Details of VAR-202412-2386

ID

VAR-202412-2386

CVE

CVE-2024-12836

TITLE

Delta Electronics, INC. of DRASimuCAD Vulnerability regarding mix-ups in

Trust: 0.8

sources: JVNDB: JVNDB-2024-026057

DESCRIPTION

Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of STP files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22450. Delta Electronics, INC. of DRASimuCAD contains a type confusion vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Delta Electronics DRASimuCAD is a robot simulation integration platform

Trust: 2.79

sources: NVD: CVE-2024-12836 // JVNDB: JVNDB-2024-026057 // ZDI: ZDI-24-1724 // CNVD: CNVD-2025-26915

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-26915

AFFECTED PRODUCTS

vendor:	delta	model:	drasimucad	scope:	-	version:	-	Trust: 1.5
vendor:	deltaww	model:	drasimucad	scope:	lte	version:	1.02.00.00	Trust: 1.0
vendor:	delta	model:	drasimucad	scope:	lte	version:	1.02.00.00 and earlier	Trust: 0.8
vendor:	delta	model:	drasimucad	scope:	eq	version:	-	Trust: 0.8
vendor:	delta	model:	electronics drasimucad	scope:	lte	version:	<=1.02.00.00	Trust: 0.6

sources: ZDI: ZDI-24-1724 // CNVD: CNVD-2025-26915 // JVNDB: JVNDB-2024-026057 // NVD: CVE-2024-12836

CVSS

SEVERITY

CVSSV2

CVSSV3

zdi-disclosures@trendmicro.com:	CVE-2024-12836
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2024-026057
value:	HIGH
Trust: 0.8
ZDI:	CVE-2024-12836
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2025-26915
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-26915
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

zdi-disclosures@trendmicro.com:	CVE-2024-12836
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.0
OTHER:	JVNDB-2024-026057
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2024-12836
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-24-1724 // CNVD: CNVD-2025-26915 // JVNDB: JVNDB-2024-026057 // NVD: CVE-2024-12836

PROBLEMTYPE DATA

problemtype:	CWE-843	Trust: 1.0
problemtype:	Mistake of type (CWE-843) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-026057 // NVD: CVE-2024-12836

PATCH

title:

Patch for Delta Electronics DRASimuCAD Type Confusion Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/749061

Trust: 0.6

sources: CNVD: CNVD-2025-26915

EXTERNAL IDS

db:	NVD	id:	CVE-2024-12836	Trust: 3.9
db:	ZDI	id:	ZDI-24-1724	Trust: 3.1
db:	JVN	id:	JVNVU93677522	Trust: 0.8
db:	ICS CERT	id:	ICSA-25-010-03	Trust: 0.8
db:	JVNDB	id:	JVNDB-2024-026057	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-22450	Trust: 0.7
db:	CNVD	id:	CNVD-2025-26915	Trust: 0.6

sources: ZDI: ZDI-24-1724 // CNVD: CNVD-2025-26915 // JVNDB: JVNDB-2024-026057 // NVD: CVE-2024-12836

REFERENCES

url:	https://www.zerodayinitiative.com/advisories/zdi-24-1724/	Trust: 2.4
url:	https://jvn.jp/vu/jvnvu93677522/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-12836	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-25-010-03	Trust: 0.8

sources: CNVD: CNVD-2025-26915 // JVNDB: JVNDB-2024-026057 // NVD: CVE-2024-12836

CREDITS

rgod

Trust: 0.7

sources: ZDI: ZDI-24-1724

SOURCES

db:	ZDI	id:	ZDI-24-1724
db:	CNVD	id:	CNVD-2025-26915
db:	JVNDB	id:	JVNDB-2024-026057
db:	NVD	id:	CVE-2024-12836

LAST UPDATE DATE

2025-11-19T23:02:40.462000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-24-1724	date:	2024-12-20T00:00:00
db:	CNVD	id:	CNVD-2025-26915	date:	2025-11-05T00:00:00
db:	JVNDB	id:	JVNDB-2024-026057	date:	2025-07-14T08:25:00
db:	NVD	id:	CVE-2024-12836	date:	2025-07-11T18:20:50.883

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-24-1724	date:	2024-12-20T00:00:00
db:	CNVD	id:	CNVD-2025-26915	date:	2025-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2024-026057	date:	2025-07-14T00:00:00
db:	NVD	id:	CVE-2024-12836	date:	2024-12-30T17:15:08.137