{"containers": {"cna": {"affected": [{"product": "CNCSoft", "vendor": "Delta Electronics", "versions": [{"lessThanOrEqual": "1.01.30", "status": "affected", "version": "All", "versionType": "custom"}]}], "datePublic": "2021-11-30T00:00:00", "descriptions": [{"lang": "en", "value": "Delta Electronics CNCSoft Versions 1.01.30 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-12-09T21:36:14", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-334-03"}], "solutions": [{"lang": "en", "value": "Delta Electronics has released an updated version of CNCSoft and recommends users install v1.01.31 and later on all affected systems.\n\nDelta Electronics recommends users should apply the following mitigations to reduce the risk of exploit:\n\nMinimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet.\nLocate control system networks and remote devices behind firewalls and isolate them from the business network.\nWhen remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing a VPN is only as secure as its connected devices."}], "source": {"advisory": "ICSA-21-334-03", "discovery": "UNKNOWN"}, "title": "Delta Electronics CNCSoft", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2021-11-30T16:17:00.000Z", "ID": "CVE-2021-43982", "STATE": "PUBLIC", "TITLE": "Delta Electronics CNCSoft"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "CNCSoft", "version": {"version_data": [{"version_affected": "<=", "version_name": "All", "version_value": "1.01.30"}]}}]}, "vendor_name": "Delta Electronics"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Delta Electronics CNCSoft Versions 1.01.30 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-121 Stack-based Buffer Overflow"}]}]}, "references": {"reference_data": [{"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-334-03", "refsource": "MISC", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-334-03"}]}, "solution": [{"lang": "en", "value": "Delta Electronics has released an updated version of CNCSoft and recommends users install v1.01.31 and later on all affected systems.\n\nDelta Electronics recommends users should apply the following mitigations to reduce the risk of exploit:\n\nMinimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet.\nLocate control system networks and remote devices behind firewalls and isolate them from the business network.\nWhen remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing a VPN is only as secure as its connected devices."}], "source": {"advisory": "ICSA-21-334-03", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T04:10:17.159Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-334-03"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-43982", "datePublished": "2021-12-09T21:36:14.437461Z", "dateReserved": "2021-11-17T00:00:00", "dateUpdated": "2024-09-16T17:08:35.130Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:deltaww:cncsoft:*:*:*:*:*:*:*:*", "matchCriteriaId": "58A63012-C3DC-483C-8FFF-09229269A382", "versionEndIncluding": "1.01.30", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Delta Electronics CNCSoft Versions 1.01.30 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code."}, {"lang": "es", "value": "Delta Electronics CNCSoft versiones 1.01.30 y anteriores, son vulnerables a un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria, que puede permitir a un atacante ejecutar c\u00f3digo arbitrario"}], "id": "CVE-2021-43982", "lastModified": "2024-11-21T06:30:08.570", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-12-09T22:15:07.743", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-334-03"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-334-03"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}

{}