1. EXECUTIVE SUMMARY
- CVSS v4 8.4
- ATTENTION: Low attack complexity
- Vendor: Delta Electronics
- Equipment: DRASimuCAD
- Vulnerabilities: Out-of-bounds Write, Type Confusion
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could crash the device or potentially allow remote code execution.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of DRASimuCAD, a robotic simulation platform, are affected:
- DRASimuCAD : Version 1.02
3.2 Vulnerability Overview
3.2.1 Access of Resource Using Incompatible Type (‘Type Confusion’) CWE-843
Delta Electronics DRASimuCAD expects a specific data type when it opens files, but the program will accept data of the wrong type from specially crafted files.
CVE-2024-12834 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
A CVSS v4 score has also been calculated for CVE-2024-12834. A base score of 8.4 has been calculated; the CVSS vector string is (CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).
3.2.2 Out-of-bounds Write CWE-787
When a specially crafted file is opened with Delta Electronics DRASimuCAD, the program can be forced to write data outside of the intende
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: