Rewterz Threat Advisory – ICS: Delta Industrial Automation TPEditor

Severity

Medium

Analysis Summary

CVE-2020-16219

An out-of-bounds read may be exploited by processing specially crafted project files. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.

CVE-2020-16221

A stack-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. 

CVE-2020-16223

A heap-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. 

CVE-2020-16225

A write-what-where condition may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.

CVE-2020-16227

An improper input validation may be exploited by processing a specially crafted project file not validated when the data is entered by a user. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.

Impact

• Execute arbitrary code
• Exposure of sensitive data 
• Application crash

Affected Vendors

Delta Electronics

Affected Products

TPEditor Versions 1.97 and prior

Remediation

Delta Electronics recommends affected users update to the latest version.

Version 1.98