Rewterz Threat Alert – Password Expiration Phishing Campaign
January 21, 2021Rewterz Threat Advisory – CVE-2021-20586 – ICS: Mitsubishi Electric MELFA
January 22, 2021Rewterz Threat Alert – Password Expiration Phishing Campaign
January 21, 2021Rewterz Threat Advisory – CVE-2021-20586 – ICS: Mitsubishi Electric MELFA
January 22, 2021Severity
Medium
Analysis Summary
CVE-2020-27288
An untrusted pointer dereference has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.
CVE-2020-27284
The affected product is vulnerable to two out-of-bounds write instances in the way it processes project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.
Impact
- Privilege execution
- Arbitrary code execution
Affected Vendors
Delta Electronics
Affected Products
TPEditor v1.98 and prior
Remediation
Delta recommends updating to v1.98.03 or later.