Lucene search

IcscertCVE-2024-7502

HistoryAug 06, 2024 - 5:15 p.m.

CVE-2024-7502

2024-08-0617:15:54

CWE-787

CWE-121

icscert

web.nvd.nist.gov

crafted file

dpa

buffer overflow

delta electronics diascreen

arbitrary code execution

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS4

8.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

PASSIVE

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

EPSS

0.002

Percentile

52.9%

JSON

A crafted DPA file could force Delta Electronics DIAScreen to overflow a stack-based buffer, which could allow an attacker to execute arbitrary code.

Affected configurations

Nvd

Node

deltawwdiascreenRange<1.4.2

VendorProductVersionCPE
deltawwdiascreen*cpe:2.3:a:deltaww:diascreen:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
deltaww	diascreen	*	cpe:2.3:a:deltaww:diascreen::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "DIAScreen",
    "vendor": "Delta Electronics",
    "versions": [
      {
        "lessThan": "1.4.2",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-24-219-01

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS4

8.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

PASSIVE

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

EPSS

0.002

Percentile

52.9%

JSON

Related for CVE-2024-7502