February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – Multiple WordPress Vulnerabilities
September 13, 2021Rewterz Threat Advisory – ICS : Johnson Controls Kantech KT-1 Door Controller
September 13, 2021Rewterz Threat Advisory – Multiple WordPress Vulnerabilities
September 13, 2021Rewterz Threat Advisory – ICS : Johnson Controls Kantech KT-1 Door Controller
September 13, 2021
Severity
High
Analysis Summary
CVE-2021-38402
The affected application lacks proper validation of user-supplied data when parsing specific project files. This could lead to a stack-based buffer overflow while trying to copy to a buffer during font string handling. An attacker could leverage this vulnerability to execute code in the context of the current process.
CVE-2021-38404
The affected application lacks proper validation of user-supplied data when parsing specific project files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process.
CVE-2021-38406
The affected application lacks proper validation of user-supplied data when parsing specific project files. This could result in multiple out-of-bounds write instances. An attacker could leverage this vulnerability to execute code in the context of the current process.
Impact
- Code Execution
- Buffer Overflow
Affected Vendors
- Delta Electronics
Affected Products
- Delta Electronics DOPSoft 2.00.07
- Delta Electronics DOPSoft 2.00.06
- Delta Electronics DOPSoft 2.00.05
- Delta Electronics DOPSoft 2.00.04
Remediation
Refer to ICS Advisory for the patch, upgrade, or suggested workaround information.