CVE-2021-38406
| CVE Published | 2021-09-17 |
|---|---|
| Related CWE(s) | CWE-787: Out-of-bounds Write |
| Related Vendor(s) | deltaww |
| Related Product(s) | dopsoft |
| Exploitation Reported (CISA KEV) | 2022-08-25 |
| CVSS 3 Base Score | 7.8 (HIGH) |
| CVSS 3 Attack Complexity | LOW |
| CVSS 3 Attack Vector | LOCAL |
Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in multiple out-of-bounds write instances. An attacker could leverage this vulnerability to execute code in the context of the current process.
Cyber Threat Graph Context
Explore how this CVE relates to the wider threat graph