CVE-2020-27275: Delta Industrial Automation DOPSoft XLS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
First published: Mon Jan 11 2021(Updated: )
Delta Electronics DOPSoft Version 4.0.8.21 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Deltaww Dopsoft | <=4.0.8.21 | |
| Delta Industrial Automation DOPSoft | ||
| Delta Electronics DOPSoft Version 4.0.8.21 and prior |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://us-cert.cisa.gov/ics/advisories/icsa-21-005-05
- https://www.zerodayinitiative.com/advisories/ZDI-21-028/
- https://www.zerodayinitiative.com/advisories/ZDI-21-029/
- https://www.zerodayinitiative.com/advisories/ZDI-21-032/
- https://www.zerodayinitiative.com/advisories/ZDI-21-034/
- https://www.zerodayinitiative.com/advisories/ZDI-21-035/
- https://www.zerodayinitiative.com/advisories/ZDI-21-036/
- https://www.zerodayinitiative.com/advisories/ZDI-21-037/
- https://www.zerodayinitiative.com/advisories/ZDI-21-038/
- https://www.cisa.gov/news-events/ics-advisories/icsa-21-005-05 (Advisory)
Frequently Asked Questions
What is CVE-2020-27275?
CVE-2020-27275 is a vulnerability in Delta Industrial Automation DOPSoft that allows remote attackers to execute arbitrary code.
How can this vulnerability be exploited?
This vulnerability requires user interaction, either by visiting a malicious page or opening a malicious file.
Which versions of Delta Industrial Automation DOPSoft are affected?
The vulnerability affects Delta Industrial Automation DOPSoft versions up to and including 4.0.8.21.
What is the severity of CVE-2020-27275?
The severity of CVE-2020-27275 is critical with a CVSS score of 7.8.
How can I fix CVE-2020-27275?
To fix CVE-2020-27275, users should update their Delta Industrial Automation DOPSoft installation to a version that is not affected.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-21-029
- alias/ZDI-CAN-11645
- alias/CVE-2020-27275
- agent/software-canonical-lookup
- alias/ZDI-21-028
- alias/ZDI-CAN-11644
- agent/title
- agent/last-modified-date
- agent/severity
- agent/author
- agent/weakness
- agent/description
- agent/first-publish-date
- alias/ZDI-21-035
- alias/ZDI-CAN-11658
- alias/ZDI-21-036
- alias/ZDI-CAN-11666
- alias/ZDI-21-034
- alias/ZDI-CAN-11664
- alias/ZDI-21-032
- alias/ZDI-CAN-11661
- alias/ZDI-21-038
- alias/ZDI-CAN-11662
- agent/references
- collector/ics-cert-advisory
- source/ICS
- agent/softwarecombine
- agent/tags
- agent/event
- alias/ZDI-21-037
- alias/ZDI-CAN-11660
- vendor/deltaww
- canonical/deltaww dopsoft
- version/deltaww dopsoft/4.0.8.21
- vendor/delta industrial automation
- canonical/delta industrial automation dopsoft
- vendor/delta electronics
- canonical/delta electronics dopsoft version 4.0.8.21 and prior