Rewterz Threat Advisory – CVE-2020-36176 – IThemes Security plugin for WordPress security bypass
January 8, 2021Rewterz Threat Advisory – ICS: Omron CX-One Code Execution Vulnerabilities
January 8, 2021Rewterz Threat Advisory – CVE-2020-36176 – IThemes Security plugin for WordPress security bypass
January 8, 2021Rewterz Threat Advisory – ICS: Omron CX-One Code Execution Vulnerabilities
January 8, 2021Severity
Medium
Analysis Summary
CVE-2020-27287
The affected product is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code.
CVE-2020-27291
The affected product is vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code.
CVE-2020-27289
The affected product has a null pointer dereference issue while processing project files, which may allow an attacker to execute arbitrary code.
CVE-2020-27293
The affected product has a type confusion issue while processing project files, which may allow an attacker to execute arbitrary code.
Impact
Execute arbitrary code
Affected Vendors
Delta Electronics
Affected Products
CNCSoft-B Versions 1.0.0.2 and prior
Remediation
Delta Electronics has released an updated version for CNCSoft-B and recommends users to install updated versions on all affected versions.