Cncsoft B
CVE-2024-1595
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Delta Electronics CNCSoft-B DOPSoft prior to v4.0.0.82
insecurely loads libraries, which may allow an attacker to use DLL hijacking and take over the system where the software is installed.
AnalysisAI
Delta Electronics CNCSoft-B DOPSoft prior to v4.0.0.82 insecurely loads libraries, which may allow an attacker to use DLL hijacking and take over the system where the software is installed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-427. Delta Electronics CNCSoft-B DOPSoft prior to v4.0.0.82 insecurely loads libraries, which may allow an attacker to use DLL hijacking and take over the system where the software is installed. Affected products include: Deltaww Cncsoft-B, Deltaww Dopsoft.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Delta Electronics CNCSoft-B versions 1.0.0.4 and prior are vulnerable to a stack-based buffer overflow, which may allow
Delta Electronics' CNCSoft-B version 1.0.0.4 and DOPSoft versions 4.0.0.82 and prior are vulnerable to stack-based buffe
Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to stack-based buffer overflow, which cou
Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to heap-based buffer overflow, which coul
CNCSoft-B Versions 1.0.0.3 and prior is vulnerable to an out-of-bounds write, which may allow an attacker to execute arb
CNCSoft-B Versions 1.0.0.3 and prior is vulnerable to an out-of-bounds read, which may allow an attacker to execute arbi
Same weakness CWE-427 – Uncontrolled Search Path Element
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today