CVE-2021-43982: Delta Electronics CNCSoft
First published: Thu Dec 09 2021(Updated: )
Delta Electronics CNCSoft Versions 1.01.30 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.
Credit: ics-cert@hq.dhs.gov ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Deltaww Cncsoft | <=1.01.30 | |
| Delta Electronics CNCSoft: Version 1.01.30 and prior | ||
| <=1.01.30 |
Remedy
Delta Electronics has released an updated version of CNCSoft and recommends users install v1.01.31 and later on all affected systems. Delta Electronics recommends users should apply the following mitigations to reduce the risk of exploit: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet. Locate control system networks and remote devices behind firewalls and isolate them from the business network. When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing a VPN is only as secure as its connected devices.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-43982?
CVE-2021-43982 is a vulnerability found in Delta Electronics CNCSoft Versions 1.01.30 and prior, which allows an attacker to execute arbitrary code through a stack-based buffer overflow.
How severe is CVE-2021-43982?
CVE-2021-43982 has a severity rating of 7.8 (high).
How can I fix CVE-2021-43982?
To fix CVE-2021-43982, you should upgrade to a version of Delta Electronics CNCSoft that is higher than 1.01.30.
What is CWE-119?
CWE-119 is a Common Weakness Enumeration category that refers to a flaw in which an attacker can inject or execute arbitrary code, leading to a stack-based buffer overflow.
What is CWE-121?
CWE-121 is a Common Weakness Enumeration category that refers to a flaw in which an attacker can execute arbitrary code by overwriting or modifying memory locations adjacent to an allocated buffer.
- collector/nvd-index
- agent/type
- agent/title
- agent/remedy
- agent/weakness
- agent/description
- agent/references
- agent/severity
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/author
- agent/tags
- agent/softwarecombine
- agent/event
- agent/trending
- vendor/deltaww
- canonical/deltaww cncsoft
- version/deltaww cncsoft/1.01.30
- vendor/delta electronics
- canonical/delta electronics cncsoft: version 1.01.30 and prior