cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-22880,https://securityvulnerability.io/vulnerability/CVE-2025-22880,Heap-Based Buffer Overflow in Delta Electronics CNCSoft-G2,"Delta Electronics CNCSoft-G2 has a vulnerability due to insufficient validation of user-supplied data length. This defect allows attackers to exploit the software when a user accesses a malicious page or file. By manipulating the input, an attacker can potentially execute arbitrary code within the context of the affected process, posing a significant risk to system integrity and security.",Delta Electronics,Cncsoft-g2,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-07T07:26:04.691Z,0
CVE-2024-12834,https://securityvulnerability.io/vulnerability/CVE-2024-12834,Type Confusion in Delta Electronics DRASimuCAD STP File Parsing,"The type confusion vulnerability in Delta Electronics DRASimuCAD arises due to improper validation of user-provided data during the parsing of STP files. This flaw can be exploited by a remote attacker through a specially crafted malicious file or webpage that prompts user interaction. Once activated, the attacker can execute arbitrary code within the context of the affected process, potentially compromising the security of the system. This vulnerability emphasizes the importance of stringent data validation and user awareness of file origins.",Delta Electronics,Drasimucad,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2024-12-30T17:15:00.000Z,0
CVE-2024-12835,https://securityvulnerability.io/vulnerability/CVE-2024-12835,Remote Code Execution Vulnerability in Delta Electronics DRASimuCAD,"The vulnerability involves an Out-Of-Bounds Write flaw that occurs during the parsing of ICS files in Delta Electronics DRASimuCAD. It arises due to inadequate validation of user-supplied data, which can lead to a situation where an attacker is able to write beyond the allocated buffer. This can allow attackers to execute arbitrary code on systems running affected versions of the software, provided that the user interacts with a malicious page or opens a compromised file. The issue highlights significant security concerns for installations of DRASimuCAD that have not been updated to address this flaw. Proper security measures and prompt updates are essential to mitigate risks associated with this vulnerability.",Delta Electronics,Drasimucad,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2024-12-30T17:15:00.000Z,0
CVE-2024-12836,https://securityvulnerability.io/vulnerability/CVE-2024-12836,Type Confusion Remote Code Execution Vulnerability in Delta Electronics DRASimuCAD,"A vulnerability affecting Delta Electronics DRASimuCAD arises from improper parsing of STP files, leading to a type confusion issue. This flaw allows remote attackers to execute arbitrary code if a user interacts with malicious content, such as visiting a compromised webpage or opening a crafted file. The vulnerability stems from insufficient validation of user-supplied data, which could lead to unwanted code execution in the context of the current process, thereby posing a significant risk to affected installations.",Delta Electronics,Drasimucad,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2024-12-30T17:15:00.000Z,0
CVE-2024-12677,https://securityvulnerability.io/vulnerability/CVE-2024-12677,Potential Code Execution Risk in Delta Electronics DTM Software,"CVE-2024-12677 is a critical vulnerability affecting Delta Electronics' DTM Soft software. This flaw arises from improper deserialization of objects, which could allow an unauthenticated attacker to execute arbitrary code on the affected system. If exploited, this vulnerability poses significant security risks, enabling attackers to compromise system integrity and gain unauthorized access. Users of DTM Soft are urged to assess their systems and implement recommended mitigations to protect against potential exploitation.",Delta Electronics,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-20T17:15:00.000Z,0
CVE-2024-47131,https://securityvulnerability.io/vulnerability/CVE-2024-47131,Stack-Based Buffer Overflow Vulnerability in Delta Electronics DIAScreen,"A vulnerability in Delta Electronics DIAScreen allows attackers to exploit a stack-based buffer overflow by deceiving a valid user to execute a file with malicious code. This could enable remote execution of arbitrary code, compromising the integrity and security of the system.",Delta Electronics,DIAScreen,7.8,HIGH,0.0012499999720603228,false,,false,false,false,,,false,false,,2024-11-11T15:15:00.000Z,0
CVE-2024-39354,https://securityvulnerability.io/vulnerability/CVE-2024-39354,Stack-Based Buffer Overflow in Delta Electronics DIAScreen,"A vulnerability exists in Delta Electronics DIAScreen, where an attacker can exploit a stack-based buffer overflow in the CEtherIPTagItem component. If a valid user unknowingly opens a specially crafted file containing malicious code, the attacker can remotely execute arbitrary code on the affected system. This poses significant risks to operational integrity, data security, and system reliability for users of DIAScreen.",Delta Electronics,Diascreen,7.8,HIGH,0.0012499999720603228,false,,false,false,false,,,false,false,,2024-11-11T15:15:00.000Z,0
CVE-2024-39605,https://securityvulnerability.io/vulnerability/CVE-2024-39605,Stack-Based Buffer Overflow in Delta Electronics DIAScreen,"A stack-based buffer overflow vulnerability exists in Delta Electronics DIAScreen that can be exploited if an attacker convinces a valid user to execute the software with a specially crafted file containing malicious code. This flaw may allow the attacker to execute arbitrary code remotely, posing significant security risks to users of the affected product. It is crucial for users to apply the latest patches to mitigate potential exploits.",Delta Electronics,DIAScreen,7.8,HIGH,0.0012499999720603228,false,,false,false,false,,,false,false,,2024-11-11T15:15:00.000Z,0
CVE-2024-10456,https://securityvulnerability.io/vulnerability/CVE-2024-10456,Deserialization Vulnerability Affects Delta Electronics' InfraSuite Device Master,"Delta Electronics InfraSuite Device Master versions prior to 1.0.12 are susceptible to a deserialization vulnerability that affects the Device-Gateway component. This vulnerability allows the deserialization of arbitrary .NET objects even before authentication is completed. Exploiting this flaw can lead to potential unauthorized actions or information leakage, thereby posing significant risks to the operational integrity and security of the affected systems.",Delta Electronics,Infrasuite Device Master,9.8,CRITICAL,0.0006500000017695129,false,,false,false,false,,,false,false,,2024-10-30T18:04:52.786Z,0
CVE-2024-47966,https://securityvulnerability.io/vulnerability/CVE-2024-47966,Delta Electronics CNCSoft-G2 Memory Initialization Vulnerability,"The CNCSoft-G2 software by Delta Electronics contains a vulnerability related to improper memory initialization prior to access. This flaw could allow an attacker to craft a malicious web page or file. If a user interacts with this malicious content, the attacker may execute arbitrary code in the security context of the affected software. It is crucial for users to ensure their systems are updated and follow best security practices to mitigate the risks associated with this vulnerability.",Delta Electronics,Cncsoft-g2,7.8,HIGH,0.000910000002477318,false,,false,false,false,,,false,false,,2024-10-10T17:18:58.817Z,0
CVE-2024-47965,https://securityvulnerability.io/vulnerability/CVE-2024-47965,Buffer Overflow Vulnerability in CNCSoft-G2 Could Lead to Code Execution,"The vulnerability in Delta Electronics CNCSoft-G2 arises from inadequate validation of data supplied by users, allowing attackers to manipulate user interactions. This may lead to code execution in the context of the current process, posing significant risks to system integrity. Attackers can exploit this issue by directing users to malicious pages or files, facilitating unauthorized access and control over the affected system.",Delta Electronics,Cncsoft-g2,7.8,HIGH,0.000910000002477318,false,,false,false,false,,,false,false,,2024-10-10T17:18:01.407Z,0
CVE-2024-47964,https://securityvulnerability.io/vulnerability/CVE-2024-47964,Delta Electronics CNCSoft-G2: Inadequate User-Supplied Data Validation Key Vulnerability,"The Delta Electronics CNCSoft-G2 software exhibits a vulnerability due to improper validation of user-supplied data length before copying it to a heap-based buffer with a fixed length. This flaw allows a malicious actor to potentially exploit the vulnerability by enticing users to open a specially crafted web page or file, leading to arbitrary code execution in the context of the current process. This situation poses significant risks, as it can compromise system integrity, allowing attackers to manipulate the operations of CNC machines or download additional malicious payloads.",Delta Electronics,Cncsoft-g2,7.8,HIGH,0.0007399999885819852,false,,false,false,false,,,false,false,,2024-10-10T17:16:51.747Z,0
CVE-2024-47963,https://securityvulnerability.io/vulnerability/CVE-2024-47963,Vulnerability in Delta Electronics CNCSoft-G2 Allow Manipulation of User-Supplied Data,"Delta Electronics' CNCSoft-G2 is susceptible to a vulnerability resulting from inadequate validation of user-supplied data. This shortcoming allows attackers to exploit the system, potentially leading to unauthorized code execution by tricking users into engaging with a malicious webpage or file. This issue poses significant risks, as it could enable attackers to compromise the integrity of the affected processes and machinery.",Delta Electronics,Cncsoft-g2,7.8,HIGH,0.0009299999801442027,false,,false,false,false,,,false,false,,2024-10-10T17:15:54.044Z,0
CVE-2024-47962,https://securityvulnerability.io/vulnerability/CVE-2024-47962,Stack-based Buffer Overflow Vulnerability in Delta Electronics CNCSoft-G2,"The vulnerability in Delta Electronics CNCSoft-G2 arises from inadequate validation of user-supplied data length before it is copied to a fixed-length stack-based buffer. This flaw allows an attacker to potentially exploit the vulnerability by tricking an insider user into accessing a malicious web page or file. If successfully executed, this could lead to arbitrary code execution within the context of the application, posing significant risks to systems utilizing the affected software.",Delta Electronics,Cncsoft-g2,7.8,HIGH,0.0015800000401213765,false,,false,false,false,,,false,false,,2024-10-10T17:14:30.805Z,0
CVE-2024-43699,https://securityvulnerability.io/vulnerability/CVE-2024-43699,Vulnerability in DIAEnergie Script AM_RegReport.aspx Allows Unauthenticated Access to Confidential Data,"Delta Electronics DIAEnergie contains a vulnerability due to improper input validation in the AM_RegReport.aspx script, which can be exploited through SQL injection. This flaw allows an unauthenticated attacker to potentially access sensitive records stored within the product, posing significant security risks. It is crucial for users and administrators of DIAEnergie to implement appropriate security measures to mitigate this vulnerability.",Delta Electronics DIAEnergie,Diaenergie,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-10-03T23:15:00.000Z,0
CVE-2024-42417,https://securityvulnerability.io/vulnerability/CVE-2024-42417,SQL Injection Vulnerability in Delta Electronics DIAEnergie's Handler_CFG.ashx Could Delay Targeted Product,"Delta Electronics' DIAEnergie product is susceptible to an SQL injection vulnerability located in the Handler_CFG.ashx script. This flaw can be exploited by authenticated attackers to introduce malicious SQL queries that may impact the functionality of the product, causing potential delays. Users are advised to review their security practices and consider implementing all necessary updates to mitigate risks associated with this vulnerability.",Delta Electronics DIAEnergie,Diaenergie,8.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-10-03T23:15:00.000Z,0
CVE-2024-8255,https://securityvulnerability.io/vulnerability/CVE-2024-8255,Remote Code Execution Vulnerability in Delta Electronics DTN Soft,"Delta Electronics DTN Soft, specifically version 2.0.1 and earlier, contains a vulnerability that permits attackers to perform remote code execution. This vulnerability arises from improperly handling deserialization of untrusted data, potentially allowing malicious actors to manipulate or execute arbitrary code on affected systems. Users and organizations utilizing this software should take prompt action to mitigate risks associated with this vulnerability, including updating to the latest software versions and implementing necessary security measures.",Delta Electronics,Dtn Soft,9.8,CRITICAL,0.0012600000482052565,false,,false,false,false,,,false,false,,2024-08-29T15:18:23.355Z,0
CVE-2024-39880,https://securityvulnerability.io/vulnerability/CVE-2024-39880,Buffer Overflow Vulnerability in CNCSoft-G2,"The Delta Electronics CNCSoft-G2 software is vulnerable due to inadequate validation of the length of user-supplied data before copying it to a fixed-length stack-based buffer. Attackers could exploit this vulnerability when a user visits a specially crafted malicious webpage or opens a malicious file, enabling potential code execution in the context of the current process. This flaw poses significant risks to the integrity of systems utilizing the CNCSoft-G2 software, emphasizing the need for immediate remediation to mitigate possible threats.",Delta Electronics,Cncsoft-g2,8.8,HIGH,0.0013500000350177288,false,,false,false,false,,,false,false,,2024-07-09T22:15:00.000Z,0
CVE-2024-39883,https://securityvulnerability.io/vulnerability/CVE-2024-39883,Alpha Attack: Lack of Validation Exposes CNCSoft-G2 to Code Execution,"The CNCSoft-G2 application from Delta Electronics is susceptible to a heap-based buffer overflow vulnerability due to improper validation of user-supplied data length. This vulnerability can be exploited by an attacker who tricks a user into visiting a malicious webpage or opening a malicious file. Successfully exploiting this vulnerability could allow the attacker to execute arbitrary code in the context of the affected process, potentially compromising system integrity and exposing sensitive information. Operators are advised to implement proper security measures to mitigate the risk associated with this vulnerability.",Delta Electronics,Cncsoft-g2,8.8,HIGH,0.0019600000232458115,false,,false,false,false,,,false,false,,2024-07-09T22:15:00.000Z,0
CVE-2024-39882,https://securityvulnerability.io/vulnerability/CVE-2024-39882,Buffer Overflow Vulnerability in CNCSoft-G2 Could Lead to Code Execution,"The vulnerability in Delta Electronics' CNCSoft-G2 arises from inadequate validation of user-supplied data, enabling attackers to exploit a buffer overflow. By triggering this condition through interaction with a malicious web page or file, an attacker can execute arbitrary code within the context of the vulnerable process. This exposure necessitates immediate attention to establish proper input validation mechanisms and mitigate such security risks.",Delta Electronics,Cncsoft-g2,8.8,HIGH,0.0024399999529123306,false,,false,false,false,,,false,false,,2024-07-09T22:15:00.000Z,0
CVE-2024-39881,https://securityvulnerability.io/vulnerability/CVE-2024-39881,Memory Corruption Vulnerability in Delta Electronics CNCSoft-G2 Allows Execution of Code in Context of Current Process,"The vulnerability in Delta Electronics CNCSoft-G2 arises from a lack of proper validation of user-supplied data, leading to possible memory corruption. An attacker can exploit this vulnerability by enticing a target user to visit a compromised webpage or open a malicious file. This action may allow the attacker to execute arbitrary code within the context of the vulnerable process, potentially impacting the integrity and confidentiality of the information handled by the CNCSoft-G2 software. Organizations using this product should consider applying necessary patches and reviewing their security policies to mitigate potential threats.",Delta Electronics,Cncsoft-g2,8.8,HIGH,0.0019600000232458115,false,,false,false,false,,,false,false,,2024-07-09T22:15:00.000Z,0
CVE-2024-4549,https://securityvulnerability.io/vulnerability/CVE-2024-4549,Delta Electronics DIAEnergie v1.10.1.8610 and Prior Faces Denial of Service Vulnerability,"A denial of service vulnerability is present in Delta Electronics DIAEnergie software versions up to v1.10.1.8610. This vulnerability is triggered when the system processes a specific instruction known as the 'ICS Restart!' message, leading to an unintentional restart of the CEBC.exe process. This unintended behavior can disrupt operations and may lead to a temporary loss of service, potentially impacting users relying on the software. Immediate assessment and mitigation strategies are advised for affected installations.",Delta Electronics,Diaenergie,7.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-06T13:54:32.808Z,0
CVE-2024-4548,https://securityvulnerability.io/vulnerability/CVE-2024-4548,SQLi Vulnerability in DIAEnergie v1.10.1.8610 and Prior,"An SQL Injection vulnerability exists in Delta Electronics DIAEnergie software versions v1.10.1.8610 and earlier. This issue occurs during the processing of a 'RecalculateHDMWYC' message in the CEBC.exe component, where the message is divided into four fields using the '~' character as a delimiter. An unauthenticated remote attacker could exploit this vulnerability by injecting malicious SQL commands via the fourth field, potentially compromising the security and integrity of the database.",Delta Electronics,Diaenergie,9.8,CRITICAL,0.002899999963119626,false,,false,false,false,,,false,false,,2024-05-06T13:51:07.049Z,0
CVE-2024-4547,https://securityvulnerability.io/vulnerability/CVE-2024-4547,Unauthenticated Remote SQLi Vulnerability in DIAEnergie,"A SQL injection vulnerability has been identified in the Delta Electronics DIAEnergie software, particularly impacting versions v1.10.1.8610 and earlier. This vulnerability occurs when the software's CEBC.exe component processes a 'RecalculateScript' message, which is segmented using the '~' character. An unauthenticated remote attacker may be able to exploit this flaw by manipulating the message's fourth field, potentially executing unauthorized SQL queries. This can lead to unauthorized data access, data modification, or other malicious activities targeting the affected systems.",Delta Electronics,Diaenergie,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-06T13:48:08.737Z,0
CVE-2024-34033,https://securityvulnerability.io/vulnerability/CVE-2024-34033,"Path Traversal vulnerability in Delta Electronics DIAEnergie ","The vulnerability in Delta Electronics DIAEnergie is characterized by inadequate input validation, which opens the door for path traversal attacks. Attackers can manipulate input to gain unauthorized access to the system's file structure, allowing them to write files outside of the designated directory. This can lead not only to the overwriting of existing files but also to potential disruption of services and data integrity. Organizations utilizing DIAEnergie should take immediate action to mitigate the risks associated with this vulnerability.",Delta Electronics,Diaenergie,8.8,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-05-03T01:15:00.000Z,0