Lucene search

XICVELIST:CVE-2023-5130

HistoryJan 18, 2024 - 9:14 p.m.

CVE-2023-5130 Delta Electronics WPLSoft Buffer-Overflow

2024-01-1821:14:26

CWE-119

www.cve.org

delta electronics

wplsoft

buffer-overflow

cve-2023-5130

dvp file

code execution

CVSS2

7.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:P/A:C

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

48.3%

JSON

A buffer overflow vulnerability exists in Delta Electronics WPLSoft. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DVP file to achieve code execution.

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "product": "WPLSoft",
    "vendor": "Delta Electronics",
    "versions": [
      {
        "status": "affected",
        "version": "2.42.11"
      }
    ]
  }
]

References

blog.exodusintel.com/2024/01/18/delta-electronics-wplsoft-buffer-overflow/

CVSS2

7.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:P/A:C

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

48.3%

JSON

Related for CVELIST:CVE-2023-5130