: 2024-08-02 07:59
VLAI
Title
Delta Electronics WPLSoft Modbus Data Packet heap-based overflow
Summary
A vulnerability was found in Delta Electronics WPLSoft up to 2.51 and classified as problematic. This issue affects some unknown processing of the component Modbus Data Packet Handler. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241583. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.241583 | vdb-entry |
| https://vuldb.com/?ctiid.241583 | signaturepermissions-required |
| https://drive.google.com/drive/folders/1oYxs_KxK4… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Delta Electronics | WPLSoft |
Affected:
2.0
Affected: 2.1 Affected: 2.2 Affected: 2.3 Affected: 2.4 Affected: 2.5 Affected: 2.6 Affected: 2.7 Affected: 2.8 Affected: 2.9 Affected: 2.10 Affected: 2.11 Affected: 2.12 Affected: 2.13 Affected: 2.14 Affected: 2.15 Affected: 2.16 Affected: 2.17 Affected: 2.18 Affected: 2.19 Affected: 2.20 Affected: 2.21 Affected: 2.22 Affected: 2.23 Affected: 2.24 Affected: 2.25 Affected: 2.26 Affected: 2.27 Affected: 2.28 Affected: 2.29 Affected: 2.30 Affected: 2.31 Affected: 2.32 Affected: 2.33 Affected: 2.34 Affected: 2.35 Affected: 2.36 Affected: 2.37 Affected: 2.38 Affected: 2.39 Affected: 2.40 Affected: 2.41 Affected: 2.42 Affected: 2.43 Affected: 2.44 Affected: 2.45 Affected: 2.46 Affected: 2.47 Affected: 2.48 Affected: 2.49 Affected: 2.50 Affected: 2.51 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.241583"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.241583"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://drive.google.com/drive/folders/1oYxs_KxK4Ftd7OsexGk6upkxhJ3-m8M3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Modbus Data Packet Handler"
],
"product": "WPLSoft",
"vendor": "Delta Electronics",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
},
{
"status": "affected",
"version": "2.3"
},
{
"status": "affected",
"version": "2.4"
},
{
"status": "affected",
"version": "2.5"
},
{
"status": "affected",
"version": "2.6"
},
{
"status": "affected",
"version": "2.7"
},
{
"status": "affected",
"version": "2.8"
},
{
"status": "affected",
"version": "2.9"
},
{
"status": "affected",
"version": "2.10"
},
{
"status": "affected",
"version": "2.11"
},
{
"status": "affected",
"version": "2.12"
},
{
"status": "affected",
"version": "2.13"
},
{
"status": "affected",
"version": "2.14"
},
{
"status": "affected",
"version": "2.15"
},
{
"status": "affected",
"version": "2.16"
},
{
"status": "affected",
"version": "2.17"
},
{
"status": "affected",
"version": "2.18"
},
{
"status": "affected",
"version": "2.19"
},
{
"status": "affected",
"version": "2.20"
},
{
"status": "affected",
"version": "2.21"
},
{
"status": "affected",
"version": "2.22"
},
{
"status": "affected",
"version": "2.23"
},
{
"status": "affected",
"version": "2.24"
},
{
"status": "affected",
"version": "2.25"
},
{
"status": "affected",
"version": "2.26"
},
{
"status": "affected",
"version": "2.27"
},
{
"status": "affected",
"version": "2.28"
},
{
"status": "affected",
"version": "2.29"
},
{
"status": "affected",
"version": "2.30"
},
{
"status": "affected",
"version": "2.31"
},
{
"status": "affected",
"version": "2.32"
},
{
"status": "affected",
"version": "2.33"
},
{
"status": "affected",
"version": "2.34"
},
{
"status": "affected",
"version": "2.35"
},
{
"status": "affected",
"version": "2.36"
},
{
"status": "affected",
"version": "2.37"
},
{
"status": "affected",
"version": "2.38"
},
{
"status": "affected",
"version": "2.39"
},
{
"status": "affected",
"version": "2.40"
},
{
"status": "affected",
"version": "2.41"
},
{
"status": "affected",
"version": "2.42"
},
{
"status": "affected",
"version": "2.43"
},
{
"status": "affected",
"version": "2.44"
},
{
"status": "affected",
"version": "2.45"
},
{
"status": "affected",
"version": "2.46"
},
{
"status": "affected",
"version": "2.47"
},
{
"status": "affected",
"version": "2.48"
},
{
"status": "affected",
"version": "2.49"
},
{
"status": "affected",
"version": "2.50"
},
{
"status": "affected",
"version": "2.51"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Delta Electronics WPLSoft up to 2.51 and classified as problematic. This issue affects some unknown processing of the component Modbus Data Packet Handler. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241583. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in Delta Electronics WPLSoft bis 2.51 gefunden. Betroffen davon ist ein unbekannter Prozess der Komponente Modbus Data Packet Handler. Dank Manipulation mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.7,
"vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-09T19:00:07.910Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.241583"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.241583"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/drive/folders/1oYxs_KxK4Ftd7OsexGk6upkxhJ3-m8M3"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-10-09T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-10-09T15:51:41.000Z",
"value": "VulDB last update"
}
],
"title": "Delta Electronics WPLSoft Modbus Data Packet heap-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-5460",
"datePublished": "2023-10-09T19:00:07.910Z",
"dateReserved": "2023-10-09T13:46:25.782Z",
"dateUpdated": "2024-08-02T07:59:44.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}