CVE-2020-27275

moderate-risk

Published 2021-01-11

Delta Electronics DOPSoft Version 4.0.8.21 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code.

Do I need to act?

0.66% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (1)

Dopsoft

Affected Vendors

Deltaww

References (18)

Third Party Advisory https://us-cert.cisa.gov/ics/advisories/icsa-21-005-05

Third Party Advisory https://www.zerodayinitiative.com/advisories/ZDI-21-028/

Third Party Advisory https://www.zerodayinitiative.com/advisories/ZDI-21-029/

Third Party Advisory https://www.zerodayinitiative.com/advisories/ZDI-21-032/

Third Party Advisory https://www.zerodayinitiative.com/advisories/ZDI-21-034/

Third Party Advisory https://www.zerodayinitiative.com/advisories/ZDI-21-035/

Third Party Advisory https://www.zerodayinitiative.com/advisories/ZDI-21-036/

Third Party Advisory https://www.zerodayinitiative.com/advisories/ZDI-21-037/

Third Party Advisory https://www.zerodayinitiative.com/advisories/ZDI-21-038/