CVE-2020-27281

EPSS 0.37%
Veröffentlicht 11.01.2021 16:15:15
Zuletzt bearbeitet 21.11.2024 05:20:59
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

A stack-based buffer overflow may exist in Delta Electronics CNCSoft ScreenEditor versions 1.01.26 and prior when processing specially crafted project files, which may allow an attacker to execute arbitrary code.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Deltaww ≫ Cncsoft Screeneditor Version <= 1.01.26

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.37%	0.556

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://us-cert.cisa.gov/ics/advisories/icsa-21-005-06

Third Party Advisory

US Government Resource

https://www.zerodayinitiative.com/advisories/ZDI-21-039/

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2020-27281

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-27281

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-27281

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-27281