{"containers": {"cna": {"affected": [{"product": "DOPSoft 2", "vendor": "Delta Electronics", "versions": [{"lessThanOrEqual": "2.00.07", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative"}], "datePublic": "2021-09-09T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-09-17T18:54:45.000Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-252-02"}], "solutions": [{"lang": "en", "value": "DOPSoft 2 will not receive an update to mitigate these vulnerabilities because it is an end-of-life product. Delta Electronics recommends users to switch to the replacement software when available"}], "source": {"advisory": "ICSA-21-252-02", "discovery": "UNKNOWN"}, "title": "Delta Electronics DOPSoft 2 Heap-based Buffer Overflow", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2021-09-09T14:34:00.000Z", "ID": "CVE-2021-38404", "STATE": "PUBLIC", "TITLE": "Delta Electronics DOPSoft 2 Heap-based Buffer Overflow"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "DOPSoft 2", "version": {"version_data": [{"version_affected": "<=", "version_value": "2.00.07"}]}}]}, "vendor_name": "Delta Electronics"}]}}, "credit": [{"lang": "eng", "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-122 Heap-based Buffer Overflow"}]}]}, "references": {"reference_data": [{"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-252-02", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-252-02"}]}, "solution": [{"lang": "en", "value": "DOPSoft 2 will not receive an update to mitigate these vulnerabilities because it is an end-of-life product. Delta Electronics recommends users to switch to the replacement software when available"}], "source": {"advisory": "ICSA-21-252-02", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T01:37:16.563Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-252-02"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-23T13:16:40.921801Z", "id": "CVE-2021-38404", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T19:27:36.639Z"}}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-38404", "datePublished": "2021-09-17T18:54:45.055Z", "dateReserved": "2021-08-10T00:00:00.000Z", "dateUpdated": "2025-04-23T19:27:36.639Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-252-02", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T01:37:16.563Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-38404", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-23T13:16:40.921801Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T13:16:42.833Z"}}], "cna": {"title": "Delta Electronics DOPSoft 2 Heap-based Buffer Overflow", "source": {"advisory": "ICSA-21-252-02", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative"}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Delta Electronics", "product": "DOPSoft 2", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "2.00.07"}]}], "solutions": [{"lang": "en", "value": "DOPSoft 2 will not receive an update to mitigate these vulnerabilities because it is an end-of-life product. Delta Electronics recommends users to switch to the replacement software when available"}], "datePublic": "2021-09-09T00:00:00.000Z", "references": [{"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-252-02", "tags": ["x_refsource_MISC"]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "descriptions": [{"lang": "en", "value": "Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2021-09-17T18:54:45.000Z"}, "x_legacyV4Record": {"credit": [{"lang": "eng", "value": "kimiya, working with Trend Micro\u2019s Zero Day Initiative"}], "impact": {"cvss": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, "source": {"advisory": "ICSA-21-252-02", "discovery": "UNKNOWN"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.00.07", "version_affected": "<="}]}, "product_name": "DOPSoft 2"}]}, "vendor_name": "Delta Electronics"}]}}, "solution": [{"lang": "en", "value": "DOPSoft 2 will not receive an update to mitigate these vulnerabilities because it is an end-of-life product. Delta Electronics recommends users to switch to the replacement software when available"}], "data_type": "CVE", "generator": {"engine": "Vulnogram 0.0.9"}, "references": {"reference_data": [{"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-252-02", "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-252-02", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-122 Heap-based Buffer Overflow"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-38404", "STATE": "PUBLIC", "TITLE": "Delta Electronics DOPSoft 2 Heap-based Buffer Overflow", "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2021-09-09T14:34:00.000Z"}}}}, "cveMetadata": {"cveId": "CVE-2021-38404", "state": "PUBLISHED", "dateUpdated": "2025-04-23T19:27:36.639Z", "dateReserved": "2021-08-10T00:00:00.000Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2021-09-17T18:54:45.055Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:deltaww:dopsoft:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5964F12-0B63-4F7B-AF5D-AB8035660CE2", "versionEndIncluding": "2.00.07", "versionStartIncluding": "2.00", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process."}, {"lang": "es", "value": "Delta Electronic DOPSoft 2 (versiones 2.00.07 y anteriores) no comprueba apropiadamente los datos proporcionados por el usuario cuando analiza archivos de proyecto espec\u00edficos. Esto podr\u00eda resultar en un desbordamiento del b\u00fafer en la regi\u00f3n heap de la memoria. Un atacante podr\u00eda aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual"}], "id": "CVE-2021-38404", "lastModified": "2024-11-21T06:17:00.870", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-09-17T19:15:08.653", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-252-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-252-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}

{}

{}