cvelistv5 - cve-2024-39880

cve-2024-39880

Vulnerability from cvelistv5

Published

2024-07-09 21:21

Modified

2024-08-02 04:33

Severity ?

8.4 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Stack-based Buffer Overflow in Delta Electronics CNCSoft-G2

References

▼	URL	Tags
	ics-cert@hq.dhs.gov	https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-01	Third Party Advisory, US Government Resource

Impacted products

▼	Vendor	Product
	Delta Electronics	CNCSoft-G2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:delta_electronics:cncsoft-g2:2.0.0.5:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "cncsoft-g2",
            "vendor": "delta_electronics",
            "versions": [
              {
                "status": "affected",
                "version": "2.0.0.5"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39880",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-10T13:58:44.937267Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-11T16:34:12.494Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:33:11.485Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "government-resource",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CNCSoft-G2",
          "vendor": "Delta Electronics",
          "versions": [
            {
              "status": "affected",
              "version": "2.0.0.5"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Bobby Gould and Fritz Sands of Trend Micro Zero Day Initiative reported these vulnerabilities to CISA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDelta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.\u003c/span\u003e"
            }
          ],
          "value": "Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "STACK-BASED BUFFER OVERFLOW CWE-121",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-09T23:12:00.978Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-01"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDelta Electronics recommends users update to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://downloadcenter.deltaww.com/en-US/DownloadCenter?v=1\u0026amp;q=cncsoft\u0026amp;sort_expr=cdate\u0026amp;sort_dir=DESC\"\u003eCNCSoft-G2 V2.1.0.10\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;or later.\u003c/span\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Delta Electronics recommends users update to  CNCSoft-G2 V2.1.0.10 https://downloadcenter.deltaww.com/en-US/DownloadCenter \u00a0or later."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Stack-based Buffer Overflow in Delta Electronics CNCSoft-G2",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2024-39880",
    "datePublished": "2024-07-09T21:21:47.678Z",
    "dateReserved": "2024-07-01T18:13:23.097Z",
    "dateUpdated": "2024-08-02T04:33:11.485Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-39880\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2024-07-09T22:15:02.740\",\"lastModified\":\"2024-08-29T17:38:18.727\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.\"},{\"lang\":\"es\",\"value\":\"Delta Electronics CNCSoft-G2 carece de una validaci\u00f3n adecuada de la longitud de los datos proporcionados por el usuario antes de copiarlos en un b\u00fafer basado en pila de longitud fija. Si un objetivo visita una p\u00e1gina maliciosa o abre un archivo malicioso, un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"ACTIVE\",\"vulnerableSystemConfidentiality\":\"HIGH\",\"vulnerableSystemIntegrity\":\"HIGH\",\"vulnerableSystemAvailability\":\"HIGH\",\"subsequentSystemConfidentiality\":\"NONE\",\"subsequentSystemIntegrity\":\"NONE\",\"subsequentSystemAvailability\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirements\":\"NOT_DEFINED\",\"integrityRequirements\":\"NOT_DEFINED\",\"availabilityRequirements\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnerableSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedVulnerableSystemIntegrity\":\"NOT_DEFINED\",\"modifiedVulnerableSystemAvailability\":\"NOT_DEFINED\",\"modifiedSubsequentSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedSubsequentSystemIntegrity\":\"NOT_DEFINED\",\"modifiedSubsequentSystemAvailability\":\"NOT_DEFINED\",\"safety\":\"NOT_DEFINED\",\"automatable\":\"NOT_DEFINED\",\"recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\",\"baseScore\":8.4,\"baseSeverity\":\"HIGH\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]},{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-121\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:deltaww:cncsoft-g2:2.0.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"023EB74A-5EBD-489D-BA0F-CF4ED45EECB9\"}]}]}],\"references\":[{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-01\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
  }
}

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. Delta Electronics CNCSoft-G2 is a human-machine interface (HMI) software from Delta Electronics, a Chinese company

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202407-0233",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "cncsoft-g2",
        "scope": null,
        "trust": 12.6,
        "vendor": "delta",
        "version": null
      },
      {
        "model": "electronics cncsoft-g2",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "delta",
        "version": "2.0.0.5"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-24-944"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-943"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-940"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-938"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-935"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-934"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-933"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-932"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-931"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-930"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-929"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-925"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-923"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-922"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-920"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-919"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-918"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-917"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2024-32986"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Natnael Samson (@NattiSamson)",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-24-938"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-935"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-934"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-933"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-932"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-931"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-930"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-929"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-925"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-923"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-922"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-920"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-919"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-918"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-917"
      }
    ],
    "trust": 10.5
  },
  "cve": "CVE-2024-39880",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2024-32986",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "ZDI",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2024-39880",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 12.6,
            "userInteraction": "REQUIRED",
            "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "ics-cert@hq.dhs.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "ZDI",
            "id": "CVE-2024-39880",
            "trust": 12.6,
            "value": "HIGH"
          },
          {
            "author": "ics-cert@hq.dhs.gov",
            "id": "CVE-2024-39880",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2024-32986",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-24-944"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-943"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-940"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-938"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-935"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-934"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-933"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-932"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-931"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-930"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-929"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-925"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-923"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-922"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-920"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-919"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-918"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-917"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2024-32986"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-39880"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. Delta Electronics CNCSoft-G2 is a human-machine interface (HMI) software from Delta Electronics, a Chinese company",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2024-39880"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-943"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-917"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-918"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-919"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-920"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-922"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-923"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-925"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-944"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-930"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-931"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-932"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-933"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-934"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-935"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-938"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-940"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-929"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2024-32986"
      }
    ],
    "trust": 12.78
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2024-39880",
        "trust": 14.2
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-24-191-01",
        "trust": 1.6
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-23916",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-944",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-23915",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-943",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-23841",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-940",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-23831",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-938",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-23807",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-935",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-23770",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-934",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-23769",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-933",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-23767",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-932",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-23766",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-931",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-23765",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-930",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-23764",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-929",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-23580",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-925",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-23578",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-923",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-23577",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-922",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-23575",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-920",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-23574",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-919",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-23573",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-918",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-23572",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-917",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2024-32986",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-24-944"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-943"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-940"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-938"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-935"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-934"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-933"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-932"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-931"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-930"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-929"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-925"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-923"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-922"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-920"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-919"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-918"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-917"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2024-32986"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-39880"
      }
    ]
  },
  "id": "VAR-202407-0233",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-32986"
      }
    ],
    "trust": 0.06
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-32986"
      }
    ]
  },
  "last_update_date": "2024-07-23T22:30:24.731000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Delta Electronics has issued an update to correct this vulnerability.",
        "trust": 12.6,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-01"
      },
      {
        "title": "Patch for Delta Electronics CNCSoft-G2 Buffer Overflow Vulnerability (CNVD-2024-32986)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/571021"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-24-944"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-943"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-940"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-938"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-935"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-934"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-933"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-932"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-931"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-930"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-929"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-925"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-923"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-922"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-920"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-919"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-918"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-917"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2024-32986"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-121",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2024-39880"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 14.2,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-01"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-24-944"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-943"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-940"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-938"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-935"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-934"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-933"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-932"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-931"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-930"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-929"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-925"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-923"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-922"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-920"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-919"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-918"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-917"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2024-32986"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-39880"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-24-944"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-943"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-940"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-938"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-935"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-934"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-933"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-932"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-931"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-930"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-929"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-925"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-923"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-922"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-920"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-919"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-918"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-917"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2024-32986"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-39880"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-07-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-24-944"
      },
      {
        "date": "2024-07-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-24-943"
      },
      {
        "date": "2024-07-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-24-940"
      },
      {
        "date": "2024-07-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-24-938"
      },
      {
        "date": "2024-07-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-24-935"
      },
      {
        "date": "2024-07-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-24-934"
      },
      {
        "date": "2024-07-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-24-933"
      },
      {
        "date": "2024-07-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-24-932"
      },
      {
        "date": "2024-07-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-24-931"
      },
      {
        "date": "2024-07-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-24-930"
      },
      {
        "date": "2024-07-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-24-929"
      },
      {
        "date": "2024-07-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-24-925"
      },
      {
        "date": "2024-07-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-24-923"
      },
      {
        "date": "2024-07-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-24-922"
      },
      {
        "date": "2024-07-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-24-920"
      },
      {
        "date": "2024-07-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-24-919"
      },
      {
        "date": "2024-07-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-24-918"
      },
      {
        "date": "2024-07-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-24-917"
      },
      {
        "date": "2024-07-17T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2024-32986"
      },
      {
        "date": "2024-07-09T22:15:02.740000",
        "db": "NVD",
        "id": "CVE-2024-39880"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-07-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-24-944"
      },
      {
        "date": "2024-07-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-24-943"
      },
      {
        "date": "2024-07-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-24-940"
      },
      {
        "date": "2024-07-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-24-938"
      },
      {
        "date": "2024-07-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-24-935"
      },
      {
        "date": "2024-07-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-24-934"
      },
      {
        "date": "2024-07-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-24-933"
      },
      {
        "date": "2024-07-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-24-932"
      },
      {
        "date": "2024-07-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-24-931"
      },
      {
        "date": "2024-07-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-24-930"
      },
      {
        "date": "2024-07-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-24-929"
      },
      {
        "date": "2024-07-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-24-925"
      },
      {
        "date": "2024-07-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-24-923"
      },
      {
        "date": "2024-07-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-24-922"
      },
      {
        "date": "2024-07-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-24-920"
      },
      {
        "date": "2024-07-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-24-919"
      },
      {
        "date": "2024-07-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-24-918"
      },
      {
        "date": "2024-07-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-24-917"
      },
      {
        "date": "2024-07-17T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2024-32986"
      },
      {
        "date": "2024-07-11T13:05:54.930000",
        "db": "NVD",
        "id": "CVE-2024-39880"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-24-944"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-943"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-940"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-938"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-935"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-934"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-933"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-932"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-931"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-930"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-929"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-925"
      }
    ],
    "trust": 8.4
  }
}

ghsa-6pc8-wjpf-r5vj

Vulnerability from github

Published

2024-07-10 00:30

Modified

2024-07-10 00:30

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.4 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-39880"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-09T22:15:02Z",
    "severity": "HIGH"
  },
  "details": "Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.",
  "id": "GHSA-6pc8-wjpf-r5vj",
  "modified": "2024-07-10T00:30:42Z",
  "published": "2024-07-10T00:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39880"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2024-39880

Vulnerability from cvelistv5

var-202407-0233

Vulnerability from variot

ghsa-6pc8-wjpf-r5vj

Vulnerability from github

Tags

Sightings

Nomenclature