Details of VAR-202104-1015

ID

VAR-202104-1015

CVE

CVE-2021-27480

TITLE

plural Delta Electronics Multiple vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2021-001379

DESCRIPTION

Delta Industrial Automation COMMGR Versions 1.12 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute remote code. plural Delta Electronics There are multiple vulnerabilities in the product. Delta Electronics Provided by COMMGR The following vulnerabilities exist in. * Stack-based buffer overflow (CWE-121) - CVE-2021-27480Delta Electronics Provided by CNCSoft ScreenEditor The following vulnerabilities exist in. * Out-of-bounds read (CWE-125) - CVE-2021-22668Delta Electronics Provided by CNCSoft-B The following multiple vulnerabilities exist in. * Out-of-bounds read (CWE-125) - CVE-2021-22660 ‥ * Out-of-bounds writing (CWE-787) - CVE-2021-22664The expected impact depends on each vulnerability, but it may be affected as follows. * Code executed by a remote third party - CVE-2021-27480 ‥ * Arbitrary code executed when loading a project file - CVE-2021-22668 ‥ * Execute arbitrary code - CVE-2021-22660 , CVE-2021-22664. Delta Industrial Automation COMMGR is a PLC of Delta Industrial Automation, India. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.79

sources: NVD: CVE-2021-27480 // JVNDB: JVNDB-2021-001379 // CNVD: CNVD-2021-34524 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-27480

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-34524

AFFECTED PRODUCTS

vendor:	deltaww	model:	industrial automation commgr	scope:	lte	version:	1.12	Trust: 1.0
vendor:	delta	model:	cncsoft	scope:	-	version:	-	Trust: 0.8
vendor:	delta	model:	cncsoft-b	scope:	-	version:	-	Trust: 0.8
vendor:	delta	model:	commgr	scope:	lte	version:	version 1.12 and earlier	Trust: 0.8
vendor:	delta	model:	industrial automation commgr	scope:	lte	version:	<=1.12	Trust: 0.6

sources: CNVD: CNVD-2021-34524 // JVNDB: JVNDB-2021-001379 // NVD: CVE-2021-27480

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-27480
value:	CRITICAL
Trust: 1.0
IPA:	JVNDB-2021-001379
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2021-34524
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-1571
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2021-27480
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-27480
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2021-34524
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-27480
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
IPA:	JVNDB-2021-001379
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-34524 // VULMON: CVE-2021-27480 // JVNDB: JVNDB-2021-001379 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-1571 // NVD: CVE-2021-27480

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	Stack-based buffer overflow (CWE-121) [IPA Evaluation ]	Trust: 0.8
problemtype:	Out-of-bounds read (CWE-125) [IPA Evaluation ]	Trust: 0.8
problemtype:	Out-of-bounds writing (CWE-787) [IPA Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-001379 // NVD: CVE-2021-27480

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-1571

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-1571

PATCH

title:	CNCSoft-B V1.0.0.4	url:	https://downloadcenter.deltaww.com/en-US/DownloadCenter?v=1&CID=06&itemID=060301&dataType=8&sort_expr=cdate&sort_dir=DESC	Trust: 0.8
title:	Patch for Delta Industrial Automation COMMGR remote code execution vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/264841	Trust: 0.6
title:	Delta Industrial Automation COMMGR Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=149711	Trust: 0.6
title:	CVE-2021-27480	url:	https://github.com/JamesGeee/CVE-2021-27480	Trust: 0.1

sources: CNVD: CNVD-2021-34524 // VULMON: CVE-2021-27480 // JVNDB: JVNDB-2021-001379 // CNNVD: CNNVD-202104-1571

EXTERNAL IDS

db:	NVD	id:	CVE-2021-27480	Trust: 3.1
db:	ICS CERT	id:	ICSA-21-110-03	Trust: 2.5
db:	ICS CERT	id:	ICSA-21-110-05	Trust: 0.8
db:	ICS CERT	id:	ICSA-21-110-04	Trust: 0.8
db:	JVN	id:	JVNVU93609621	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-001379	Trust: 0.8
db:	CNVD	id:	CNVD-2021-34524	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021042146	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-1571	Trust: 0.6
db:	VULMON	id:	CVE-2021-27480	Trust: 0.1

sources: CNVD: CNVD-2021-34524 // VULMON: CVE-2021-27480 // JVNDB: JVNDB-2021-001379 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-1571 // NVD: CVE-2021-27480

REFERENCES

url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-110-03	Trust: 3.1
url:	http://jvn.jp/cert/jvnvu93609621	Trust: 0.8
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-110-04	Trust: 0.8
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-110-05	Trust: 0.8
url:	https://downloadcenter.deltaww.com/en-us/downloadcenter?v=1&cid=06&itemid=060301&datatype=8&sort_expr=cdate&sort_dir=desc	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021042146	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-27480	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/121.html	Trust: 0.1
url:	https://github.com/jamesgeee/cve-2021-27480	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-34524 // VULMON: CVE-2021-27480 // JVNDB: JVNDB-2021-001379 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-1571 // NVD: CVE-2021-27480

SOURCES

db:	CNVD	id:	CNVD-2021-34524
db:	VULMON	id:	CVE-2021-27480
db:	JVNDB	id:	JVNDB-2021-001379
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202104-1571
db:	NVD	id:	CVE-2021-27480

LAST UPDATE DATE

2024-11-23T20:20:23.432000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-34524	date:	2021-05-14T00:00:00
db:	VULMON	id:	CVE-2021-27480	date:	2021-05-07T00:00:00
db:	JVNDB	id:	JVNDB-2021-001379	date:	2021-04-23T07:25:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202104-1571	date:	2021-05-08T00:00:00
db:	NVD	id:	CVE-2021-27480	date:	2024-11-21T05:58:04.707

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-34524	date:	2021-05-14T00:00:00
db:	VULMON	id:	CVE-2021-27480	date:	2021-04-27T00:00:00
db:	JVNDB	id:	JVNDB-2021-001379	date:	2021-04-23T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202104-1571	date:	2021-04-20T00:00:00
db:	NVD	id:	CVE-2021-27480	date:	2021-04-27T12:15:07.453