CVE-2024-1595

Published: Feb 29, 2024Modified: Mar 6, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Delta Electronics CNCSoft-B DOPSoft prior to v4.0.0.82 insecurely loads libraries, which may allow an attacker to use DLL hijacking and take over the system where the software is installed.

Affected (2)

Products: Deltaww: Cncsoft B, Dopsoft

Deltaww

2 products

Cncsoft B

Dopsoft

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Deltaww Cncsoft B	Up to 1.0.0.4
Deltaww Dopsoft	Before 4.0.0.94

Related CWEs

CWE-427

Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (2)

https://www.cisa.gov/news-events/ics-advisories/icsa-24-053-01

Source: ics-cert@hq.dhs.gov

US Government Resource

https://www.cisa.gov/news-events/ics-advisories/icsa-24-053-01

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

Timeline

No history available yet.