Lucene search

IcscertCVE-2020-27277

HistoryJan 11, 2021 - 4:15 p.m.

CVE-2020-27277

2021-01-1116:15:15

CWE-822

CWE-476

icscert

web.nvd.nist.gov

cve-2020-27277

delta electronics

dopsoft

null pointer dereference

arbitrary code execution

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

37.4%

JSON

Delta Electronics DOPSoft Version 4.0.8.21 and prior has a null pointer dereference issue while processing project files, which may allow an attacker to execute arbitrary code.

Affected configurations

Nvd

Node

deltawwdopsoftRange≤4.0.8.21

VendorProductVersionCPE
deltawwdopsoft*cpe:2.3:a:deltaww:dopsoft:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
deltaww	dopsoft	*	cpe:2.3:a:deltaww:dopsoft::::::::

CNA Affected

[
  {
    "product": "Delta Electronics",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "DOPSoft Version 4.0.8.21 and prior"
      }
    ]
  }
]

References

us-cert.cisa.gov/ics/advisories/icsa-21-005-05

www.zerodayinitiative.com/advisories/ZDI-21-033/

Social References

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

37.4%

JSON

Related for CVE-2020-27277