Details of VAR-202101-0363

ID

VAR-202101-0363

CVE

CVE-2020-27284

TITLE

Delta Industrial Automation TPEditor TPE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Trust: 1.4

sources: ZDI: ZDI-21-082 // ZDI: ZDI-21-081

DESCRIPTION

TPEditor (v1.98 and prior) is vulnerable to two out-of-bounds write instances in the way it processes project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. Delta Electronics The following vulnerabilities exist in multiple products provided by the company. ‥ * Use of freed memory (Use-after-free) (CWE-416) - CVE-2020-27280 ‥ * Untrusted pointer reference (CWE-822) - CVE-2020-27288 ‥ * Out-of-bounds writing (CWE-787) - CVE-2020-27284Both vulnerabilities could allow arbitrary code to be executed with application privileges by processing a specially crafted project file. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation TPEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TPE files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process

Trust: 2.97

sources: NVD: CVE-2020-27284 // JVNDB: JVNDB-2021-001012 // ZDI: ZDI-21-082 // ZDI: ZDI-21-081 // VULMON: CVE-2020-27284

AFFECTED PRODUCTS

vendor:	delta industrial automation	model:	tpeditor	scope:	-	version:	-	Trust: 1.4
vendor:	deltaww	model:	tpeditor	scope:	lte	version:	1.98	Trust: 1.0
vendor:	delta	model:	ispsoft	scope:	eq	version:	v3.12 - cve-2020-27280	Trust: 0.8
vendor:	delta	model:	tpeditor	scope:	eq	version:	v1.98 - cve-2020-27284、cve-2020-27288	Trust: 0.8

sources: ZDI: ZDI-21-082 // ZDI: ZDI-21-081 // JVNDB: JVNDB-2021-001012 // NVD: CVE-2020-27284

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA:	JVNDB-2021-001012
value:	HIGH
Trust: 2.4
ZDI:	CVE-2020-27284
value:	HIGH
Trust: 1.4
nvd@nist.gov:	CVE-2020-27284
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202101-1638
value:	HIGH
Trust: 0.6
VULMON:	CVE-2020-27284
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-27284
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1

IPA score:	JVNDB-2021-001012
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 2.4
ZDI:	CVE-2020-27284
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.4
nvd@nist.gov:	CVE-2020-27284
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: ZDI: ZDI-21-082 // ZDI: ZDI-21-081 // VULMON: CVE-2020-27284 // JVNDB: JVNDB-2021-001012 // JVNDB: JVNDB-2021-001012 // JVNDB: JVNDB-2021-001012 // CNNVD: CNNVD-202101-1638 // NVD: CVE-2020-27284

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.8
problemtype:	CWE-416	Trust: 0.8
problemtype:	CWE-822	Trust: 0.8

sources: JVNDB: JVNDB-2021-001012 // NVD: CVE-2020-27284

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202101-1638

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202101-1638

CONFIGURATIONS

sources: JVNDB: JVNDB-2021-001012

PATCH

title:	Delta Industrial Automation has issued an update to correct this vulnerability.	url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-021-02	Trust: 1.4
title:	Download Center (TPEditor)	url:	https://downloadcenter.deltaww.com/en-US/DownloadCenter?v=1&CID=06&itemID=060302&dataType=8&q=TPEditor	Trust: 0.8
title:	Delta Electronics TPEditor Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=140006	Trust: 0.6

sources: ZDI: ZDI-21-082 // ZDI: ZDI-21-081 // JVNDB: JVNDB-2021-001012 // CNNVD: CNNVD-202101-1638

EXTERNAL IDS

db:	NVD	id:	CVE-2020-27284	Trust: 3.9
db:	ICS CERT	id:	ICSA-21-021-02	Trust: 2.5
db:	JVN	id:	JVNVU95339074	Trust: 0.8
db:	ICS CERT	id:	ICSA-21-021-01	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-001012	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-11758	Trust: 0.7
db:	ZDI	id:	ZDI-21-082	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-11757	Trust: 0.7
db:	ZDI	id:	ZDI-21-081	Trust: 0.7
db:	AUSCERT	id:	ESB-2021.0259	Trust: 0.6
db:	CNNVD	id:	CNNVD-202101-1638	Trust: 0.6
db:	VULMON	id:	CVE-2020-27284	Trust: 0.1

sources: ZDI: ZDI-21-082 // ZDI: ZDI-21-081 // VULMON: CVE-2020-27284 // JVNDB: JVNDB-2021-001012 // CNNVD: CNNVD-202101-1638 // NVD: CVE-2020-27284

REFERENCES

url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-021-02	Trust: 3.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27280	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27284	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27288	Trust: 0.8
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-021-01	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu95339074	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-27284	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0259/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/195474	Trust: 0.1

sources: ZDI: ZDI-21-082 // ZDI: ZDI-21-081 // VULMON: CVE-2020-27284 // JVNDB: JVNDB-2021-001012 // CNNVD: CNNVD-202101-1638 // NVD: CVE-2020-27284

CREDITS

kimiya

Trust: 1.4

sources: ZDI: ZDI-21-082 // ZDI: ZDI-21-081

SOURCES

db:	ZDI	id:	ZDI-21-082
db:	ZDI	id:	ZDI-21-081
db:	VULMON	id:	CVE-2020-27284
db:	JVNDB	id:	JVNDB-2021-001012
db:	CNNVD	id:	CNNVD-202101-1638
db:	NVD	id:	CVE-2020-27284

LAST UPDATE DATE

2024-11-23T22:33:09.812000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-21-082	date:	2021-01-22T00:00:00
db:	ZDI	id:	ZDI-21-081	date:	2021-01-22T00:00:00
db:	VULMON	id:	CVE-2020-27284	date:	2021-01-29T00:00:00
db:	JVNDB	id:	JVNDB-2021-001012	date:	2021-01-25T07:03:55
db:	CNNVD	id:	CNNVD-202101-1638	date:	2021-02-01T00:00:00
db:	NVD	id:	CVE-2020-27284	date:	2024-11-21T05:20:59.737

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-21-082	date:	2021-01-22T00:00:00
db:	ZDI	id:	ZDI-21-081	date:	2021-01-22T00:00:00
db:	VULMON	id:	CVE-2020-27284	date:	2021-01-26T00:00:00
db:	JVNDB	id:	JVNDB-2021-001012	date:	2021-01-25T07:03:55
db:	CNNVD	id:	CNNVD-202101-1638	date:	2021-01-21T00:00:00
db:	NVD	id:	CVE-2020-27284	date:	2021-01-26T18:15:45.863