CVERadar

CVE-2024-47963

Critical Severity

Deltaww

SVRS

70/100

CVSSv3

7.8/10

EPSS

0.00028/1

CVE-2024-47963 in Delta Electronics CNCSoft-G2 allows for arbitrary code execution due to insufficient data validation. An attacker could exploit this vulnerability by enticing users to access a malicious page or file. This memory corruption issue, classified as CWE-787 (Write-What-Where Condition), allows attackers to write past the end of an allocated object. While the CVSS score is 7.8, SOCRadar's Vulnerability Risk Score (SVRS) of 70 indicates a significant threat. The risk includes unauthorized code execution within the context of the current process, potentially leading to system compromise. Immediate patching is recommended to mitigate the risk, especially given the vulnerability is tagged "In The Wild."

TAGS

In The Wild

VECTOR STRING

CVSS:3.1

AV:L

AC:L

PR:N

UI:R

S:U

C:H

I:H

A:H

PUBLICATION DATE2024-10-10

LAST MODIFIED2024-10-17

SOCRadar

AI Insight

Description

CVE-2024-47963 is a vulnerability with a CVSS score of 0, indicating a low severity level. However, SOCRadar's unique 'SOCRadar Vulnerability Risk Score' (SVRS) assigns it a score of 30, highlighting the potential for exploitation.

Key Insights

Active Exploitation: The vulnerability is actively exploited in the wild, posing an immediate threat to organizations.
Low CVSS Score: Despite the low CVSS score, the SVRS score of 30 indicates that the vulnerability should not be overlooked.
Unknown Description: The lack of a detailed description makes it challenging to fully understand the nature and impact of the vulnerability.
Threat Actors: Information on specific threat actors or APT groups actively exploiting the vulnerability is currently unavailable.

Mitigation Strategies

Apply Patches: As soon as patches become available, apply them promptly to address the vulnerability.
Monitor Network Traffic: Implement network monitoring solutions to detect and block suspicious activity that may indicate exploitation attempts.
Educate Users: Raise awareness among users about the vulnerability and encourage them to practice good cybersecurity hygiene.
Consider Additional Security Measures: Explore additional security measures, such as intrusion detection systems (IDS) and firewalls, to enhance protection against potential attacks.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

ZDI-24-1384: Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

2024-10-15

ZDI-24-1384: Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-47963.

cve-2024-47963

cves

information technology

file

ZDI-24-1385: Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

2024-10-15

ZDI-24-1385: Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-47963.

cve-2024-47963

cves

information technology

file

ZDI-24-1386: Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

2024-10-15

ZDI-24-1386: Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-47963.

cve-2024-47963

cves

information technology

file

ZDI-24-1391: Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

2024-10-15

ZDI-24-1391: Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-47963.

cve-2024-47963

cves

information technology

zerodayinitiative.com

ZDI-24-1392: Delta Electronics CNCSoft-G2 DPAX File Parsing Memory Corruption Remote Code Execution Vulnerability

2024-10-15

ZDI-24-1392: Delta Electronics CNCSoft-G2 DPAX File Parsing Memory Corruption Remote Code Execution Vulnerability | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-47963.

cve-2024-47963

cves

information technology

file

ZDI-24-1393: Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

2024-10-15

ZDI-24-1393: Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-47963.

cve-2024-47963

cves

information technology

file

ZDI-24-1394: Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

2024-10-15

ZDI-24-1394: Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-47963.

cve-2024-47963

cves

information technology

file

Social Media

CVE

@CVEnew

2024-10-10

CVE-2024-47963 Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can manipulat… https://t.co/zG5MOja7BD

Affected Software

Configuration 1

Type	Vendor	Product
App	Deltaww	cncsoft-g2

References

Reference	Link
[email protected]	https://www.cisa.gov/news-events/ics-advisories/icsa-24-284-21

CWE Details

CWE ID	CWE Name	Description
CWE-787	Out-of-bounds Write	The software writes data past the end, or before the beginning, of the intended buffer.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence