Severity
High
Analysis Summary
CVE-2021-32965
Delta Electronics DIAScreen could allow a remote attacker to execute arbitrary code on the system, caused by a type confusion error. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-32969
Delta Electronics DIAScreen could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the system to crash.
Impact
- Unauthorized access
- Code execution
Affected Vendors
Delta Electronics
Affected Products
- Delta Electronics DIAScreen 1.0.9
- Delta Electronics DIAScreen 1.0.8
- Delta Electronics DIAScreen 1.0.7
- Delta Electronics DIAScreen 1.0.6
- Delta Electronics DIAScreen 1.0.5
- Delta Electronics DIAScreen 1.0.4
- Delta Electronics DIAScreen 1.0.3
- Delta Electronics DIAScreen 1.0.2
- Delta Electronics DIAScreen 1.0.1
- Delta Electronics DIAScreen 1.0.0
Remediation
Upgrade to the latest version of Delta Electronics DIAScreen (1.1.0 or later), available from the Delta Electronics Web site.