CVE-2022-36621

CVE-2022-36621 affects Samsung Electronics mTower v0.3.0 and earlier, due to a NULL pointer dereference in TEE_AllocateTransientObject. The CVE entry notes a high impact on availability (CVSS 3.1 base 7.5, network attack vector, no privileges required, no user interaction). Connected documents co...

CVE-2022-36621

Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEEAllocateTransientObject...

Delta Electronics DOPSoft 缓冲区错误漏洞

Delta Electronics DOPSoft is a Human Machine Interface HMI software suite from Delta Electronics Taiwan, China. A buffer error vulnerability exists in Delta Electronics DOPSoft, which arises from the processing of specific project files without properly sanitizing the user input could result in t...

PT-2022-23514 · Samsung Electronics · Mtower

Name of the Vulnerable Software and Affected Versions: Samsung Electronics mTower version 0.3.0 and earlier Description: A NULL pointer dereference issue was discovered via the function TEE AllocateTransientObject. Recommendations: For Samsung Electronics mTower version 0.3.0 and earlier, at the...

Delta Electronics DOPSoft (Update A)

1. EXECUTIVE SUMMARY CVSS v3 3.3 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DOPSoft Vulnerability: Out-of-bounds Read 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-22-244-01 Delta Electronics DOPSoft that was published...

CVE-2022-2759

Delta Electronics Delta Robot Automation Studio DRAS versions prior to 1.13.20 are affected by improper restrictions where the software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to emb...

CVE-2022-1404

Delta Electronics CNCSoft All versions prior to 1.01.32 does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition...

CVE-2022-1404

Delta Electronics CNCSoft All versions prior to 1.01.32 does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition...

Design/Logic Flaw

Delta Electronics Delta Robot Automation Studio DRAS versions prior to 1.13.20 are affected by improper restrictions where the software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to emb...

Design/Logic Flaw

Delta Electronics CNCSoft All versions prior to 1.01.32 does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition...

CVE-2022-2759

Delta Electronics Delta Robot Automation Studio DRAS versions prior to 1.13.20 are affected by improper restrictions where the software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to emb...

CVE-2022-2759

Delta Electronics DRAS (Delta Robot Automation Studio) prior to version 1.13.20 is affected by improper restriction of XML external entity references (CWE-611). The vulnerability stems from processing XML documents whose entities can resolve to URIs outside the intended scope, causing the product...

CVE-2022-1404 Delta Electronics CNCSoft Out-of-bounds Read

Delta Electronics CNCSoft All versions prior to 1.01.32 does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition...

CVE-2022-1404

Delta Electronics CNCSoft (all versions prior to 1.01.32) is affected by CVE-2022-1404 due to improper input sanitization when processing a specific project file, which can lead to an out-of-bounds read condition. The issue is documented across multiple sources (NVD entry for CVE-2022-1404, ICS a...

CVE-2022-1404 Delta Electronics CNCSoft Out-of-bounds Read

Delta Electronics CNCSoft All versions prior to 1.01.32 does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition...

CVE-2022-1405 Delta Electronics CNCSoft Stack-based Buffer Overflow

CNCSoft: All versions prior to 1.01.32 does not properly sanitize input while processing a specific project file, allowing a possible stack-based buffer overflow condition...

CVE-2022-1405 Delta Electronics CNCSoft Stack-based Buffer Overflow

CNCSoft: All versions prior to 1.01.32 does not properly sanitize input while processing a specific project file, allowing a possible stack-based buffer overflow condition...

PT-2022-18509 · Delta Electronics · Delta Robot Automation Studio

Name of the Vulnerable Software and Affected Versions: Delta Electronics Delta Robot Automation Studio DRAS versions prior to 1.13.20 Description: The issue arises from improper restrictions in processing XML documents, allowing XML entities with URIs to resolve to documents outside the intended...

CISA releases two Industrial Control Systems Advisories

CISA has released two Industrial Control Systems ICS advisories on September 01, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for...

Sensormatic Electronics iSTAR

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION : Exploitable remotely/low attack complexity Vendor: Sensormatic Electronics, a subsidiary of Johnson Controls Inc. Equipment: iSTAR Ultra Vulnerability: Command Injection 2. RISK EVALUATION An unauthenticated user could use a malicious request to run...